IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsCBAKJEHDBG.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BFHDHJKKJDHJJJJKEGHI
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\CAFHDBGH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\CGIDGCGIEGDGDGDGHJKK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\DHIJDHIDBGHJKECBFIIDAAEHJK
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\FHCGCFHDHIIIDGCAAEGDAFBFHD
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\JEHIJJKE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KJKFBAFIDAEBFHJKJEBF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e8cb2646d2.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4e1e5c1b-95e1-43b6-aa64-52c60400322a.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\89ced0f8-7630-4b7b-8f32-7b35fd5899e0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\917221d5-c233-4632-8687-9398d1e7b075.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\e35af705-afb7-4bc4-8b13-1f2260bb276c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4652e374-14f1-4e94-b7b7-9488e6b54766.tmp
ASCII text, with very long lines (17375), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4ef87a58-9770-4e69-bc72-dc130d3be755.tmp
ASCII text, with very long lines (17584), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4f70485c-7dcc-4d97-a8f7-59760f8c1ceb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4fd22e79-26b6-4c96-9800-6695f4254302.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\626f24ae-0260-4225-808a-11ecbfe98523.tmp
ASCII text, with very long lines (17540), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8049f79c-008c-4a17-bb10-e256cfa824cd.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.ldb
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old~RF6618b.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4163abde-9904-4e58-b214-c613a4eb5ed6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5fd6a025-a655-4e9b-9a97-57b74ffa11a5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6322027c-749c-41a5-82e3-b194ec7b8ece.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ea67364-8430-4fd4-89e9-4f7b5d777328.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4b051.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF604d5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a365.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3afd9.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a9b3a01e-aae0-48ad-a91a-f5c93e83716c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c54093e1-2a38-44b9-a7e6-e099900a5603.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cfa7f996-8bed-45a7-8bfc-bae236c17911.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3dd70.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4058a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44504.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF49e9e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF58e7c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3df93.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF42bcf.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1e995c42-9f92-4fb5-8fcd-2634e4899b56.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6bca85b4-6bb2-4aab-9d03-d57a457adda6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3afd9.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\aa640e7c-742d-4802-82ee-c4879b71b9fb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c67b15d0-2f20-4909-811a-e2bc31ac05d2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ba6db4b5-48c2-4ab2-8a38-642b5d0581db.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cba68ba9-ce05-42cf-8107-eb2a4ede0ad7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e736ce39-2912-450f-8412-d7512a9c4ec5.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e73f6d1a-e8c5-427c-81ec-803a519c2c1c.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e78163f9-d849-463b-9acb-af1369eba5b8.tmp
ASCII text, with very long lines (17540), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\uu_host_config
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38be5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38bf5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38dab.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b46c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF40309.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF49e4f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4fc6d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b0040358-89b7-404c-aa01-9dfdfea32de0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b7ac23fe-ed44-4e00-b9ed-ca3aa80c4c36.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c455d47b-752c-4084-a099-e5a3d916d8f8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ec716587-1ec0-404f-a719-6da0a23cf5a4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f6fdc8b3-5c0a-4f76-83db-8fcf8bc0d2a1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\29a5c459-14ff-4813-80dd-f45e98ce627e.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\806f45a6-4fd9-43dc-b869-2a0a7f02dae4.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\87aa32be-d95a-4ce9-aaba-74dc0b295333.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cfe2aff5-ae27-4232-a2c7-994fc2269fa9.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_1233361971\29a5c459-14ff-4813-80dd-f45e98ce627e.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_1233361971\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_1233361971\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_1233361971\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_1233361971\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3700)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3705)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8136_224931456\cfe2aff5-ae27-4232-a2c7-994fc2269fa9.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 463
ASCII text, with very long lines (765)
downloaded
Chrome Cache Entry: 464
ASCII text
downloaded
Chrome Cache Entry: 465
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 466
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 467
ASCII text, with very long lines (1302)
downloaded
Chrome Cache Entry: 468
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 469
SVG Scalable Vector Graphics image
downloaded
There are 231 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2020,i,2579233296112613996,7576974820775269714,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=2368,i,8315494591185384419,3277572729580263378,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2548 --field-trial-handle=2536,i,717750146961907579,3352193052425683844,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6132 --field-trial-handle=2536,i,717750146961907579,3352193052425683844,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6132 --field-trial-handle=2536,i,717750146961907579,3352193052425683844,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7124 --field-trial-handle=2536,i,717750146961907579,3352193052425683844,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7284 --field-trial-handle=2536,i,717750146961907579,3352193052425683844,262144 /prefetch:8
malicious
C:\Users\user\DocumentsCBAKJEHDBG.exe
"C:\Users\user\DocumentsCBAKJEHDBG.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1005746001\80b5f835af.exe
"C:\Users\user\AppData\Local\Temp\1005746001\80b5f835af.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6472 --field-trial-handle=2536,i,717750146961907579,3352193052425683844,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\1005746001\80b5f835af.exe
"C:\Users\user\AppData\Local\Temp\1005746001\80b5f835af.exe"
malicious
C:\Users\user\AppData\Local\Temp\1005748001\e8cb2646d2.exe
"C:\Users\user\AppData\Local\Temp\1005748001\e8cb2646d2.exe"
malicious
C:\Users\user\AppData\Local\Temp\1005746001\80b5f835af.exe
"C:\Users\user\AppData\Local\Temp\1005746001\80b5f835af.exe"
malicious
C:\Users\user\AppData\Local\Temp\1005748001\e8cb2646d2.exe
"C:\Users\user\AppData\Local\Temp\1005748001\e8cb2646d2.exe"
malicious
C:\Users\user\AppData\Local\Temp\1005748001\e8cb2646d2.exe
"C:\Users\user\AppData\Local\Temp\1005748001\e8cb2646d2.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5752 --field-trial-handle=2536,i,717750146961907579,3352193052425683844,262144 /prefetch:8
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsCBAKJEHDBG.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 16 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://edgeassetservice.azure
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://185.215.113.206S_
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllH
unknown
https://www.last.fm/
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://185.215.113.206/ws
unknown
https://sb.scorecardresearch.com/
unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
http://185.215.113.206/c4becf79229cb002.phpeT
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://mail.google.com
unknown
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.186.132
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://185.215.113.206/c4becf79229cb002.php/
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllz
unknown
https://plus.google.com
unknown
http://185.215.113.206/c4becf79229cb002.php;
unknown
https://play.google.com/log?format=json&hasfast=true
142.250.185.206
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
172.217.18.14
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
http://185.215.113.206/c4becf79229cb002.phpM
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://sb.scorecardresearch.com/b2?rn=1731414942256&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18953A12EB3F612E20052F27EA3760E0&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.244.18.122
http://185.215.113.16/mine/random.exex
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx
142.250.186.33
http://185.215.113.206/68b591d6548ec281/freebl3.dllV
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllL
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
https://clients6.google.com
unknown
http://185.215.113.206/c4becf79229cb002.phpV
unknown
http://185.215.113.206y
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNs
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://185.215.113.206/c4becf79229cb002.php_
unknown
https://assets2.msn.com/bundles/v1/edgeChromium/latest/common.0baf1f64c7e61454b12f.js
23.221.22.200
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
http://185.215.113.206/c4becf79229cb002.php/u
unknown
http://185.215.113.206/c4becf79229cb002.phpg
unknown
http://185.215.113.206/4
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
http://185.215.113.206/c4becf79229cb002.phpi
unknown
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://web.skype.com/?
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
172.217.18.14
play.google.com
142.250.185.206
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.244.18.122
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.186.132
googlehosted.l.googleusercontent.com
142.250.186.33
assets.msn.com
unknown
r.msftstatic.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
206.23.85.13.in-addr.arpa
unknown
apis.google.com
unknown
api.msn.com
unknown
browser.events.data.msn.com
unknown
There are 8 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
23.221.22.200
unknown
United States
162.159.61.3
unknown
United States
142.250.186.33
googlehosted.l.googleusercontent.com
United States
185.215.113.16
unknown
Portugal
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
142.250.185.206
play.google.com
United States
172.217.18.14
plus.l.google.com
United States
152.195.19.97
unknown
United States
192.168.2.23
unknown
unknown
142.250.186.132
www.google.com
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
13.107.246.57
unknown
United States
18.244.18.122
sb.scorecardresearch.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
There are 9 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
80b5f835af.exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
e8cb2646d2.exe
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197670
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197670
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197670
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197670
WindowTabManagerFileMappingId
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection
There are 109 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
C31000
unkown
page execute and read and write
 malicious
11CB000
heap
page read and write
 malicious
5F1000
unkown
page execute and read and write
 malicious
13EE000
heap
page read and write
 malicious
4FA0000
direct allocation
page read and write
 malicious
4AB0000
direct allocation
page read and write
 malicious
E41000
unkown
page execute and read and write
 malicious
5F1000
unkown
page execute and read and write
 malicious
E1B000
heap
page read and write
 malicious
4F80000
direct allocation
page read and write
 malicious
4F60000
direct allocation
page read and write
 malicious
12AE000
heap
page read and write
 malicious
C31000
unkown
page execute and read and write
 malicious
5B1000
unkown
page execute and read and write
 malicious
5F1000
unkown
page execute and read and write
 malicious
1035000
unkown
page execute and write copy
13E0000
heap
page read and write
1054000
unkown
page execute and write copy
100E000
stack
page read and write
2FAE000
stack
page read and write
5B4000
heap
page read and write
1D5AE000
heap
page read and write
F57000
unkown
page execute and read and write
1485000
heap
page read and write
4B01000
heap
page read and write
909000
heap
page read and write
5281000
heap
page read and write
8D4000
heap
page read and write
36EF000
stack
page read and write
31BF000
stack
page read and write
2BEF000
stack
page read and write
1D570000
heap
page read and write
2F10000
heap
page read and write
4AD1000
heap
page read and write
4B01000
heap
page read and write
1D587000
heap
page read and write
2D2F000
stack
page read and write
473E000
stack
page read and write
4850000
direct allocation
page execute and read and write
DB4000
heap
page read and write
4B21000
heap
page read and write
47DE000
stack
page read and write
12A0000
direct allocation
page read and write
411F000
stack
page read and write
DC5000
unkown
page execute and read and write
6CB4D000
unkown
page readonly
2D6E000
stack
page read and write
387E000
stack
page read and write
362E000
stack
page read and write
E97000
unkown
page execute and read and write
744000
heap
page read and write
8D0000
heap
page read and write
23880000
trusted library allocation
page read and write
AC6000
unkown
page execute and read and write
665000
unkown
page execute and read and write
5B4000
heap
page read and write
347F000
stack
page read and write
6CB71000
unkown
page execute read
DB4000
heap
page read and write
FD9000
unkown
page execute and write copy
A9D000
unkown
page execute and write copy
5281000
heap
page read and write
34AF000
stack
page read and write
DB4000
heap
page read and write
402E000
stack
page read and write
5270000
direct allocation
page read and write
483F000
stack
page read and write
744000
heap
page read and write
35EF000
stack
page read and write
744000
heap
page read and write
8E1000
heap
page read and write
744000
heap
page read and write
83C000
unkown
page execute and read and write
4F80000
direct allocation
page read and write
DB4000
heap
page read and write
10F5000
stack
page read and write
1096000
unkown
page execute and write copy
5280000
direct allocation
page read and write
934000
heap
page read and write
5281000
heap
page read and write
1D696000
heap
page read and write
DB4000
heap
page read and write
423E000
stack
page read and write
8C2000
heap
page read and write
4AD1000
heap
page read and write
5B4000
heap
page read and write
283E000
stack
page read and write
F46000
unkown
page execute and read and write
C99000
unkown
page write copy
1190000
direct allocation
page read and write
4F90000
heap
page read and write
12F2000
heap
page read and write
4DE0000
direct allocation
page read and write
1D596000
heap
page read and write
6CAD0000
unkown
page readonly
4D9C000
stack
page read and write
78C0000
trusted library allocation
page read and write
7351000
heap
page read and write
4AFE000
stack
page read and write
686000
unkown
page execute and read and write
2AEE000
stack
page read and write
744000
heap
page read and write
686000
unkown
page execute and read and write
4B21000
heap
page read and write
479F000
stack
page read and write
5210000
heap
page read and write
1042000
unkown
page execute and read and write
53C4000
trusted library allocation
page read and write
4B21000
heap
page read and write
44BE000
stack
page read and write
113B000
unkown
page execute and write copy
5B4000
heap
page read and write
DB0000
unkown
page readonly
DDE000
stack
page read and write
4AD1000
heap
page read and write
12C4000
heap
page read and write
4810000
direct allocation
page execute and read and write
E4C000
unkown
page execute and write copy
DB4000
heap
page read and write
425F000
stack
page read and write
5B4000
heap
page read and write
51AE000
stack
page read and write
497F000
stack
page read and write
4491000
heap
page read and write
677E000
stack
page read and write
5270000
direct allocation
page read and write
E4D000
unkown
page execute and read and write
F89000
unkown
page execute and write copy
744000
heap
page read and write
DBA000
unkown
page execute and read and write
5C16000
heap
page read and write
103D000
unkown
page execute and write copy
8D4000
heap
page read and write
8D4000
heap
page read and write
2FAF000
stack
page read and write
1D30E000
stack
page read and write
4631000
heap
page read and write
1D5AE000
heap
page read and write
4C30000
trusted library allocation
page execute and read and write
5B4000
heap
page read and write
386F000
stack
page read and write
F43000
unkown
page execute and write copy
5EDE000
stack
page read and write
4491000
heap
page read and write
1D5A1000
heap
page read and write
4810000
direct allocation
page execute and read and write
DB4000
heap
page read and write
4F91000
heap
page read and write
C92000
unkown
page execute and read and write
4491000
heap
page read and write
32FF000
stack
page read and write
4B01000
heap
page read and write
2FEE000
stack
page read and write
DB4000
heap
page read and write
494000
heap
page read and write
744000
heap
page read and write
479E000
stack
page read and write
4491000
heap
page read and write
8E0000
heap
page read and write
EC000
stack
page read and write
3D9E000
stack
page read and write
1054000
unkown
page execute and read and write
744000
heap
page read and write
A9D000
unkown
page execute and read and write
DB2000
unkown
page execute and write copy
735D000
heap
page read and write
E8C000
unkown
page execute and write copy
DB6000
unkown
page write copy
3AEF000
stack
page read and write
46FF000
stack
page read and write
6C0000
heap
page read and write
1D5A1000
heap
page read and write
4AD1000
heap
page read and write
1D45E000
stack
page read and write
DC8000
stack
page read and write
4F80000
direct allocation
page read and write
5B4000
heap
page read and write
3FDF000
stack
page read and write
4B01000
heap
page read and write
4830000
direct allocation
page read and write
CA5000
unkown
page execute and write copy
4491000
heap
page read and write
405E000
stack
page read and write
FB8000
unkown
page execute and write copy
1CDFE000
stack
page read and write
5F1000
unkown
page execute and write copy
2BEE000
stack
page read and write
412F000
stack
page read and write
3ABE000
stack
page read and write
DB2000
unkown
page execute and write copy
1D40E000
stack
page read and write
CA6000
unkown
page execute and read and write
43DE000
stack
page read and write
5B4000
heap
page read and write
36FF000
stack
page read and write
43B1000
heap
page read and write
1190000
direct allocation
page read and write
50BF000
stack
page read and write
4DE0000
direct allocation
page read and write
2C2E000
stack
page read and write
4BFF000
stack
page read and write
780000
heap
page read and write
5B4000
heap
page read and write
1D5B7000
heap
page read and write
5C0000
direct allocation
page read and write
326E000
stack
page read and write
5100000
direct allocation
page execute and read and write
5100000
direct allocation
page execute and read and write
5F1000
unkown
page execute and write copy
51EE000
stack
page read and write
744000
heap
page read and write
383E000
stack
page read and write
744000
heap
page read and write
DB0000
unkown
page read and write
3FAF000
stack
page read and write
4231000
heap
page read and write
494000
heap
page read and write
DB4000
heap
page read and write
3B1F000
stack
page read and write
105F000
unkown
page execute and read and write
4F80000
direct allocation
page read and write
4AD1000
heap
page read and write
31BF000
stack
page read and write
33AE000
stack
page read and write
C78000
unkown
page execute and write copy
12A0000
direct allocation
page read and write
4DF1000
heap
page read and write
4AD1000
heap
page read and write
61D1000
heap
page read and write
4B20000
heap
page read and write
828000
unkown
page execute and read and write
296E000
stack
page read and write
50C4000
trusted library allocation
page read and write
489F000
stack
page read and write
1154000
unkown
page execute and write copy
934000
heap
page read and write
6CD4E000
unkown
page read and write
DB4000
heap
page read and write
E30000
direct allocation
page read and write
1144000
unkown
page execute and write copy
8A0000
direct allocation
page read and write
DB4000
heap
page read and write
934000
heap
page read and write
1D41D000
stack
page read and write
8D4000
heap
page read and write
F57000
unkown
page execute and read and write
C99000
unkown
page write copy
4631000
heap
page read and write
DB4000
heap
page read and write
28E0000
heap
page read and write
5100000
direct allocation
page execute and read and write
A86000
unkown
page execute and read and write
DBA000
unkown
page execute and write copy
F43000
unkown
page execute and read and write
8D4000
heap
page read and write
4491000
heap
page read and write
DB4000
heap
page read and write
F2E000
unkown
page execute and read and write
158F000
stack
page read and write
427E000
stack
page read and write
133B000
heap
page read and write
45FE000
stack
page read and write
8D4000
heap
page read and write
4A1E000
stack
page read and write
744000
heap
page read and write
1D61C000
heap
page read and write
30AF000
stack
page read and write
46EE000
stack
page read and write
8A0000
direct allocation
page read and write
4491000
heap
page read and write
DB4000
heap
page read and write
EA7000
unkown
page execute and write copy
4631000
heap
page read and write
F00000
unkown
page execute and read and write
5110000
direct allocation
page execute and read and write
E4D000
unkown
page execute and read and write
23600000
trusted library allocation
page read and write
2F7F000
stack
page read and write
109E000
stack
page read and write
C20000
direct allocation
page execute and read and write
5281000
heap
page read and write
C9B000
unkown
page execute and write copy
28EF000
stack
page read and write
473F000
stack
page read and write
6CD0F000
unkown
page readonly
DB6000
unkown
page write copy
109C000
unkown
page execute and write copy
F34000
unkown
page execute and write copy
32FF000
stack
page read and write
4230000
heap
page read and write
B60000
direct allocation
page read and write
465F000
stack
page read and write
3AFE000
stack
page read and write
372F000
stack
page read and write
50F0000
direct allocation
page execute and read and write
451E000
stack
page read and write
DB4000
heap
page read and write
F1D000
unkown
page execute and write copy
1CB6E000
stack
page read and write
F7D000
unkown
page execute and read and write
4F10000
trusted library allocation
page read and write
1D5A1000
heap
page read and write
2AEF000
stack
page read and write
36FE000
stack
page read and write
8E0000
heap
page read and write
5F0000
unkown
page read and write
3C3E000
stack
page read and write
4491000
heap
page read and write
4A50000
direct allocation
page execute and read and write
1D5AE000
heap
page read and write
EB7000
unkown
page execute and read and write
12C4000
heap
page read and write
4B21000
heap
page read and write
3BBF000
stack
page read and write
4DE0000
direct allocation
page read and write
48BE000
stack
page read and write
29AF000
stack
page read and write
28BE000
stack
page read and write
F89000
unkown
page execute and write copy
5F0000
unkown
page readonly
8AB000
heap
page read and write
3AEE000
stack
page read and write
FAD000
unkown
page execute and write copy
40FD000
stack
page read and write
F3E000
unkown
page execute and write copy
DB4000
heap
page read and write
12A0000
heap
page read and write
336F000
stack
page read and write
744000
heap
page read and write
4B01000
heap
page read and write
648E000
stack
page read and write
494000
heap
page read and write
744000
heap
page read and write
12C4000
heap
page read and write
3FBE000
stack
page read and write
8D4000
heap
page read and write
D8E000
stack
page read and write
6CB70000
unkown
page readonly
2D2F000
stack
page read and write
F2E000
unkown
page execute and read and write
744000
heap
page read and write
12B0000
heap
page read and write
4AD1000
heap
page read and write
DB4000
heap
page read and write
273B000
stack
page read and write
5B4000
heap
page read and write
12A0000
direct allocation
page read and write
72E4000
heap
page read and write
61E0000
heap
page read and write
113C000
unkown
page execute and read and write
F1E000
unkown
page execute and read and write
3DAE000
stack
page read and write
4491000
heap
page read and write
3C2F000
stack
page read and write
4AD1000
heap
page read and write
5B4000
heap
page read and write
36BF000
stack
page read and write
4830000
direct allocation
page read and write
CA5000
unkown
page execute and write copy
744000
heap
page read and write
A9E000
unkown
page execute and write copy
312E000
stack
page read and write
419E000
stack
page read and write
86E000
heap
page read and write
DC4000
unkown
page execute and write copy
62D0000
heap
page read and write
3D6F000
stack
page read and write
F3A000
unkown
page execute and read and write
C37000
unkown
page execute and read and write
10EC000
stack
page read and write
39AE000
stack
page read and write
1D44E000
stack
page read and write
10D0000
heap
page read and write
543B000
trusted library allocation
page execute and read and write
934000
heap
page read and write
1D5AF000
heap
page read and write
3F1E000
stack
page read and write
4AFF000
stack
page read and write
3DDE000
stack
page read and write
389F000
stack
page read and write
5281000
heap
page read and write
744000
heap
page read and write
397F000
stack
page read and write
494000
heap
page read and write
744000
heap
page read and write
1D596000
heap
page read and write
FD1000
unkown
page execute and read and write
10A7000
unkown
page execute and read and write
5B4000
heap
page read and write
10BB000
heap
page read and write
F90000
unkown
page execute and read and write
10A1000
unkown
page execute and read and write
E24000
unkown
page execute and read and write
4AD1000
heap
page read and write
5B4000
heap
page read and write
4631000
heap
page read and write
E0F000
unkown
page execute and read and write
26FF000
stack
page read and write
1383000
heap
page read and write
1D5AE000
heap
page read and write
C9B000
unkown
page execute and write copy
744000
heap
page read and write
61E0000
heap
page read and write
1D5AE000
heap
page read and write
68C4000
trusted library allocation
page read and write
C31000
unkown
page execute and write copy
744000
heap
page read and write
E33000
unkown
page execute and write copy
4AD1000
heap
page read and write
C30000
unkown
page read and write
5AB000
heap
page read and write
3FBF000
stack
page read and write
4C50000
direct allocation
page execute and read and write
F2B000
unkown
page execute and write copy
4F80000
direct allocation
page read and write
2E6F000
stack
page read and write
DB4000
heap
page read and write
4F91000
heap
page read and write
40BF000
stack
page read and write
3AAF000
stack
page read and write
30BE000
stack
page read and write
4491000
heap
page read and write
4F91000
heap
page read and write
509F000
stack
page read and write
27F0000
direct allocation
page read and write
DB4000
heap
page read and write
1D5AE000
stack
page read and write
5B4000
heap
page read and write
DB4000
heap
page read and write
FCA000
unkown
page execute and read and write
5280000
heap
page read and write
383F000
stack
page read and write
4AC0000
direct allocation
page read and write
486E000
stack
page read and write
A9D000
unkown
page execute and read and write
5281000
heap
page read and write
1D5AE000
heap
page read and write
5270000
direct allocation
page read and write
1D11E000
stack
page read and write
72E6000
heap
page read and write
3EBE000
stack
page read and write
4B01000
heap
page read and write
10D5000
heap
page read and write
5B4000
heap
page read and write
1D57B000
heap
page read and write
DC4000
unkown
page execute and write copy
627000
unkown
page execute and read and write
4491000
heap
page read and write
4631000
heap
page read and write
4830000
direct allocation
page read and write
48DE000
stack
page read and write
323E000
stack
page read and write
4B01000
heap
page read and write
ADD000
unkown
page execute and read and write
4AD1000
heap
page read and write
4B01000
heap
page read and write
5281000
heap
page read and write
5440000
heap
page execute and read and write
34EE000
stack
page read and write
67E000
unkown
page execute and read and write
4631000
heap
page read and write
5B4000
heap
page read and write
12C4000
heap
page read and write
2F1F000
stack
page read and write
4860000
direct allocation
page execute and read and write
5C0000
direct allocation
page read and write
4B21000
heap
page read and write
FDC000
unkown
page execute and read and write
4B01000
heap
page read and write
DFE000
stack
page read and write
4231000
heap
page read and write
5230000
direct allocation
page read and write
DB4000
heap
page read and write
3DAE000
stack
page read and write
379E000
stack
page read and write
347E000
stack
page read and write
5B4000
heap
page read and write
DB4000
heap
page read and write
F3A000
unkown
page execute and read and write
5B4000
heap
page read and write
4491000
heap
page read and write
50D0000
trusted library allocation
page read and write
2F3F000
stack
page read and write
4B01000
heap
page read and write
DFC000
unkown
page execute and read and write
105C000
unkown
page execute and write copy
12C4000
heap
page read and write
1D593000
heap
page read and write
49A3000
trusted library allocation
page execute and read and write
744000
heap
page read and write
494000
heap
page read and write
3FBF000
stack
page read and write
744000
heap
page read and write
4C3F000
stack
page read and write
1D31E000
stack
page read and write
2A46B000
stack
page read and write
4B21000
heap
page read and write
D0C000
stack
page read and write
865000
heap
page read and write
DB4000
heap
page read and write
4F40000
trusted library allocation
page read and write
120A000
heap
page read and write
B60000
direct allocation
page read and write
4C30000
direct allocation
page execute and read and write
3C2F000
stack
page read and write
1D5A1000
heap
page read and write
8E8000
heap
page read and write
326E000
stack
page read and write
81E000
stack
page read and write
4631000
heap
page read and write
8F6000
heap
page read and write
FB1000
unkown
page execute and write copy
3D5F000
stack
page read and write
1153000
unkown
page execute and read and write
4ABF000
stack
page read and write
487F000
stack
page read and write
744000
heap
page read and write
1D5A1000
heap
page read and write
3C3E000
stack
page read and write
50E0000
direct allocation
page execute and read and write
4491000
heap
page read and write
1D5A1000
heap
page read and write
1CDCF000
stack
page read and write
1D587000
heap
page read and write
10BE000
heap
page read and write
469E000
stack
page read and write
42DE000
stack
page read and write
12ED000
heap
page read and write
3ABF000
stack
page read and write
DC5000
unkown
page execute and read and write
5B4000
heap
page read and write
44BF000
stack
page read and write
E19000
unkown
page execute and write copy
4FD000
stack
page read and write
C78000
unkown
page execute and write copy
5B4000
heap
page read and write
4A30000
direct allocation
page execute and read and write
39EE000
stack
page read and write
113B000
unkown
page execute and write copy
49A0000
direct allocation
page execute and read and write
3D7E000
stack
page read and write
8EF000
heap
page read and write
61EB4000
direct allocation
page read and write
4F80000
direct allocation
page read and write
61DE000
heap
page read and write
50C3000
trusted library allocation
page execute and read and write
30BF000
stack
page read and write
1D1BE000
stack
page read and write
4B01000
heap
page read and write
39EE000
stack
page read and write
F20000
unkown
page execute and write copy
4491000
heap
page read and write
4B21000
heap
page read and write
43B0000
heap
page read and write
4B21000
heap
page read and write
8D4000
heap
page read and write
C9B000
unkown
page execute and write copy
2FAF000
stack
page read and write
5B4000
heap
page read and write
5281000
heap
page read and write
5B1000
unkown
page execute and write copy
12C4000
heap
page read and write
744000
heap
page read and write
48D0000
trusted library allocation
page read and write
A5D000
unkown
page execute and read and write
23661000
heap
page read and write
3D3E000
stack
page read and write
13CF000
stack
page read and write
3EEE000
stack
page read and write
DB4000
heap
page read and write
744000
heap
page read and write
E33000
unkown
page execute and write copy
2FBE000
stack
page read and write
33AE000
stack
page read and write
12A0000
direct allocation
page read and write
3C6E000
stack
page read and write
11F0000
heap
page read and write
744000
heap
page read and write
F32000
unkown
page execute and read and write
E30000
direct allocation
page read and write
5B4000
heap
page read and write
61D0000
heap
page read and write
744000
heap
page read and write
DB4000
heap
page read and write
531E000
stack
page read and write
1D587000
heap
page read and write
4B01000
heap
page read and write
5270000
direct allocation
page read and write
2DF7000
heap
page read and write
2AAF000
stack
page read and write
1420000
heap
page read and write
AC6000
unkown
page execute and read and write
5100000
direct allocation
page execute and read and write
4B84000
heap
page read and write
F43000
unkown
page execute and write copy
3B5E000
stack
page read and write
DB0000
unkown
page readonly
744000
heap
page read and write
34DE000
stack
page read and write
49E0000
direct allocation
page execute and read and write
1D5AF000
heap
page read and write
5C0000
direct allocation
page read and write
8D4000
heap
page read and write
10C4000
unkown
page execute and write copy
5C0000
direct allocation
page read and write
744000
heap
page read and write
4840000
heap
page read and write
4DBE000
stack
page read and write
1257000
heap
page read and write
744000
heap
page read and write
122E000
stack
page read and write
1D5A1000
heap
page read and write
1D597000
heap
page read and write
3FFE000
stack
page read and write
2EAE000
stack
page read and write
CCC000
stack
page read and write
744000
heap
page read and write
E10000
heap
page read and write
1D597000
heap
page read and write
412E000
stack
page read and write
DB4000
heap
page read and write
5B4000
heap
page read and write
12C4000
heap
page read and write
4AD1000
heap
page read and write
1CF3C000
stack
page read and write
8E8000
heap
page read and write
A1E000
stack
page read and write
5B4000
heap
page read and write
C9B000
unkown
page execute and write copy
DB4000
heap
page read and write
7EE000
stack
page read and write
F1B000
unkown
page execute and write copy
1D59D000
heap
page read and write
4B01000
heap
page read and write
496F000
stack
page read and write
3BFF000
stack
page read and write
DB4000
heap
page read and write
282E000
stack
page read and write
FB0000
unkown
page execute and read and write
DB4000
heap
page read and write
437F000
stack
page read and write
5270000
direct allocation
page read and write
745000
heap
page read and write
8A0000
direct allocation
page read and write
452E000
stack
page read and write
744000
heap
page read and write
DB4000
heap
page read and write
23927000
heap
page read and write
1D5A1000
heap
page read and write
4B40000
heap
page read and write
1D55E000
stack
page read and write
386F000
stack
page read and write
5A7000
heap
page read and write
43DF000
stack
page read and write
4491000
heap
page read and write
850000
heap
page read and write
422F000
stack
page read and write
4DE0000
direct allocation
page read and write
43EE000
stack
page read and write
4AD1000
heap
page read and write
744000
heap
page read and write
4B21000
heap
page read and write
4AFF000
stack
page read and write
DC6000
unkown
page execute and write copy
4B01000
heap
page read and write
4B01000
heap
page read and write
1043000
unkown
page execute and write copy
72DC000
stack
page read and write
1D5A1000
heap
page read and write
8D4000
heap
page read and write
8EF000
heap
page read and write
1D5B3000
heap
page read and write
B50000
heap
page read and write
FC7000
unkown
page execute and write copy
423E000
stack
page read and write
5B4000
heap
page read and write
4F91000
heap
page read and write
8EF000
stack
page read and write
69F000
unkown
page execute and read and write
FDC000
unkown
page execute and read and write
383E000
stack
page read and write
744000
heap
page read and write
B4E000
stack
page read and write
740000
heap
page read and write
744000
heap
page read and write
349F000
stack
page read and write
E25000
unkown
page execute and write copy
8D4000
heap
page read and write
4F80000
direct allocation
page read and write
53A0000
trusted library allocation
page read and write
F46000
unkown
page execute and read and write
1CF3E000
stack
page read and write
AC6000
unkown
page execute and read and write
F89000
unkown
page execute and write copy
4A80000
direct allocation
page execute and read and write
1CFDF000
stack
page read and write
763D000
stack
page read and write
4491000
heap
page read and write
109B000
unkown
page execute and read and write
5B4000
heap
page read and write
4491000
heap
page read and write
4B2B000
trusted library allocation
page execute and read and write
F20000
unkown
page execute and write copy
ACD000
unkown
page execute and read and write
5400000
direct allocation
page execute and read and write
1495000
heap
page read and write
4631000
heap
page read and write
149F000
stack
page read and write
F6D000
unkown
page execute and write copy
F2B000
unkown
page execute and write copy
8EF000
heap
page read and write
EA9000
unkown
page write copy
5283000
heap
page read and write
43AF000
stack
page read and write
744000
heap
page read and write
4491000
heap
page read and write
3C2F000
stack
page read and write
4F96000
direct allocation
page read and write
E4F000
unkown
page execute and read and write
4AC0000
direct allocation
page read and write
F2B000
unkown
page execute and write copy
1D07E000
stack
page read and write
744000
heap
page read and write
1190000
direct allocation
page read and write
44BF000
stack
page read and write
5B4000
heap
page read and write
1144000
unkown
page execute and write copy
D90000
heap
page read and write
12C4000
heap
page read and write
F32000
unkown
page execute and read and write
F34000
unkown
page execute and write copy
4D5E000
stack
page read and write
601E000
stack
page read and write
E88000
heap
page read and write
2FEE000
stack
page read and write
4AC0000
direct allocation
page read and write
5400000
direct allocation
page execute and read and write
5AE000
stack
page read and write
53D0000
direct allocation
page execute and read and write
35EF000
stack
page read and write
F2B000
unkown
page execute and write copy
4AD1000
heap
page read and write
744000
heap
page read and write
236C3000
heap
page read and write
433F000
stack
page read and write
2EDE000
stack
page read and write
4AD1000
heap
page read and write
5480000
direct allocation
page execute and read and write
64A4000
trusted library allocation
page read and write
4FA0000
heap
page read and write
744000
heap
page read and write
934000
heap
page read and write
4C7E000
stack
page read and write
4F91000
heap
page read and write
1432000
heap
page read and write
745000
heap
page read and write
744000
heap
page read and write
744000
heap
page read and write
4B1F000
stack
page read and write
59DD000
heap
page read and write
DB4000
heap
page read and write
4AD1000
heap
page read and write
8A9000
heap
page read and write
E91000
unkown
page execute and read and write
4B20000
trusted library allocation
page read and write
4B21000
heap
page read and write
4BEF000
stack
page read and write
5E0000
direct allocation
page read and write
4AC0000
direct allocation
page read and write
2D2E000
stack
page read and write
E92000
unkown
page execute and write copy
38AE000
stack
page read and write
DB4000
heap
page read and write
FE5000
unkown
page execute and read and write
4631000
heap
page read and write
54A0000
direct allocation
page execute and read and write
382F000
stack
page read and write
1030000
heap
page read and write
362E000
stack
page read and write
14A0000
heap
page read and write
23641000
heap
page read and write
1D28F000
stack
page read and write
B60000
direct allocation
page read and write
4940000
trusted library allocation
page read and write
4B21000
heap
page read and write
4C10000
direct allocation
page execute and read and write
DBA000
unkown
page execute and read and write
DB4000
heap
page read and write
820000
heap
page read and write
744000
heap
page read and write
DB4000
heap
page read and write
30B0000
heap
page read and write
361E000
stack
page read and write
1D57E000
heap
page read and write
1D5AE000
heap
page read and write
5B4000
heap
page read and write
4B01000
heap
page read and write
322F000
stack
page read and write
B60000
direct allocation
page read and write
4AC0000
direct allocation
page read and write
5B4000
heap
page read and write
5281000
heap
page read and write
555E000
stack
page read and write
DB4000
heap
page read and write
68E5000
trusted library allocation
page read and write
C92000
unkown
page execute and write copy
1110000
unkown
page execute and read and write
53C0000
trusted library allocation
page read and write
44EF000
stack
page read and write
DB4000
heap
page read and write
744000
heap
page read and write
4AD1000
heap
page read and write
4B21000
heap
page read and write
1D5AE000
heap
page read and write
4830000
direct allocation
page read and write
12C4000
heap
page read and write
5270000
direct allocation
page read and write
744000
heap
page read and write
F56000
unkown
page execute and write copy
4F91000
heap
page read and write
112D000
unkown
page execute and write copy
494000
heap
page read and write
5F0000
heap
page read and write
72E0000
heap
page read and write
4AD1000
heap
page read and write
DB4000
heap
page read and write
DB0000
unkown
page read and write
144D000
heap
page read and write
934000
heap
page read and write
1190000
direct allocation
page read and write
4AD1000
heap
page read and write
5270000
direct allocation
page read and write
4AD1000
heap
page read and write
B4C000
stack
page read and write
8EB000
heap
page read and write
4B3E000
stack
page read and write
4491000
heap
page read and write
1D5A1000
heap
page read and write
4AEE000
stack
page read and write
4F91000
heap
page read and write
8D4000
heap
page read and write
4631000
heap
page read and write
744000
heap
page read and write
1045000
unkown
page execute and write copy
16AF000
stack
page read and write
4B01000
heap
page read and write
DB4000
heap
page read and write
45FF000
stack
page read and write
744000
heap
page read and write
E86000
unkown
page execute and write copy
2E6F000
stack
page read and write
1190000
direct allocation
page read and write
4DA0000
trusted library allocation
page read and write
4DE0000
direct allocation
page read and write
12C4000
heap
page read and write
477E000
stack
page read and write
B60000
direct allocation
page read and write
4B20000
direct allocation
page execute and read and write
5F0000
unkown
page read and write
4491000
heap
page read and write
1D6B0000
heap
page read and write
49A0000
direct allocation
page execute and read and write
744000
heap
page read and write
4491000
heap
page read and write
5B4000
heap
page read and write
1190000
direct allocation
page read and write
1190000
direct allocation
page read and write
ADE000
unkown
page execute and write copy
58C1000
trusted library allocation
page read and write
744000
heap
page read and write
5B4000
heap
page read and write
EAB000
unkown
page execute and read and write
744000
heap
page read and write
744000
heap
page read and write
4AD1000
heap
page read and write
4AD1000
heap
page read and write
4C20000
direct allocation
page execute and read and write
447F000
stack
page read and write
38DE000
stack
page read and write
E19000
unkown
page execute and write copy
4AD1000
heap
page read and write
1222000
heap
page read and write
87E000
heap
page read and write
67C000
unkown
page execute and read and write
E8C000
unkown
page execute and write copy
744000
heap
page read and write
2DF0000
direct allocation
page read and write
DB4000
heap
page read and write
4491000
heap
page read and write
4491000
heap
page read and write
61ECD000
direct allocation
page readonly
828000
unkown
page execute and read and write
50C0000
direct allocation
page execute and read and write
27E7000
heap
page read and write
7FE000
stack
page read and write
4AC0000
direct allocation
page read and write
ED5000
unkown
page execute and read and write
82A000
heap
page read and write
B60000
direct allocation
page read and write
F1B000
unkown
page execute and write copy
EB7000
unkown
page execute and read and write
4CDE000
stack
page read and write
7008000
heap
page read and write
53E0000
direct allocation
page execute and read and write
1D58F000
heap
page read and write
50E0000
direct allocation
page execute and read and write
5B5000
heap
page read and write
4C2E000
stack
page read and write
10E4000
unkown
page execute and write copy
64A2000
trusted library allocation
page read and write
385F000
stack
page read and write
333E000
stack
page read and write
F2C000
unkown
page execute and read and write
4B01000
heap
page read and write
DB4000
heap
page read and write
3ADF000
stack
page read and write
744000
heap
page read and write
53D0000
direct allocation
page read and write
DB4000
heap
page read and write
3D7E000
stack
page read and write
4830000
direct allocation
page read and write
DFE000
unkown
page execute and write copy
F1F000
unkown
page execute and write copy
C31000
unkown
page execute and write copy
C92000
unkown
page execute and read and write
2F17000
heap
page read and write
61E00000
direct allocation
page execute and read and write
4F9B000
stack
page read and write
439F000
stack
page read and write
1235000
heap
page read and write
4840000
direct allocation
page execute and read and write
4631000
heap
page read and write
745000
heap
page read and write
1CEFF000
stack
page read and write
129B000
stack
page read and write
48DF000
stack
page read and write
49F0000
direct allocation
page execute and read and write
FCA000
unkown
page execute and read and write
4631000
heap
page read and write
373E000
stack
page read and write
53F0000
direct allocation
page execute and read and write
4F91000
heap
page read and write
27F0000
direct allocation
page read and write
4EBF000
stack
page read and write
C99000
unkown
page write copy
11E9000
stack
page read and write
4AD1000
heap
page read and write
5B4000
heap
page read and write
744000
heap
page read and write
DB4000
heap
page read and write
4B21000
heap
page read and write
4AC0000
direct allocation
page read and write
F6D000
unkown
page execute and write copy
6CD55000
unkown
page readonly
1D5A1000
heap
page read and write
3DAE000
stack
page read and write
F43000
unkown
page execute and write copy
4851000
heap
page read and write
ADD000
unkown
page execute and read and write
5B4000
heap
page read and write
49FE000
stack
page read and write
4B21000
heap
page read and write
333F000
stack
page read and write
4B8E000
stack
page read and write
35BE000
stack
page read and write
7DE000
stack
page read and write
53B4000
trusted library allocation
page read and write
71FE000
stack
page read and write
4A1F000
stack
page read and write
745000
heap
page read and write
4841000
heap
page read and write
37FF000
stack
page read and write
E85000
unkown
page execute and read and write
E92000
unkown
page execute and write copy
F7D000
unkown
page execute and read and write
4B04000
trusted library allocation
page read and write
10B7000
unkown
page execute and write copy
494000
heap
page read and write
12C4000
heap
page read and write
487E000
stack
page read and write
23919000
heap
page read and write
12C4000
heap
page read and write
12C4000
heap
page read and write
3EDF000
stack
page read and write
EC2000
unkown
page execute and read and write
5F1000
unkown
page execute and write copy
DB4000
heap
page read and write
744000
heap
page read and write
1D690000
trusted library allocation
page read and write
B60000
direct allocation
page read and write
1CDFE000
stack
page read and write
934000
heap
page read and write
DB4000
heap
page read and write
5B4000
heap
page read and write
5230000
trusted library allocation
page read and write
12C4000
heap
page read and write
4AD1000
heap
page read and write
FD9000
unkown
page execute and write copy
5281000
heap
page read and write
4B21000
heap
page read and write
EA2000
unkown
page execute and read and write
50D0000
heap
page read and write
FB7000
unkown
page execute and read and write
56B0000
trusted library allocation
page execute and read and write
12C4000
heap
page read and write
FBC000
unkown
page execute and read and write
50B0000
direct allocation
page execute and read and write
4491000
heap
page read and write
744000
heap
page read and write
1D5BC000
heap
page read and write
5B4000
heap
page read and write
DB4000
heap
page read and write
12A0000
direct allocation
page read and write
F1D000
unkown
page execute and write copy
5440000
direct allocation
page execute and read and write
4B01000
heap
page read and write
864000
heap
page read and write
1029000
unkown
page execute and write copy
4F80000
direct allocation
page read and write
4980000
trusted library allocation
page read and write
DB4000
heap
page read and write
5C0000
direct allocation
page read and write
63C000
stack
page read and write
100C000
unkown
page execute and read and write
4491000
heap
page read and write
704E000
stack
page read and write
463E000
stack
page read and write
12A0000
direct allocation
page read and write
4A80000
direct allocation
page execute and read and write
337E000
stack
page read and write
4B21000
heap
page read and write
4FBE000
stack
page read and write
49A0000
direct allocation
page execute and read and write
5B4000
heap
page read and write
FDD000
unkown
page execute and write copy
343F000
stack
page read and write
12C4000
heap
page read and write
EAB000
unkown
page execute and write copy
4AD0000
heap
page read and write
4B21000
heap
page read and write
4AD1000
heap
page read and write
E32000
unkown
page execute and read and write
870000
heap
page read and write
4B01000
heap
page read and write
11A0000
heap
page read and write
87F000
heap
page read and write
35BF000
stack
page read and write
DB4000
heap
page read and write
8D4000
heap
page read and write
47B000
stack
page read and write
8D4000
heap
page read and write
E56000
unkown
page execute and write copy
5F0000
unkown
page read and write
DB4000
heap
page read and write
ED4000
unkown
page execute and write copy
113E000
stack
page read and write
DB2000
unkown
page execute and read and write
3FEE000
stack
page read and write
1D5BC000
heap
page read and write
3EEE000
stack
page read and write
10BD000
unkown
page execute and read and write
401E000
stack
page read and write
5400000
direct allocation
page execute and read and write
61ED0000
direct allocation
page read and write
1D5BC000
heap
page read and write
B1E000
stack
page read and write
49FB000
stack
page read and write
30EF000
stack
page read and write
50EE000
stack
page read and write
4990000
direct allocation
page read and write
ADD000
unkown
page execute and write copy
473E000
stack
page read and write
CB5000
heap
page read and write
1D2BF000
stack
page read and write
4631000
heap
page read and write
487E000
stack
page read and write
4491000
heap
page read and write
429E000
stack
page read and write
44BE000
stack
page read and write
5E9F000
stack
page read and write
CA7000
unkown
page execute and write copy
5C0000
direct allocation
page read and write
5C10000
heap
page read and write
23700000
trusted library allocation
page read and write
34EE000
stack
page read and write
12C4000
heap
page read and write
4B01000
heap
page read and write
E4C000
unkown
page execute and write copy
1D40D000
stack
page read and write
12AA000
heap
page read and write
56C0000
heap
page read and write
4B1A000
trusted library allocation
page execute and read and write
5B4000
heap
page read and write
8D4000
heap
page read and write
10AE000
stack
page read and write
ADD000
unkown
page execute and write copy
105E000
unkown
page execute and write copy
1054000
unkown
page execute and write copy
2D6E000
stack
page read and write
8E0000
heap
page read and write
DB4000
heap
page read and write
312E000
stack
page read and write
5400000
direct allocation
page execute and read and write
2DAE000
stack
page read and write
4A5E000
stack
page read and write
30FE000
stack
page read and write
1493000
heap
page read and write
4633000
heap
page read and write
2E1B000
heap
page read and write
1D5B9000
heap
page read and write
4F91000
heap
page read and write
1D54C000
stack
page read and write
487F000
stack
page read and write
C92000
unkown
page execute and write copy
287E000
stack
page read and write
744000
heap
page read and write
1D58B000
heap
page read and write
5C15000
heap
page read and write
4AD1000
heap
page read and write
1D5B4000
heap
page read and write
89E000
heap
page read and write
F56000
unkown
page execute and write copy
1CEDE000
stack
page read and write
49BF000
stack
page read and write
744000
heap
page read and write
2E7F000
stack
page read and write
F1D000
unkown
page execute and write copy
23600000
heap
page read and write
156B000
heap
page read and write
12C4000
heap
page read and write
5430000
trusted library allocation
page read and write
4F91000
heap
page read and write
1D5A1000
heap
page read and write
25EF000
stack
page read and write
DB5000
heap
page read and write
5B4000
heap
page read and write
4A80000
direct allocation
page execute and read and write
413D000
stack
page read and write
10A2000
unkown
page execute and write copy
12C4000
heap
page read and write
EA6000
unkown
page execute and read and write
5B4000
heap
page read and write
F34000
unkown
page execute and write copy
12C4000
heap
page read and write
4C40000
trusted library allocation
page read and write
4AC0000
direct allocation
page read and write
35EE000
stack
page read and write
61ED4000
direct allocation
page readonly
1ED000
stack
page read and write
FDC000
unkown
page execute and read and write
744000
heap
page read and write
744000
heap
page read and write
3FBE000
stack
page read and write
E20000
heap
page read and write
3A7F000
stack
page read and write
4B21000
heap
page read and write
DB2000
unkown
page execute and read and write
45BF000
stack
page read and write
4DF0000
heap
page read and write
4B9E000
stack
page read and write
5B4000
heap
page read and write
23700000
trusted library allocation
page read and write
1C9EF000
stack
page read and write
5B4000
heap
page read and write
744000
heap
page read and write
169E000
stack
page read and write
5120000
direct allocation
page execute and read and write
34AF000
stack
page read and write
739000
stack
page read and write
1D5B3000
heap
page read and write
39AF000
stack
page read and write
5B4000
heap
page read and write
4F60000
direct allocation
page read and write
E91000
unkown
page execute and read and write
4F91000
heap
page read and write
744000
heap
page read and write
658F000
stack
page read and write
DB4000
heap
page read and write
1054000
unkown
page execute and read and write
FBC000
unkown
page execute and read and write
5430000
direct allocation
page execute and read and write
12FD000
stack
page read and write
4820000
direct allocation
page execute and read and write
E81000
unkown
page execute and write copy
4970000
direct allocation
page execute and read and write
4B21000
heap
page read and write
F8F000
unkown
page execute and write copy
1D07E000
stack
page read and write
560000
heap
page read and write
9C6000
unkown
page execute and read and write
DB4000
heap
page read and write
DB4000
heap
page read and write
2E10000
heap
page read and write
744000
heap
page read and write
4491000
heap
page read and write
447F000
stack
page read and write
44DF000
stack
page read and write
ADE000
unkown
page execute and write copy
4631000
heap
page read and write
437E000
stack
page read and write
744000
heap
page read and write
4B30000
heap
page read and write
8D4000
heap
page read and write
4491000
heap
page read and write
E30000
direct allocation
page read and write
DB4000
heap
page read and write
1D5AE000
heap
page read and write
DB4000
heap
page read and write
3C2E000
stack
page read and write
5B0000
unkown
page readonly
494000
heap
page read and write
5B4000
heap
page read and write
4B21000
heap
page read and write
4A80000
direct allocation
page execute and read and write
E23000
unkown
page execute and write copy
F40000
unkown
page execute and read and write
4F80000
direct allocation
page read and write
4491000
heap
page read and write
4F60000
trusted library allocation
page read and write
7000000
heap
page read and write
1D5BC000
heap
page read and write
1D5B7000
heap
page read and write
5A0000
heap
page read and write
744000
heap
page read and write
F1D000
unkown
page execute and write copy
1046000
unkown
page execute and read and write
28EE000
heap
page read and write
744000
heap
page read and write
8F6000
heap
page read and write
FCA000
unkown
page execute and read and write
B60000
direct allocation
page read and write
2AAE000
stack
page read and write
3C5F000
stack
page read and write
53BF000
stack
page read and write
1045000
unkown
page execute and write copy
E30000
direct allocation
page read and write
5C0000
direct allocation
page read and write
744000
heap
page read and write
4491000
heap
page read and write
4491000
heap
page read and write
FC4000
unkown
page execute and write copy
EB5000
unkown
page execute and write copy
744000
heap
page read and write
F1F000
unkown
page execute and write copy
C38000
unkown
page execute and write copy
18E0000
heap
page read and write
5560000
trusted library allocation
page read and write
4631000
heap
page read and write
325F000
stack
page read and write
744000
heap
page read and write
113D000
unkown
page execute and write copy
FDD000
unkown
page execute and write copy
121D000
heap
page read and write
D60000
heap
page read and write
12C4000
heap
page read and write
FBC000
unkown
page execute and read and write
1095000
unkown
page execute and read and write
EC2000
unkown
page execute and read and write
F43000
unkown
page execute and write copy
49A0000
direct allocation
page execute and read and write
4B20000
heap
page read and write
E30000
direct allocation
page read and write
4491000
heap
page read and write
1CF7D000
stack
page read and write
361F000
stack
page read and write
5F0000
unkown
page readonly
4830000
direct allocation
page read and write
5E14000
trusted library allocation
page read and write
F40000
unkown
page execute and read and write
4AD1000
heap
page read and write
12C4000
heap
page read and write
DB4000
heap
page read and write
5281000
heap
page read and write
FC6000
unkown
page execute and read and write
18DF000
stack
page read and write
12C4000
heap
page read and write
DB4000
heap
page read and write
B60000
direct allocation
page read and write
8D4000
heap
page read and write
4830000
direct allocation
page read and write
4491000
heap
page read and write
4B01000
heap
page read and write
1190000
direct allocation
page read and write
12C4000
heap
page read and write
347E000
stack
page read and write
103D000
unkown
page execute and write copy
4491000
heap
page read and write
700F000
stack
page read and write
483F000
stack
page read and write
4AD1000
heap
page read and write
744000
heap
page read and write
8D4000
heap
page read and write
1054000
unkown
page execute and write copy
5B4000
heap
page read and write
4B21000
heap
page read and write
4830000
direct allocation
page execute and read and write
153B000
heap
page read and write
5B0000
unkown
page read and write
1056000
unkown
page execute and write copy
36FE000
stack
page read and write
DB4000
heap
page read and write
4F80000
direct allocation
page read and write
4AD1000
heap
page read and write
2F7E000
stack
page read and write
871000
heap
page read and write
475F000
stack
page read and write
33DE000
stack
page read and write
F1F000
unkown
page execute and write copy
4631000
heap
page read and write
10E5000
unkown
page execute and read and write
5280000
direct allocation
page read and write
A9D000
unkown
page execute and read and write
8D4000
heap
page read and write
4670000
trusted library allocation
page read and write
8A0000
direct allocation
page read and write
4491000
heap
page read and write
23925000
heap
page read and write
4F5000
stack
page read and write
3BFF000
stack
page read and write
53D0000
direct allocation
page read and write
4B80000
heap
page read and write
5B4000
heap
page read and write
4491000
heap
page read and write
5B4000
heap
page read and write
F1B000
unkown
page execute and write copy
5200000
trusted library allocation
page read and write
DB4000
heap
page read and write
4B21000
heap
page read and write
DB4000
heap
page read and write
3F7F000
stack
page read and write
1490000
heap
page read and write
50F0000
direct allocation
page execute and read and write
311F000
stack
page read and write
8D4000
heap
page read and write
4A70000
trusted library allocation
page read and write
50E0000
direct allocation
page execute and read and write
744000
heap
page read and write
2D2F000
stack
page read and write
12C0000
heap
page read and write
1D5AE000
heap
page read and write
5C0000
direct allocation
page read and write
744000
heap
page read and write
6F0D000
stack
page read and write
1CEFF000
stack
page read and write
E30000
direct allocation
page read and write
8E0000
heap
page read and write
590000
heap
page read and write
389E000
stack
page read and write
8D4000
heap
page read and write
10CF000
unkown
page execute and write copy
8D4000
heap
page read and write
4AC0000
direct allocation
page read and write
744000
heap
page read and write
C30000
unkown
page readonly
ADD000
unkown
page execute and write copy
FAD000
unkown
page execute and write copy
2EF0000
heap
page read and write
8A0000
direct allocation
page read and write
F2C000
unkown
page execute and read and write
397E000
stack
page read and write
5450000
heap
page read and write
1D593000
heap
page read and write
4B01000
heap
page read and write
3E7E000
stack
page read and write
9C6000
unkown
page execute and read and write
371F000
stack
page read and write
8D4000
heap
page read and write
3C1F000
stack
page read and write
4B01000
heap
page read and write
4E00000
heap
page execute and read and write
4AC0000
direct allocation
page read and write
E19000
unkown
page execute and read and write
1D585000
heap
page read and write
4841000
heap
page read and write
4AD1000
heap
page read and write
333F000
stack
page read and write
4C9F000
stack
page read and write
4B21000
heap
page read and write
8CF000
heap
page read and write
744000
heap
page read and write
4AD1000
heap
page read and write
40FE000
stack
page read and write
4B01000
heap
page read and write
8B0000
heap
page read and write
E59000
heap
page read and write
3ABE000
stack
page read and write
1056000
unkown
page execute and write copy
4B01000
heap
page read and write
1579000
heap
page read and write
E30000
direct allocation
page read and write
E19000
unkown
page execute and write copy
F43000
unkown
page execute and write copy
634000
unkown
page execute and read and write
FCC000
unkown
page execute and write copy
FB8000
unkown
page execute and write copy
12C4000
heap
page read and write
F3E000
unkown
page execute and write copy
B60000
direct allocation
page read and write
6CAD1000
unkown
page execute read
4B21000
heap
page read and write
686000
unkown
page execute and read and write
744000
heap
page read and write
12C4000
heap
page read and write
38AE000
stack
page read and write
E30000
direct allocation
page read and write
4491000
heap
page read and write
8D4000
heap
page read and write
1034000
unkown
page execute and read and write
103D000
unkown
page execute and write copy
4AD1000
heap
page read and write
744000
heap
page read and write
744000
heap
page read and write
337E000
stack
page read and write
39DE000
stack
page read and write
EA4000
unkown
page execute and write copy
4491000
heap
page read and write
10B4000
unkown
page execute and write copy
5C0000
direct allocation
page read and write
1066000
unkown
page execute and write copy
4B21000
heap
page read and write
8D4000
heap
page read and write
72FE000
stack
page read and write
1073000
unkown
page execute and read and write
50D0000
direct allocation
page execute and read and write
F1B000
unkown
page execute and write copy
E63000
unkown
page execute and read and write
5B4000
heap
page read and write
2C2E000
stack
page read and write
4B01000
heap
page read and write
5410000
direct allocation
page execute and read and write
47F0000
direct allocation
page execute and read and write
5281000
heap
page read and write
744000
heap
page read and write
E1F000
stack
page read and write
376E000
stack
page read and write
1190000
direct allocation
page read and write
C30000
unkown
page readonly
FB1000
unkown
page execute and write copy
4491000
heap
page read and write
5B4000
heap
page read and write
4F91000
heap
page read and write
5B4000
heap
page read and write
3BEF000
stack
page read and write
100E000
unkown
page execute and write copy
EAD000
unkown
page execute and read and write
DB4000
heap
page read and write
1D597000
heap
page read and write
4B21000
heap
page read and write
3D3F000
stack
page read and write
FC6000
unkown
page execute and read and write
DB4000
heap
page read and write
4631000
heap
page read and write
DB4000
heap
page read and write
4880000
direct allocation
page execute and read and write
DBA000
unkown
page execute and write copy
5B4000
heap
page read and write
4631000
heap
page read and write
387E000
stack
page read and write
4F91000
heap
page read and write
F6D000
unkown
page execute and write copy
E19000
unkown
page execute and read and write
1190000
direct allocation
page read and write
4AD1000
heap
page read and write
E40000
unkown
page readonly
3EAE000
stack
page read and write
8D4000
heap
page read and write
326E000
stack
page read and write
4AD1000
heap
page read and write
DB4000
heap
page read and write
F90000
unkown
page execute and read and write
48B0000
direct allocation
page execute and read and write
346F000
stack
page read and write
E32000
unkown
page execute and read and write
DB4000
heap
page read and write
744000
heap
page read and write
2BEF000
stack
page read and write
46FF000
stack
page read and write
315E000
stack
page read and write
3D6E000
stack
page read and write
DB4000
heap
page read and write
5F0000
unkown
page readonly
441E000
stack
page read and write
292F000
stack
page read and write
4DDE000
stack
page read and write
71DC000
stack
page read and write
C0E000
stack
page read and write
3B2E000
stack
page read and write
744000
heap
page read and write
357F000
stack
page read and write
744000
heap
page read and write
3B2E000
stack
page read and write
494000
heap
page read and write
E4E000
unkown
page execute and write copy
4AD1000
heap
page read and write
1D5BC000
heap
page read and write
E26000
unkown
page execute and read and write
14FF000
stack
page read and write
3F7F000
stack
page read and write
4FDE000
stack
page read and write
3EEE000
stack
page read and write
1470000
heap
page read and write
15DF000
stack
page read and write
40FF000
stack
page read and write
8E0000
heap
page read and write
494000
heap
page read and write
744000
heap
page read and write
1190000
direct allocation
page read and write
494000
heap
page read and write
57AE000
stack
page read and write
148B000
heap
page read and write
1D5BC000
heap
page read and write
D60000
heap
page read and write
ED5000
unkown
page execute and read and write
5281000
heap
page read and write
1D5B9000
heap
page read and write
1D5B7000
heap
page read and write
FB0000
unkown
page execute and read and write
426F000
stack
page read and write
1D07E000
stack
page read and write
BCE000
stack
page read and write
4B21000
heap
page read and write
F90000
unkown
page execute and read and write
351E000
stack
page read and write
43AF000
stack
page read and write
8D4000
heap
page read and write
4F80000
direct allocation
page read and write
321F000
stack
page read and write
3B1E000
stack
page read and write
43C1000
heap
page read and write
4AD1000
heap
page read and write
1280000
heap
page read and write
8A0000
direct allocation
page read and write
39AF000
stack
page read and write
5B4000
heap
page read and write
4F91000
heap
page read and write
28AE000
stack
page read and write
5B4000
heap
page read and write
4B01000
heap
page read and write
1530000
heap
page read and write
F1E000
unkown
page execute and read and write
4E11000
trusted library allocation
page read and write
1D01E000
stack
page read and write
82A000
heap
page read and write
5270000
direct allocation
page read and write
4AD1000
heap
page read and write
4491000
heap
page read and write
744000
heap
page read and write
627000
unkown
page execute and read and write
27EF000
stack
page read and write
4491000
heap
page read and write
112B000
unkown
page execute and write copy
934000
heap
page read and write
4B10000
trusted library allocation
page read and write
DB2000
unkown
page execute and write copy
3BFE000
stack
page read and write
10B0000
heap
page read and write
744000
heap
page read and write
39AF000
stack
page read and write
E40000
unkown
page read and write
1D2C0000
heap
page read and write
744000
heap
page read and write
4F91000
heap
page read and write
DFC000
unkown
page execute and read and write
4631000
heap
page read and write
4B01000
heap
page read and write
1045000
unkown
page execute and write copy
5140000
trusted library allocation
page read and write
490000
heap
page read and write
1D5AF000
heap
page read and write
11EE000
stack
page read and write
3AEE000
stack
page read and write
3CFF000
stack
page read and write
D70000
heap
page read and write
4830000
direct allocation
page read and write
12C4000
heap
page read and write
4491000
heap
page read and write
35DF000
stack
page read and write
44FE000
stack
page read and write
5B4000
heap
page read and write
F8E000
unkown
page execute and read and write
4841000
heap
page read and write
4AD1000
heap
page read and write
3E7E000
stack
page read and write
DB6000
unkown
page write copy
5281000
heap
page read and write
3EBE000
stack
page read and write
61EB7000
direct allocation
page readonly
8D4000
heap
page read and write
1D6B4000
heap
page read and write
3E6F000
stack
page read and write
416E000
stack
page read and write
5470000
direct allocation
page execute and read and write
5B4000
heap
page read and write
6CB5E000
unkown
page read and write
5B4000
heap
page read and write
5B4000
heap
page read and write
744000
heap
page read and write
2C2E000
stack
page read and write
DFE000
unkown
page execute and write copy
4491000
heap
page read and write
4B21000
heap
page read and write
B60000
direct allocation
page read and write
11EE000
stack
page read and write
5B4000
heap
page read and write
745000
heap
page read and write
E24000
unkown
page execute and read and write
DB4000
heap
page read and write
2E3F000
stack
page read and write
790000
heap
page read and write
DB4000
heap
page read and write
934000
heap
page read and write
43BE000
stack
page read and write
627000
unkown
page execute and read and write
1056000
unkown
page execute and write copy
4491000
heap
page read and write
68C2000
trusted library allocation
page read and write
4810000
direct allocation
page execute and read and write
4491000
heap
page read and write
1D3CD000
stack
page read and write
3D3F000
stack
page read and write
12A0000
direct allocation
page read and write
12A0000
direct allocation
page read and write
55E000
stack
page read and write
426F000
stack
page read and write
2F3F000
stack
page read and write
4491000
heap
page read and write
7E8000
unkown
page execute and read and write
4DF1000
heap
page read and write
39BE000
stack
page read and write
12A0000
direct allocation
page read and write
4830000
direct allocation
page read and write
5C0000
direct allocation
page read and write
27E0000
heap
page read and write
541F000
stack
page read and write
540E000
stack
page read and write
F3A000
unkown
page execute and write copy
DB4000
heap
page read and write
12A0000
direct allocation
page read and write
1450000
heap
page read and write
DB4000
heap
page read and write
FC7000
unkown
page execute and write copy
5110000
direct allocation
page execute and read and write
DB4000
heap
page read and write
EAD000
unkown
page execute and read and write
494000
heap
page read and write
5B4000
heap
page read and write
3FEF000
stack
page read and write
2F7E000
stack
page read and write
4F80000
direct allocation
page read and write
744000
heap
page read and write
8EF000
heap
page read and write
DB4000
heap
page read and write
61ECC000
direct allocation
page read and write
4AD1000
heap
page read and write
DC5000
unkown
page execute and read and write
1036000
unkown
page execute and read and write
5B4000
heap
page read and write
34BE000
stack
page read and write
427E000
stack
page read and write
44EF000
stack
page read and write
2FEE000
stack
page read and write
DB4000
heap
page read and write
DB4000
heap
page read and write
83C000
unkown
page execute and read and write
ED4000
unkown
page execute and write copy
3EDE000
stack
page read and write
E30000
direct allocation
page read and write
4AD1000
heap
page read and write
820000
heap
page read and write
5FA000
heap
page read and write
4B01000
heap
page read and write
49A0000
direct allocation
page execute and read and write
5420000
direct allocation
page execute and read and write
4B01000
heap
page read and write
4B01000
heap
page read and write
4631000
heap
page read and write
336F000
stack
page read and write
DB4000
heap
page read and write
4ABF000
stack
page read and write
463E000
stack
page read and write
1464000
heap
page read and write
365E000
stack
page read and write
4B21000
heap
page read and write
E56000
unkown
page execute and write copy
F3E000
unkown
page execute and write copy
C30000
unkown
page readonly
B87000
heap
page read and write
3BFE000
stack
page read and write
8F3000
heap
page read and write
4B21000
heap
page read and write
B60000
direct allocation
page read and write
5281000
heap
page read and write
1020000
heap
page read and write
2A5A1000
heap
page read and write
5450000
direct allocation
page execute and read and write
1056000
unkown
page execute and write copy
8D4000
heap
page read and write
1D5B6000
heap
page read and write
744000
heap
page read and write
3FEF000
stack
page read and write
5B4000
heap
page read and write
43B1000
heap
page read and write
3C9E000
stack
page read and write
744000
heap
page read and write
347F000
stack
page read and write
4DE0000
direct allocation
page read and write
4810000
direct allocation
page execute and read and write
5B4000
heap
page read and write
4C50000
heap
page read and write
11AF000
stack
page read and write
1CCCE000
stack
page read and write
EB4000
unkown
page execute and write copy
49D0000
direct allocation
page execute and read and write
4631000
heap
page read and write
F44000
unkown
page execute and write copy
2E6F000
stack
page read and write
5B4000
heap
page read and write
5B4000
heap
page read and write
CA7000
unkown
page execute and write copy
8F4000
heap
page read and write
72F4000
heap
page read and write
35EF000
stack
page read and write
50F0000
direct allocation
page execute and read and write
4AD1000
heap
page read and write
744000
heap
page read and write
2E8E000
stack
page read and write
F57000
unkown
page execute and read and write
DB4000
heap
page read and write
744000
heap
page read and write
4631000
heap
page read and write
1585000
heap
page read and write
DB4000
heap
page read and write
28E7000
heap
page read and write
4231000
heap
page read and write
31FE000
stack
page read and write
38AE000
stack
page read and write
4631000
heap
page read and write
8D4000
heap
page read and write
4631000
heap
page read and write
744000
heap
page read and write
1D57E000
heap
page read and write
C10000
direct allocation
page read and write
FB1000
unkown
page execute and write copy
497F000
stack
page read and write
4830000
direct allocation
page read and write
12C4000
heap
page read and write
4631000
heap
page read and write
744000
heap
page read and write
4B01000
heap
page read and write
11C0000
heap
page read and write
4B21000
heap
page read and write
4AD1000
heap
page read and write
4AD1000
heap
page read and write
4DDF000
stack
page read and write
12A0000
direct allocation
page read and write
423F000
stack
page read and write
611F000
stack
page read and write
31FF000
stack
page read and write
323E000
stack
page read and write
744000
heap
page read and write
357F000
stack
page read and write
375F000
stack
page read and write
EA4000
unkown
page execute and write copy
DB2000
unkown
page execute and read and write
1D18E000
stack
page read and write
F2D000
unkown
page execute and write copy
5160000
trusted library allocation
page read and write
57A000
stack
page read and write
1D597000
heap
page read and write
12F7000
heap
page read and write
1D5B1000
heap
page read and write
1D5A0000
heap
page read and write
708E000
stack
page read and write
4B01000
heap
page read and write
745000
heap
page read and write
48BE000
stack
page read and write
4491000
heap
page read and write
49A4000
trusted library allocation
page read and write
50DF000
stack
page read and write
4841000
heap
page read and write
ADE000
unkown
page execute and write copy
30B7000
heap
page read and write
1D5BC000
heap
page read and write
126C000
stack
page read and write
4B01000
heap
page read and write
48A0000
direct allocation
page execute and read and write
49BE000
stack
page read and write
634C000
stack
page read and write
4631000
heap
page read and write
1CA2E000
stack
page read and write
5C0000
direct allocation
page read and write
F00000
unkown
page execute and read and write
E36000
unkown
page execute and read and write
4B5F000
stack
page read and write
5B4000
heap
page read and write
5420000
direct allocation
page execute and read and write
4F60000
heap
page read and write
4F60000
direct allocation
page read and write
8E8000
heap
page read and write
27C0000
direct allocation
page read and write
C78000
unkown
page execute and write copy
5490000
heap
page read and write
402E000
stack
page read and write
8C2000
heap
page read and write
49B0000
heap
page read and write
E19000
unkown
page execute and write copy
8D4000
heap
page read and write
EA7000
unkown
page execute and write copy
5290000
heap
page read and write
5B4000
heap
page read and write
332F000
stack
page read and write
DB4000
heap
page read and write
4DF1000
heap
page read and write
744000
heap
page read and write
4AD1000
heap
page read and write
52BE000
stack
page read and write
744000
heap
page read and write
934000
heap
page read and write
329E000
stack
page read and write
744000
heap
page read and write
5B4000
heap
page read and write
744000
heap
page read and write
744000
heap
page read and write
5B4000
heap
page read and write
8F6000
heap
page read and write
4B01000
heap
page read and write
3E7F000
stack
page read and write
2BEF000
stack
page read and write
E41000
unkown
page execute and write copy
DB4000
heap
page read and write
1D50C000
stack
page read and write
491E000
stack
page read and write
5E0000
heap
page read and write
1250000
heap
page read and write
DC3000
stack
page read and write
4800000
direct allocation
page execute and read and write
30EF000
stack
page read and write
C99000
unkown
page write copy
40FF000
stack
page read and write
429F000
stack
page read and write
134B000
heap
page read and write
4B01000
heap
page read and write
C99000
unkown
page write copy
10FE000
stack
page read and write
26EF000
stack
page read and write
4841000
heap
page read and write
1056000
unkown
page execute and write copy
DB4000
heap
page read and write
F8E000
unkown
page execute and read and write
8F4000
heap
page read and write
4830000
direct allocation
page read and write
E97000
unkown
page execute and read and write
5B4000
heap
page read and write
F2B000
unkown
page execute and write copy
23620000
heap
page read and write
F2D000
unkown
page execute and write copy
1D5BC000
heap
page read and write
12A0000
direct allocation
page read and write
744000
heap
page read and write
61E01000
direct allocation
page execute read
934000
heap
page read and write
1091000
unkown
page execute and write copy
277E000
stack
page read and write
E4F000
unkown
page execute and read and write
12C4000
heap
page read and write
4DE0000
direct allocation
page read and write
4631000
heap
page read and write
494000
heap
page read and write
4B01000
heap
page read and write
30BE000
stack
page read and write
3FEF000
stack
page read and write
5B4000
heap
page read and write
4AC0000
direct allocation
page read and write
35FE000
stack
page read and write
10D2000
unkown
page execute and read and write
4F40000
direct allocation
page read and write
8A0000
direct allocation
page read and write
8D4000
heap
page read and write
4B00000
trusted library allocation
page read and write
3EAF000
stack
page read and write
744000
heap
page read and write
CC0000
heap
page read and write
4491000
heap
page read and write
4631000
heap
page read and write
49BF000
stack
page read and write
FC4000
unkown
page execute and write copy
5B4000
heap
page read and write
4491000
heap
page read and write
DB4000
heap
page read and write
EB6000
unkown
page execute and read and write
8EC000
heap
page read and write
4AD1000
heap
page read and write
ACD000
unkown
page execute and read and write
307F000
stack
page read and write
F65000
unkown
page execute and write copy
4AD1000
heap
page read and write
934000
heap
page read and write
159E000
stack
page read and write
5B4000
heap
page read and write
5490000
direct allocation
page execute and read and write
8EF000
heap
page read and write
40EF000
stack
page read and write
6CD50000
unkown
page read and write
5B4000
heap
page read and write
4990000
direct allocation
page read and write
1425000
heap
page read and write
4A40000
direct allocation
page execute and read and write
DB4000
heap
page read and write
934000
heap
page read and write
5B4000
heap
page read and write
2A5A0000
heap
page read and write
86C000
heap
page read and write
3FFE000
stack
page read and write
C31000
unkown
page execute and write copy
3AFE000
stack
page read and write
2EAE000
stack
page read and write
E2F000
unkown
page execute and write copy
4BF0000
direct allocation
page execute and read and write
372F000
stack
page read and write
5281000
heap
page read and write
4491000
heap
page read and write
2DEE000
stack
page read and write
70F0000
heap
page execute and read and write
5FDF000
stack
page read and write
4F80000
direct allocation
page read and write
451F000
stack
page read and write
372E000
stack
page read and write
744000
heap
page read and write
124E000
stack
page read and write
4491000
heap
page read and write
8D4000
heap
page read and write
4491000
heap
page read and write
19C000
stack
page read and write
39EE000
stack
page read and write
C30000
unkown
page read and write
F2B000
unkown
page execute and write copy
423F000
stack
page read and write
2D6C000
stack
page read and write
DB4000
heap
page read and write
744000
heap
page read and write
1D599000
heap
page read and write
5B4000
heap
page read and write
CB0000
heap
page read and write
F56000
unkown
page execute and write copy
DB4000
heap
page read and write
437E000
stack
page read and write
34BE000
stack
page read and write
5120000
direct allocation
page execute and read and write
101F000
unkown
page execute and read and write
1D595000
heap
page read and write
1D5A1000
heap
page read and write
50D4000
trusted library allocation
page read and write
1D5B4000
heap
page read and write
4B21000
heap
page read and write
8A0000
direct allocation
page read and write
B0F000
stack
page read and write
2FAF000
stack
page read and write
4AD1000
heap
page read and write
DB4000
heap
page read and write
12C4000
heap
page read and write
393F000
stack
page read and write
2A6F000
stack
page read and write
DB4000
heap
page read and write
2F6F000
stack
page read and write
F34000
unkown
page execute and write copy
E6D000
heap
page read and write
DB4000
heap
page read and write
E2F000
unkown
page execute and write copy
130A000
heap
page read and write
82E000
heap
page read and write
C49000
stack
page read and write
4870000
direct allocation
page execute and read and write
35FE000
stack
page read and write
DB4000
heap
page read and write
717000
unkown
page execute and read and write
105D000
unkown
page execute and read and write
34AF000
stack
page read and write
1D585000
heap
page read and write
1045000
unkown
page execute and write copy
5270000
direct allocation
page read and write
10C7000
unkown
page execute and read and write
5C0000
direct allocation
page read and write
E30000
direct allocation
page read and write
644C000
stack
page read and write
41FF000
stack
page read and write
1D597000
heap
page read and write
C99000
unkown
page write copy
336F000
stack
page read and write
4C20000
direct allocation
page execute and read and write
8A5000
heap
page read and write
E23000
unkown
page execute and write copy
42AE000
stack
page read and write
5B4000
heap
page read and write
4B01000
heap
page read and write
8D4000
heap
page read and write
C92000
unkown
page execute and write copy
12C4000
heap
page read and write
DB4000
heap
page read and write
F43000
unkown
page execute and write copy
29EF000
stack
page read and write
4631000
heap
page read and write
396F000
stack
page read and write
4631000
heap
page read and write
863000
heap
page read and write
4B21000
heap
page read and write
1D2BF000
stack
page read and write
4631000
heap
page read and write
5400000
direct allocation
page execute and read and write
744000
heap
page read and write
8C2000
heap
page read and write
7FC000
unkown
page execute and read and write
B80000
heap
page read and write
8D4000
heap
page read and write
4B27000
trusted library allocation
page execute and read and write
C77000
unkown
page execute and read and write
49DF000
stack
page read and write
1D5A1000
heap
page read and write
1045000
unkown
page execute and write copy
23921000
heap
page read and write
4AD1000
heap
page read and write
744000
heap
page read and write
372F000
stack
page read and write
462F000
stack
page read and write
3E9F000
stack
page read and write
744000
heap
page read and write
103F000
unkown
page execute and write copy
343F000
stack
page read and write
4D7F000
stack
page read and write
6CD4F000
unkown
page write copy
2A59C000
stack
page read and write
8D4000
heap
page read and write
5B4000
heap
page read and write
43B1000
heap
page read and write
33AE000
stack
page read and write
5B4000
heap
page read and write
12C4000
heap
page read and write
4DE0000
direct allocation
page read and write
FE5000
unkown
page execute and read and write
386D000
stack
page read and write
5D9E000
stack
page read and write
375E000
stack
page read and write
5400000
direct allocation
page execute and read and write
47F0000
trusted library allocation
page read and write
877000
heap
page read and write
F8E000
unkown
page execute and read and write
12C4000
heap
page read and write
1D597000
heap
page read and write
1D589000
heap
page read and write
4AF0000
heap
page read and write
30FE000
stack
page read and write
8EF000
heap
page read and write
8C2000
heap
page read and write
4AD1000
heap
page read and write
2A490000
heap
page read and write
339F000
stack
page read and write
4631000
heap
page read and write
C99000
unkown
page write copy
13EA000
heap
page read and write
5E0000
direct allocation
page read and write
4FD6000
direct allocation
page read and write
DB6000
unkown
page write copy
4491000
heap
page read and write
8D4000
heap
page read and write
37FF000
stack
page read and write
56AE000
stack
page read and write
49A0000
direct allocation
page execute and read and write
4491000
heap
page read and write
4491000
heap
page read and write
41FF000
stack
page read and write
F43000
unkown
page execute and write copy
883000
heap
page read and write
744000
heap
page read and write
325E000
stack
page read and write
744000
heap
page read and write
FCC000
unkown
page execute and write copy
1190000
direct allocation
page read and write
5B4000
heap
page read and write
5B4000
heap
page read and write
1153000
unkown
page execute and write copy
36FF000
stack
page read and write
DB4000
heap
page read and write
31FF000
stack
page read and write
4DE0000
direct allocation
page read and write
1F0000
heap
page read and write
DB4000
heap
page read and write
1D5AE000
heap
page read and write
5B4000
heap
page read and write
4A70000
direct allocation
page execute and read and write
F46000
unkown
page execute and read and write
4B10000
heap
page read and write
4B21000
heap
page read and write
1D596000
heap
page read and write
4631000
heap
page read and write
EA9000
unkown
page write copy
C30000
unkown
page readonly
1D5AE000
heap
page read and write
49C0000
direct allocation
page execute and read and write
4EC0000
heap
page read and write
744000
heap
page read and write
4AE6000
direct allocation
page read and write
4631000
heap
page read and write
5B4000
heap
page read and write
F34000
unkown
page execute and write copy
362E000
stack
page read and write
2E3E000
stack
page read and write
3C6E000
stack
page read and write
930000
heap
page read and write
4B00000
heap
page read and write
376E000
stack
page read and write
322F000
stack
page read and write
5C0000
direct allocation
page read and write
4DF1000
heap
page read and write
542A000
trusted library allocation
page execute and read and write
90C000
heap
page read and write
2392D000
heap
page read and write
DBA000
unkown
page execute and read and write
3CFF000
stack
page read and write
FAD000
unkown
page execute and write copy
2DF0000
direct allocation
page read and write
4491000
heap
page read and write
10B7000
heap
page read and write
27FF000
stack
page read and write
322F000
stack
page read and write
6130000
heap
page read and write
4DF1000
heap
page read and write
E8B000
unkown
page execute and read and write
236ED000
heap
page read and write
82E000
heap
page read and write
477E000
stack
page read and write
118E000
stack
page read and write
49B0000
direct allocation
page execute and read and write
5460000
direct allocation
page execute and read and write
F1F000
unkown
page execute and write copy
1D1BE000
stack
page read and write
1190000
direct allocation
page read and write
455E000
stack
page read and write
4A80000
direct allocation
page execute and read and write
F43000
unkown
page execute and read and write
2EE0000
heap
page read and write
50D0000
direct allocation
page execute and read and write
5B4000
heap
page read and write
415E000
stack
page read and write
49FE000
stack
page read and write
4491000
heap
page read and write
4830000
direct allocation
page read and write
4B40000
trusted library allocation
page read and write
FB7000
unkown
page execute and read and write
4491000
heap
page read and write
E25000
unkown
page execute and write copy
8D4000
heap
page read and write
4DF1000
heap
page read and write
311F000
stack
page read and write
8F3000
heap
page read and write
FC6000
unkown
page execute and read and write
402E000
stack
page read and write
4F91000
heap
page read and write
C10000
direct allocation
page read and write
426F000
stack
page read and write
412F000
stack
page read and write
F8F000
unkown
page execute and write copy
8C2000
heap
page read and write
34DF000
stack
page read and write
4B01000
heap
page read and write
50E0000
direct allocation
page read and write
50B0000
trusted library allocation
page read and write
DB6000
unkown
page write copy
8D4000
heap
page read and write
4940000
heap
page read and write
F1F000
unkown
page execute and write copy
333E000
stack
page read and write
44FE000
stack
page read and write
E30000
direct allocation
page read and write
EBF000
unkown
page execute and write copy
FC4000
unkown
page execute and write copy
3C6E000
stack
page read and write
401F000
stack
page read and write
4B21000
heap
page read and write
3E3F000
stack
page read and write
4980000
direct allocation
page execute and read and write
4B01000
heap
page read and write
4AD1000
heap
page read and write
5B4000
heap
page read and write
1520000
heap
page read and write
450000
heap
page read and write
49AD000
trusted library allocation
page execute and read and write
4B21000
heap
page read and write
4B01000
heap
page read and write
4A10000
direct allocation
page execute and read and write
40BF000
stack
page read and write
8A0000
direct allocation
page read and write
4B21000
heap
page read and write
8A0000
direct allocation
page read and write
934000
heap
page read and write
C30000
unkown
page readonly
12C4000
heap
page read and write
4A00000
direct allocation
page execute and read and write
51F0000
trusted library allocation
page execute and read and write
5281000
heap
page read and write
4AD1000
heap
page read and write
4AD1000
heap
page read and write
72D000
stack
page read and write
5130000
direct allocation
page execute and read and write
5B4000
heap
page read and write
5B4000
heap
page read and write
5100000
direct allocation
page execute and read and write
744000
heap
page read and write
5281000
heap
page read and write
45FF000
stack
page read and write
C9B000
unkown
page execute and write copy
DB4000
heap
page read and write
30EF000
stack
page read and write
744000
heap
page read and write
8F6000
heap
page read and write
5380000
trusted library allocation
page read and write
4491000
heap
page read and write
744000
heap
page read and write
120E000
stack
page read and write
494000
heap
page read and write
4642000
heap
page read and write
4491000
heap
page read and write
D8E000
stack
page read and write
461F000
stack
page read and write
F3A000
unkown
page execute and read and write
5B4000
heap
page read and write
F1D000
unkown
page execute and write copy
12C4000
heap
page read and write
5B4000
heap
page read and write
4DE0000
direct allocation
page read and write
744000
heap
page read and write
1327000
heap
page read and write
F7D000
unkown
page execute and read and write
399F000
stack
page read and write
5270000
direct allocation
page read and write
8A0000
direct allocation
page read and write
5270000
direct allocation
page read and write
5B4000
heap
page read and write
5B4000
heap
page read and write
4491000
heap
page read and write
745000
heap
page read and write
3E7F000
stack
page read and write
4B01000
heap
page read and write
1D03F000
stack
page read and write
4890000
direct allocation
page execute and read and write
8D4000
heap
page read and write
8F6000
heap
page read and write
5560000
direct allocation
page execute and read and write
1D5A1000
heap
page read and write
934000
heap
page read and write
4491000
heap
page read and write
58AD000
stack
page read and write
397E000
stack
page read and write
1D17F000
stack
page read and write
4DE0000
direct allocation
page read and write
45BF000
stack
page read and write
B60000
direct allocation
page read and write
744000
heap
page read and write
DB4000
heap
page read and write
10B6000
unkown
page execute and read and write
43EE000
stack
page read and write
4AE5000
heap
page read and write
D4E000
stack
page read and write
920000
heap
page read and write
4AFF000
stack
page read and write
12C4000
heap
page read and write
12C4000
heap
page read and write
1D5BC000
heap
page read and write
C9B000
unkown
page execute and read and write
1D599000
heap
page read and write
744000
heap
page read and write
5250000
heap
page read and write
416E000
stack
page read and write
4F91000
heap
page read and write
E0B000
stack
page read and write
339E000
stack
page read and write
39BE000
stack
page read and write
416E000
stack
page read and write
3A1E000
stack
page read and write
12C4000
heap
page read and write
C31000
unkown
page execute and write copy
8CF000
heap
page read and write
8A0000
direct allocation
page read and write
ACD000
unkown
page execute and read and write
4B01000
heap
page read and write
4B25000
heap
page read and write
4B01000
heap
page read and write
4810000
direct allocation
page execute and read and write
8D4000
heap
page read and write
412F000
stack
page read and write
12C4000
heap
page read and write
4B21000
heap
page read and write
4B01000
heap
page read and write
5B4000
heap
page read and write
5270000
direct allocation
page read and write
322E000
stack
page read and write
53B3000
trusted library allocation
page execute and read and write
373E000
stack
page read and write
4AD1000
heap
page read and write
E30000
direct allocation
page read and write
5E7000
unkown
page execute and read and write
4AD1000
heap
page read and write
29EF000
stack
page read and write
FD9000
unkown
page execute and write copy
DB4000
heap
page read and write
DB4000
heap
page read and write
744000
heap
page read and write
DCE000
stack
page read and write
35AF000
stack
page read and write
744000
heap
page read and write
C92000
unkown
page execute and write copy
2E6E000
stack
page read and write
4F80000
direct allocation
page read and write
1CF3E000
stack
page read and write
4B21000
heap
page read and write
5B0000
heap
page read and write
1D59D000
heap
page read and write
E85000
unkown
page execute and read and write
E0F000
unkown
page execute and read and write
DC4000
unkown
page execute and write copy
EA2000
unkown
page execute and write copy
55AE000
stack
page read and write
EBF000
unkown
page execute and write copy
CA6000
unkown
page execute and read and write
34EE000
stack
page read and write
4491000
heap
page read and write
1D6AF000
stack
page read and write
5C0000
direct allocation
page read and write
23600000
trusted library allocation
page read and write
4491000
heap
page read and write
53D0000
direct allocation
page read and write
4491000
heap
page read and write
E81000
unkown
page execute and write copy
DB6000
unkown
page write copy
5281000
heap
page read and write
4AC0000
direct allocation
page read and write
4631000
heap
page read and write
5270000
direct allocation
page read and write
4F80000
direct allocation
page read and write
1045000
unkown
page execute and write copy
6800000
trusted library allocation
page read and write
1D5A1000
heap
page read and write
F3A000
unkown
page execute and write copy
4B01000
heap
page read and write
1D599000
heap
page read and write
5B4000
heap
page read and write
1CE9F000
stack
page read and write
DB4000
heap
page read and write
5B4000
heap
page read and write
F43000
unkown
page execute and write copy
909000
heap
page read and write
4DE0000
direct allocation
page read and write
FDC000
stack
page read and write
745000
heap
page read and write
F40000
unkown
page execute and read and write
5E35000
trusted library allocation
page read and write
934000
heap
page read and write
35BF000
stack
page read and write
12A0000
direct allocation
page read and write
FD1000
unkown
page execute and read and write
112F000
unkown
page execute and write copy
1D5B7000
heap
page read and write
734D000
heap
page read and write
2E2F000
stack
page read and write
DB0000
unkown
page read and write
4491000
heap
page read and write
17DE000
stack
page read and write
4990000
direct allocation
page execute and read and write
4A80000
direct allocation
page execute and read and write
6CB62000
unkown
page readonly
12C4000
heap
page read and write
43AF000
stack
page read and write
4B01000
heap
page read and write
83C000
unkown
page execute and read and write
4DE0000
direct allocation
page read and write
E63000
unkown
page execute and read and write
FB7000
unkown
page execute and read and write
179F000
stack
page read and write
DB4000
heap
page read and write
4AE0000
heap
page read and write
1D5BC000
heap
page read and write
4AD1000
heap
page read and write
413E000
stack
page read and write
E36000
unkown
page execute and read and write
FDD000
unkown
page execute and write copy
1054000
unkown
page execute and read and write
78E000
stack
page read and write
3A7F000
stack
page read and write
61ED3000
direct allocation
page read and write
EB7000
unkown
page execute and write copy
5B4000
heap
page read and write
67E000
unkown
page execute and read and write
3EAF000
stack
page read and write
460000
heap
page read and write
1D5A1000
heap
page read and write
4990000
direct allocation
page read and write
5B4000
heap
page read and write
1560000
heap
page read and write
1440000
heap
page read and write
FE5000
unkown
page execute and read and write
4AD1000
heap
page read and write
F34000
unkown
page execute and write copy
F20000
unkown
page execute and write copy
EA6000
unkown
page execute and read and write
4AD1000
heap
page read and write
F1E000
unkown
page execute and read and write
4F91000
heap
page read and write
3B2E000
stack
page read and write
4A60000
direct allocation
page execute and read and write
69F000
unkown
page execute and read and write
8A0000
direct allocation
page read and write
4491000
heap
page read and write
2CEF000
stack
page read and write
386F000
stack
page read and write
E19000
unkown
page execute and write copy
667E000
stack
page read and write
F44000
unkown
page execute and write copy
FCC000
unkown
page execute and write copy
D0C000
stack
page read and write
1270000
heap
page read and write
511E000
stack
page read and write
2E17000
heap
page read and write
4B01000
heap
page read and write
50E0000
direct allocation
page execute and read and write
5160000
direct allocation
page execute and read and write
1D593000
heap
page read and write
50E0000
direct allocation
page read and write
2E00000
direct allocation
page execute and read and write
744000
heap
page read and write
14CA000
heap
page read and write
4631000
heap
page read and write
744000
heap
page read and write
1D2CD000
stack
page read and write
4631000
heap
page read and write
397F000
stack
page read and write
FD1000
unkown
page execute and read and write
4A20000
direct allocation
page execute and read and write
5B4000
heap
page read and write
4AD1000
heap
page read and write
B60000
direct allocation
page read and write
4DE0000
direct allocation
page read and write
C77000
unkown
page execute and read and write
12A0000
direct allocation
page read and write
F2E000
unkown
page execute and read and write
1D5BC000
heap
page read and write
934000
heap
page read and write
DB0000
unkown
page readonly
43BE000
stack
page read and write
3D6F000
stack
page read and write
4B21000
heap
page read and write
744000
heap
page read and write
2377E000
stack
page read and write
4491000
heap
page read and write
734F000
heap
page read and write
58B0000
heap
page execute and read and write
47EF000
stack
page read and write
1CB2F000
stack
page read and write
437F000
stack
page read and write
F34000
unkown
page execute and write copy
376E000
stack
page read and write
513A000
trusted library allocation
page execute and read and write
4F91000
heap
page read and write
4B01000
heap
page read and write
ADD000
unkown
page execute and read and write
8D4000
heap
page read and write
4AD1000
heap
page read and write
49A0000
direct allocation
page execute and read and write
43B1000
heap
page read and write
DB4000
heap
page read and write
E8B000
unkown
page execute and read and write
67E000
unkown
page execute and read and write
4630000
heap
page read and write
30EE000
stack
page read and write
E26000
unkown
page execute and read and write
28D0000
direct allocation
page read and write
4B01000
heap
page read and write
4631000
heap
page read and write
EB4000
unkown
page execute and write copy
8D4000
heap
page read and write
E30000
direct allocation
page read and write
828000
unkown
page execute and read and write
1458000
heap
page read and write
494000
heap
page read and write
FC7000
unkown
page execute and write copy
744000
heap
page read and write
4AD1000
heap
page read and write
514B000
trusted library allocation
page execute and read and write
4AD1000
heap
page read and write
4631000
heap
page read and write
4B01000
heap
page read and write
393F000
stack
page read and write
744000
heap
page read and write
64C5000
trusted library allocation
page read and write
A9D000
unkown
page execute and read and write
5E11000
trusted library allocation
page read and write
465E000
stack
page read and write
8A0000
direct allocation
page read and write
5B4000
heap
page read and write
744000
heap
page read and write
744000
heap
page read and write
4C40000
direct allocation
page execute and read and write
1D5BC000
heap
page read and write
148F000
stack
page read and write
35BE000
stack
page read and write
5090000
trusted library allocation
page read and write
27BE000
stack
page read and write
1565000
heap
page read and write
301F000
stack
page read and write
4AD1000
heap
page read and write
1142000
unkown
page execute and read and write
4810000
direct allocation
page execute and read and write
1CC6F000
stack
page read and write
4AD1000
heap
page read and write
31FE000
stack
page read and write
2EAE000
stack
page read and write
1D5BA000
heap
page read and write
9C6000
unkown
page execute and read and write
69F000
unkown
page execute and read and write
4491000
heap
page read and write
DB4000
heap
page read and write
4F91000
heap
page read and write
F1B000
unkown
page execute and write copy
5EE000
stack
page read and write
3D2F000
stack
page read and write
3BBF000
stack
page read and write
5B4000
heap
page read and write
744000
heap
page read and write
3C5E000
stack
page read and write
3D6F000
stack
page read and write
1446000
heap
page read and write
5B4000
heap
page read and write
1D5BC000
heap
page read and write
4F80000
direct allocation
page read and write
10F4000
stack
page read and write
C92000
unkown
page execute and write copy
C9B000
unkown
page execute and read and write
3AEF000
stack
page read and write
473E000
stack
page read and write
4AD1000
heap
page read and write
E86000
unkown
page execute and write copy
31EF000
stack
page read and write
4FB6000
direct allocation
page read and write
934000
heap
page read and write
DBA000
unkown
page execute and write copy
4AD1000
heap
page read and write
312E000
stack
page read and write
F66000
unkown
page execute and read and write
45FE000
stack
page read and write
A8D000
unkown
page execute and read and write
1D5A0000
heap
page read and write
4491000
heap
page read and write
744000
heap
page read and write
744000
heap
page read and write
4AD1000
heap
page read and write
2DF0000
heap
page read and write
2387F000
stack
page read and write
E30000
direct allocation
page read and write
42AE000
stack
page read and write
744000
heap
page read and write
1D587000
heap
page read and write
54A1000
trusted library allocation
page read and write
1D03E000
stack
page read and write
E4E000
unkown
page execute and write copy
3EAF000
stack
page read and write
DC6000
unkown
page execute and write copy
8D4000
heap
page read and write
2D6E000
stack
page read and write
4F80000
direct allocation
page read and write
307F000
stack
page read and write
5270000
direct allocation
page read and write
744000
heap
page read and write
744000
heap
page read and write
10FD000
stack
page read and write
3ABF000
stack
page read and write
8E8000
heap
page read and write
3D9F000
stack
page read and write
4AD1000
heap
page read and write
744000
heap
page read and write
5B4000
heap
page read and write
4491000
heap
page read and write
1033000
unkown
page execute and write copy
5B4000
heap
page read and write
8D4000
heap
page read and write
1330000
heap
page read and write
4491000
heap
page read and write
5281000
heap
page read and write
DCE000
stack
page read and write
301F000
stack
page read and write
2BAF000
stack
page read and write
36BF000
stack
page read and write
DB0000
heap
page read and write
3D3E000
stack
page read and write
4631000
heap
page read and write
F2B000
unkown
page execute and write copy
744000
heap
page read and write
1CE3D000
stack
page read and write
744000
heap
page read and write
4B21000
heap
page read and write
4830000
direct allocation
page read and write
DB4000
heap
page read and write
336E000
stack
page read and write
12C4000
heap
page read and write
415F000
stack
page read and write
4AD1000
heap
page read and write
34AE000
stack
page read and write
744000
heap
page read and write
1D5BC000
heap
page read and write
5B4000
heap
page read and write
1D17E000
stack
page read and write
49BE000
stack
page read and write
4631000
heap
page read and write
335F000
stack
page read and write
4491000
heap
page read and write
28D0000
direct allocation
page read and write
5FE000
heap
page read and write
FB8000
unkown
page execute and write copy
3E3F000
stack
page read and write
8D4000
heap
page read and write
15AE000
stack
page read and write
DB4000
heap
page read and write
DC6000
unkown
page execute and write copy
744000
heap
page read and write
986000
unkown
page execute and read and write
C31000
unkown
page execute and write copy
39DF000
stack
page read and write
1190000
direct allocation
page read and write
4AD1000
heap
page read and write
4B01000
heap
page read and write
1056000
unkown
page execute and write copy
2AEF000
stack
page read and write
50E0000
direct allocation
page read and write
4AD1000
heap
page read and write
4841000
heap
page read and write
DB4000
heap
page read and write
12C4000
heap
page read and write
4B01000
heap
page read and write
4830000
direct allocation
page read and write
4C00000
direct allocation
page execute and read and write
433F000
stack
page read and write
4491000
heap
page read and write
8D4000
heap
page read and write
F3A000
unkown
page execute and write copy
1029000
unkown
page execute and read and write
1D572000
heap
page read and write
4AD1000
heap
page read and write
744000
heap
page read and write
1CDE0000
heap
page read and write
4AC0000
direct allocation
page read and write
4B01000
heap
page read and write
42AE000
stack
page read and write
FB0000
unkown
page execute and read and write
4AC0000
direct allocation
page read and write
F8F000
unkown
page execute and write copy
383F000
stack
page read and write
C77000
unkown
page execute and read and write
There are 2643 hidden memdumps, click here to show them.