IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1005772001\3cb3eea49a.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1005773001\c41846ccfb.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsGHIJJEGDBF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AAEHIDAKECFIEBGDHJEB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\AECAECFCAAEBFHIEHDGH
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\AECAKECAEGDHIECBGHIIIIEGHD
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\DHDAFBFC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\GDHIEHJEBAAFIDHJEBGIEBFIJK
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\GIEGHJEGHJKFIEBFHJKK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\JKECFCFB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0444cdac-22e7-4ae6-bae4-b59022fdfce5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\23f4be6a-d80a-4001-bc55-a135ea88af67.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\30f9de70-6eb1-441f-9017-5edf07fdb123.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5cedbfd8-6a49-46f0-833e-b4f5ade43cab.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\1c353406-5bfe-4242-ab5a-53ff048cf7ce.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67337D4B-1F40.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4c91ac9c-b7d8-41cb-b199-825276e8fe15.tmp
ASCII text, with very long lines (16770), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\579d2881-eb91-4b90-a207-d69efabf8ad3.tmp
ASCII text, with very long lines (17363), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7147e3df-c0dc-4629-a293-c06e56bf352d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8ced86e8-ca22-4f76-b374-3d5560351142.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
"compact bitmap" format (Poskanzer)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1340dcc6-a033-4d5e-9fcf-c9929acadfb6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\47a09b8c-db30-469c-956e-db9b7ae26539.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4ffff4ed-d8a0-4743-81a2-7be6b117738b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5f6fc0dd-6049-4006-8cf1-780c35b4dd41.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4d1a4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c66e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3d3fb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF544d0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a274c827-5989-43fa-a7e0-b5e1eeb35f6d.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d7647b9f-982c-400e-8d97-30ff072bfbd8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dcb5d212-8fce-4b7f-bc05-2cd35fe3a0a9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF409d0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43f09.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF469d2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4c62b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4243d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF43bad.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375901262793525
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4458fd42-50b7-4f39-bf71-6d5af28b4da8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5745b3d9-cab0-47ac-bdb9-445d2df0535f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6bde0530-b747-48e7-b128-7744920398b8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3d3fb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF544d0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d4adfaa0-52e0-4b7c-b071-4068ea037fe3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e5a22ae7-245f-4df6-9cff-2af92089bf50.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a7b0840b-b9f0-406d-9953-aa877c1ca500.tmp
ASCII text, with very long lines (17528), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ad7f6e1c-50a8-49e6-a749-ae16c6786772.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b4bba07d-ee81-4927-9a2a-2561dd8346b9.tmp
ASCII text, with very long lines (17527), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b51dbfd9-926f-4465-a0d1-f77d8d17a5ee.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e4e79375-15b0-4543-babc-702a734d1880.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f892d6a9-b193-445e-a814-18dd632873d0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b382.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b392.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b518.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3dbea.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4128a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4c5ec.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF52189.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bd503359-c616-4b7c-95f0-617b09b8f4a7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c359c9c3-4ee8-4db5-8dce-06700fb000be.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ca0f961b-6d9e-4fb3-bd0c-355403d0a773.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e7527a3b-08a5-487a-8037-985cbddc749b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\21360134-6a2d-42e3-8b89-1c4a54237bca.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\3a650383-8f62-4d7a-9c8a-99a25aed3e78.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\5d5d22cd-379d-46f3-9e64-da3ddd678841.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\75fe5522-600c-428f-9ee3-db991e5d3a10.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\9214e0d8-dd72-40d7-acea-14ed117d4bfa.tmp
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\b3fc4cef-ac56-4048-a88c-b2bd9fde2ad6.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\b669af20-e995-40b5-95be-2b6f7d23dbf7.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_354072984\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_354072984\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_354072984\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_354072984\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_354072984\b3fc4cef-ac56-4048-a88c-b2bd9fde2ad6.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\75fe5522-600c-428f-9ee3-db991e5d3a10.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3700)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8000_998475271\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3705)
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 471
ASCII text, with very long lines (4181)
downloaded
Chrome Cache Entry: 472
ASCII text
downloaded
Chrome Cache Entry: 473
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 474
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 475
ASCII text, with very long lines (1302)
downloaded
Chrome Cache Entry: 476
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 477
SVG Scalable Vector Graphics image
downloaded
There are 288 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2524,i,9816825700669326211,7744358468109525657,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2228,i,9693784177863830162,11049134398304697985,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,12618445916723841129,14991964039752056864,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6644 --field-trial-handle=2000,i,12618445916723841129,14991964039752056864,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6812 --field-trial-handle=2000,i,12618445916723841129,14991964039752056864,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7440 --field-trial-handle=2000,i,12618445916723841129,14991964039752056864,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7440 --field-trial-handle=2000,i,12618445916723841129,14991964039752056864,262144 /prefetch:8
malicious
C:\Users\user\DocumentsGHIJJEGDBF.exe
"C:\Users\user\DocumentsGHIJJEGDBF.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6936 --field-trial-handle=2000,i,12618445916723841129,14991964039752056864,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1005772001\3cb3eea49a.exe
"C:\Users\user\AppData\Local\Temp\1005772001\3cb3eea49a.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,12618445916723841129,14991964039752056864,262144 /prefetch:3
malicious
C:\Users\user\AppData\Local\Temp\1005773001\c41846ccfb.exe
"C:\Users\user\AppData\Local\Temp\1005773001\c41846ccfb.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGHIJJEGDBF.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 11 hidden processes, click here to show them.

URLs

Name
IP
Malicious
thicktoys.sbs
malicious
faintbl0w.sbs
malicious
3xc1aimbl0w.sbs
malicious
300snails.sbs
malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
https://fleez-inc.sbs/apiata%
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://ntp.msn.com/0
unknown
http://185.215.113.206/c4becf79229cb002.php3x
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
http://185.215.113.206/c4becf79229cb002.phpltHOMEDRIVE=C:HO
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://fleez-inc.sbs/apiR9pg
unknown
https://aefd.nelreports.net/api/report?cat=bingcsp
unknown
https://fleez-inc.sbs/-
unknown
https://sb.scorecardresearch.com/
unknown
https://deff.nelreports.net/api/report
unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://fleez-inc.sbs/
unknown
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.185.132
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
185.215.113.206/c4becf79229cb002.php
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
http://185.215.113.16/steam/random.exe6139
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
http://185.215.113.16/luma/random.exe6
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0
unknown
http://ocsp.rootca1.amazontrust.com0:
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://sb.scorecardresearch.com/b2?rn=1731427672060&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3396E73AB3A068C604AEF20FB2F769BB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
108.156.211.59
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
https://plus.google.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731427675454&w=0&anoncknm=app_anon&NoResponseBody=true
13.70.79.200
https://play.google.com/log?format=json&hasfast=true
142.250.185.110
http://185.215.113.206/c4becf79229cb002.php9
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
142.250.186.78
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731427675164&w=0&anoncknm=app_anon&NoResponseBody=true
13.70.79.200
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
http://185.215.113.206/c4becf79229cb002.phpM
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx
142.250.184.225
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://fleez-inc.sbs:443/api
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
https://clients6.google.com
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://185.215.113.43/Zu7JuNko/index.php;(
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731427672058&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
13.70.79.200
https://c.msn.com/c.gif?rnd=1731427672060&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=456cae4d87b64b2da7cf8c972fa982c5&activityId=456cae4d87b64b2da7cf8c972fa982c5&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=979A5BD9CF9646E4BEFD6D50889CD033&MUID=3396E73AB3A068C604AEF20FB2F769BB
20.125.209.212
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
fleez-inc.sbs
104.21.0.123
 malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.186.78
play.google.com
142.250.185.110
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.245.60.72
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.185.132
googlehosted.l.googleusercontent.com
142.250.184.225
sni1gl.wpc.nucdn.net
152.199.21.175
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
104.21.0.123
fleez-inc.sbs
United States
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
18.245.60.72
sb.scorecardresearch.com
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
20.125.209.212
unknown
United States
142.250.184.225
googlehosted.l.googleusercontent.com
United States
23.198.7.168
unknown
United States
23.218.232.182
unknown
United States
23.47.50.173
unknown
United States
108.156.211.59
unknown
United States
142.250.186.78
plus.l.google.com
United States
142.250.185.110
play.google.com
United States
185.215.113.16
unknown
Portugal
13.70.79.200
unknown
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
172.64.41.3
chrome.cloudflare-dns.com
United States
13.107.246.57
unknown
United States
131.253.33.219
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
142.250.185.132
www.google.com
United States
23.221.22.213
unknown
United States
23.101.168.44
unknown
United States
There are 15 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3cb3eea49a.exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197586
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197586
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197586
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197586
WindowTabManagerFileMappingId
There are 136 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
8D1000
unkown
page execute and read and write
 malicious
CC1000
unkown
page execute and read and write
 malicious
671000
unkown
page execute and read and write
 malicious
4C20000
direct allocation
page read and write
 malicious
CC1000
unkown
page execute and read and write
 malicious
CC1000
unkown
page execute and read and write
 malicious
EE8000
heap
page read and write
 malicious
281000
unkown
page execute and read and write
 malicious
A30000
heap
page read and write
1D29C000
heap
page read and write
8C0000
direct allocation
page read and write
47A1000
heap
page read and write
481F000
stack
page read and write
5500000
direct allocation
page execute and read and write
61E01000
direct allocation
page execute read
ADE000
unkown
page execute and write copy
A40000
direct allocation
page read and write
2AA0000
direct allocation
page read and write
FCF000
unkown
page execute and write copy
4671000
heap
page read and write
5650000
trusted library allocation
page read and write
54AE000
stack
page read and write
32EE000
stack
page read and write
670000
unkown
page readonly
ED4000
heap
page read and write
6D2000
unkown
page execute and read and write
316E000
stack
page read and write
105B000
stack
page read and write
381E000
stack
page read and write
4671000
heap
page read and write
56E6000
trusted library allocation
page read and write
804000
heap
page read and write
1CBDE000
stack
page read and write
A64000
heap
page read and write
4671000
heap
page read and write
2AD7000
heap
page read and write
4671000
heap
page read and write
9CE000
stack
page read and write
120F000
stack
page read and write
FCF000
unkown
page execute and write copy
ED4000
heap
page read and write
BAD000
unkown
page execute and write copy
4CB0000
direct allocation
page execute and read and write
331F000
stack
page read and write
D2B000
unkown
page execute and write copy
A82000
unkown
page execute and read and write
2C80000
heap
page read and write
6DC000
unkown
page execute and read and write
F1B000
heap
page read and write
5F40000
heap
page read and write
F15000
heap
page read and write
EB6000
unkown
page execute and read and write
1D277000
heap
page read and write
232E0000
trusted library allocation
page read and write
64C0000
trusted library allocation
page read and write
10E2000
heap
page read and write
4671000
heap
page read and write
1D281000
heap
page read and write
757000
unkown
page execute and read and write
990000
direct allocation
page read and write
59B0000
heap
page read and write
47A1000
heap
page read and write
56AD000
trusted library allocation
page read and write
4BE0000
trusted library allocation
page read and write
1108000
heap
page read and write
ED4000
heap
page read and write
F2A000
unkown
page execute and read and write
E91000
heap
page read and write
FBE000
unkown
page execute and write copy
2B9F000
stack
page read and write
4E60000
direct allocation
page read and write
435F000
stack
page read and write
990000
direct allocation
page read and write
4CB0000
direct allocation
page execute and read and write
5665000
trusted library allocation
page read and write
A64000
heap
page read and write
1D27D000
heap
page read and write
ED4000
heap
page read and write
10BE000
stack
page read and write
1D281000
heap
page read and write
EC5000
unkown
page execute and write copy
384F000
stack
page read and write
115D000
heap
page read and write
5F46000
heap
page read and write
13D0000
heap
page read and write
990000
direct allocation
page read and write
A0E000
stack
page read and write
398F000
stack
page read and write
1D29C000
heap
page read and write
1D29C000
heap
page read and write
F03000
unkown
page execute and write copy
47A1000
heap
page read and write
5660000
trusted library allocation
page read and write
1077000
heap
page read and write
5662000
trusted library allocation
page read and write
ED0000
heap
page read and write
EA1000
unkown
page execute and write copy
A64000
heap
page read and write
990000
direct allocation
page read and write
5650000
trusted library allocation
page read and write
4A70000
direct allocation
page execute and read and write
D22000
unkown
page execute and read and write
5668000
trusted library allocation
page read and write
355F000
stack
page read and write
4E5F000
stack
page read and write
5460000
direct allocation
page execute and read and write
F42000
unkown
page execute and read and write
1D276000
heap
page read and write
F08000
unkown
page execute and read and write
136D000
stack
page read and write
AAF000
unkown
page execute and write copy
38DE000
stack
page read and write
ED4000
heap
page read and write
109E000
heap
page read and write
804000
heap
page read and write
5F0000
heap
page read and write
342E000
stack
page read and write
23349000
heap
page read and write
4671000
heap
page read and write
47A1000
heap
page read and write
1D29C000
heap
page read and write
926000
unkown
page execute and read and write
6CD65000
unkown
page readonly
A64000
heap
page read and write
ED4000
heap
page read and write
4AC0000
direct allocation
page execute and read and write
8B8000
unkown
page execute and read and write
491000
unkown
page execute and write copy
F5E000
unkown
page execute and write copy
36DE000
stack
page read and write
8A1000
unkown
page execute and read and write
866000
unkown
page execute and read and write
F1E000
heap
page read and write
C6E000
stack
page read and write
804000
heap
page read and write
47A1000
heap
page read and write
56B2000
trusted library allocation
page read and write
2D8F000
stack
page read and write
4AA0000
direct allocation
page execute and read and write
FCE000
unkown
page execute and write copy
EB6000
unkown
page execute and read and write
97E000
unkown
page execute and write copy
A64000
heap
page read and write
6FD000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
56A9000
trusted library allocation
page read and write
431F000
stack
page read and write
2AAF000
stack
page read and write
5662000
trusted library allocation
page read and write
FA8000
unkown
page execute and write copy
ED4000
heap
page read and write
302E000
stack
page read and write
DD0000
heap
page read and write
2F8F000
stack
page read and write
8BFC000
stack
page read and write
424F000
stack
page read and write
E24000
heap
page read and write
3FC000
stack
page read and write
B41000
unkown
page execute and write copy
A64000
heap
page read and write
30CF000
stack
page read and write
FBE000
unkown
page execute and write copy
381E000
stack
page read and write
4671000
heap
page read and write
4D70000
direct allocation
page execute and read and write
544F000
stack
page read and write
10F0000
heap
page read and write
3C9E000
stack
page read and write
ED5000
heap
page read and write
54C0000
direct allocation
page execute and read and write
4C40000
direct allocation
page execute and read and write
5644000
trusted library allocation
page read and write
112F000
heap
page read and write
B45000
unkown
page execute and write copy
ED4000
heap
page read and write
46C0000
heap
page read and write
76E000
unkown
page execute and write copy
D36000
unkown
page execute and read and write
47A1000
heap
page read and write
E24000
heap
page read and write
E24000
heap
page read and write
1158000
heap
page read and write
ECE000
stack
page read and write
17EF000
stack
page read and write
56A6000
trusted library allocation
page read and write
4671000
heap
page read and write
ED4000
heap
page read and write
BE4000
heap
page read and write
568F000
trusted library allocation
page read and write
F39000
unkown
page execute and read and write
96C000
unkown
page execute and read and write
144E000
stack
page read and write
ED4000
heap
page read and write
490000
unkown
page readonly
5645000
trusted library allocation
page read and write
314E000
stack
page read and write
890000
heap
page read and write
359E000
stack
page read and write
90B000
unkown
page execute and write copy
5648000
trusted library allocation
page read and write
4E60000
direct allocation
page read and write
2A9E000
stack
page read and write
4D10000
direct allocation
page execute and read and write
374E000
stack
page read and write
A40000
direct allocation
page read and write
10C0000
heap
page read and write
1D281000
heap
page read and write
1158000
heap
page read and write
B42000
unkown
page execute and read and write
1CCDF000
stack
page read and write
2CAE000
stack
page read and write
CF2000
stack
page read and write
5675000
trusted library allocation
page read and write
2374A000
heap
page read and write
51C000
stack
page read and write
E8E000
unkown
page execute and write copy
7450000
heap
page read and write
2AC0000
direct allocation
page read and write
4E50000
heap
page read and write
2AA0000
direct allocation
page read and write
546D000
stack
page read and write
E8C000
unkown
page execute and read and write
47A1000
heap
page read and write
4CC0000
direct allocation
page execute and read and write
A40000
direct allocation
page read and write
4D54000
trusted library allocation
page read and write
ED4000
heap
page read and write
56AB000
trusted library allocation
page read and write
8B9000
unkown
page execute and write copy
1D29C000
heap
page read and write
3BDF000
stack
page read and write
4701000
heap
page read and write
630E000
stack
page read and write
4C60000
direct allocation
page execute and read and write
3B6E000
stack
page read and write
1D267000
heap
page read and write
3F9E000
stack
page read and write
97E000
unkown
page execute and read and write
47A1000
heap
page read and write
58BC000
trusted library allocation
page read and write
ED4000
heap
page read and write
1D297000
heap
page read and write
8C0000
direct allocation
page read and write
ED4000
heap
page read and write
56B5000
trusted library allocation
page read and write
A64000
heap
page read and write
1D263000
heap
page read and write
507F000
stack
page read and write
5677000
trusted library allocation
page read and write
76D000
unkown
page execute and read and write
912000
unkown
page execute and read and write
23357000
heap
page read and write
BA9000
unkown
page execute and write copy
ED4000
heap
page read and write
4B90000
direct allocation
page read and write
4B8000
unkown
page execute and read and write
EA9000
unkown
page execute and write copy
534E000
stack
page read and write
ED4000
heap
page read and write
4671000
heap
page read and write
967000
unkown
page execute and read and write
ED4000
heap
page read and write
EB4000
heap
page read and write
23321000
heap
page read and write
4B10000
direct allocation
page execute and read and write
10DF000
heap
page read and write
351E000
stack
page read and write
56C5000
trusted library allocation
page read and write
233CC000
heap
page read and write
47A1000
heap
page read and write
A40000
direct allocation
page read and write
4671000
heap
page read and write
F10000
unkown
page execute and read and write
51CF000
stack
page read and write
4671000
heap
page read and write
4D80000
direct allocation
page execute and read and write
3B9F000
stack
page read and write
23300000
heap
page read and write
ED4000
heap
page read and write
98E000
stack
page read and write
39CE000
stack
page read and write
FAA000
unkown
page execute and write copy
3CDF000
stack
page read and write
ED4000
heap
page read and write
5689000
trusted library allocation
page read and write
5673000
trusted library allocation
page read and write
F5F000
unkown
page execute and read and write
325F000
stack
page read and write
5684000
trusted library allocation
page read and write
566B000
trusted library allocation
page read and write
4671000
heap
page read and write
2373D000
heap
page read and write
ED4000
heap
page read and write
9BB000
heap
page read and write
41AE000
stack
page read and write
5657000
trusted library allocation
page read and write
369F000
stack
page read and write
569A000
trusted library allocation
page read and write
4671000
heap
page read and write
400E000
stack
page read and write
4671000
heap
page read and write
E68000
heap
page read and write
46B1000
heap
page read and write
1D276000
heap
page read and write
4671000
heap
page read and write
4F7E000
stack
page read and write
449E000
stack
page read and write
460000
heap
page read and write
4C50000
direct allocation
page execute and read and write
804000
heap
page read and write
4671000
heap
page read and write
640F000
stack
page read and write
1D281000
heap
page read and write
5706000
trusted library allocation
page read and write
B1A000
unkown
page execute and read and write
ED5000
heap
page read and write
95A000
unkown
page execute and write copy
CC0000
unkown
page read and write
4671000
heap
page read and write
2EEF000
stack
page read and write
CC0000
unkown
page readonly
45DE000
stack
page read and write
ED4000
heap
page read and write
EE6000
unkown
page execute and write copy
ED4000
heap
page read and write
4891000
heap
page read and write
3EDE000
stack
page read and write
D29000
unkown
page write copy
75F000
unkown
page execute and read and write
568D000
trusted library allocation
page read and write
A64000
heap
page read and write
ED4000
heap
page read and write
B2D000
unkown
page execute and read and write
F84000
heap
page read and write
D2B000
unkown
page execute and read and write
A64000
heap
page read and write
2A2F000
stack
page read and write
4AF0000
trusted library allocation
page read and write
2C6E000
stack
page read and write
F28000
unkown
page execute and write copy
A64000
heap
page read and write
6E5000
unkown
page execute and write copy
281E000
stack
page read and write
419E000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
4CC000
unkown
page execute and read and write
ED4000
heap
page read and write
97D000
unkown
page execute and write copy
6DDC000
heap
page read and write
1010000
heap
page read and write
47A1000
heap
page read and write
FB9000
unkown
page execute and write copy
EC5000
unkown
page execute and write copy
4671000
heap
page read and write
56A0000
trusted library allocation
page read and write
2AA0000
direct allocation
page read and write
4D1D000
stack
page read and write
ED4000
heap
page read and write
A64000
heap
page read and write
A64000
heap
page read and write
56A6000
trusted library allocation
page read and write
FAA000
unkown
page execute and write copy
670000
unkown
page read and write
1D281000
heap
page read and write
EB5000
unkown
page execute and write copy
1D29C000
heap
page read and write
11BB000
heap
page read and write
28FE000
stack
page read and write
BB8000
unkown
page execute and write copy
352E000
stack
page read and write
CC0000
unkown
page readonly
47A1000
heap
page read and write
301E000
stack
page read and write
5642000
trusted library allocation
page read and write
F17000
unkown
page execute and write copy
2341D000
stack
page read and write
2359E000
stack
page read and write
EA9000
unkown
page execute and read and write
567C000
trusted library allocation
page read and write
47A1000
heap
page read and write
5657000
trusted library allocation
page read and write
F35000
unkown
page execute and write copy
4E60000
direct allocation
page read and write
804000
heap
page read and write
ED4000
heap
page read and write
2AA0000
direct allocation
page read and write
852000
unkown
page execute and read and write
5661000
trusted library allocation
page read and write
ED4000
heap
page read and write
1495000
heap
page read and write
47A1000
heap
page read and write
2F5F000
stack
page read and write
ED4000
heap
page read and write
414E000
stack
page read and write
8CB000
unkown
page execute and read and write
BD0000
heap
page read and write
236A0000
trusted library allocation
page read and write
4671000
heap
page read and write
A40000
direct allocation
page read and write
1060000
direct allocation
page read and write
1060000
direct allocation
page read and write
31DE000
stack
page read and write
851000
unkown
page execute and write copy
4B30000
direct allocation
page read and write
11AB000
stack
page read and write
126C000
stack
page read and write
1CE1F000
stack
page read and write
D2B000
unkown
page execute and read and write
4CCF000
stack
page read and write
F10000
unkown
page execute and read and write
13E0000
heap
page read and write
5698000
trusted library allocation
page read and write
A64000
heap
page read and write
7360000
heap
page read and write
471E000
stack
page read and write
112F000
heap
page read and write
4671000
heap
page read and write
5653000
trusted library allocation
page read and write
990000
direct allocation
page read and write
A64000
heap
page read and write
4671000
heap
page read and write
2AA0000
direct allocation
page read and write
A64000
heap
page read and write
B0D000
unkown
page execute and write copy
E24000
heap
page read and write
1D29C000
heap
page read and write
1497000
heap
page read and write
5684000
trusted library allocation
page read and write
EFD000
heap
page read and write
ED4000
heap
page read and write
5641000
trusted library allocation
page read and write
ED4000
heap
page read and write
AF2000
unkown
page execute and read and write
4DB0000
direct allocation
page execute and read and write
ED4000
heap
page read and write
61E00000
direct allocation
page execute and read and write
4DA0000
direct allocation
page execute and read and write
4700000
heap
page read and write
3EEF000
stack
page read and write
8C0000
direct allocation
page read and write
BC0000
direct allocation
page read and write
466F000
stack
page read and write
99C000
stack
page read and write
4BDF000
stack
page read and write
4701000
heap
page read and write
F08000
heap
page read and write
F09000
unkown
page execute and write copy
568B000
trusted library allocation
page read and write
308F000
stack
page read and write
969000
unkown
page execute and write copy
1D279000
heap
page read and write
56A5000
trusted library allocation
page read and write
BC0000
unkown
page execute and write copy
859000
unkown
page execute and write copy
B19000
unkown
page execute and read and write
6D9000
unkown
page write copy
2DAF000
stack
page read and write
F03000
unkown
page execute and write copy
6D9000
unkown
page write copy
5674000
trusted library allocation
page read and write
568D000
trusted library allocation
page read and write
46B1000
heap
page read and write
2697000
heap
page read and write
4E54000
heap
page read and write
AC9000
unkown
page execute and read and write
ED4000
heap
page read and write
56B6000
trusted library allocation
page read and write
6DC0000
heap
page read and write
36DE000
stack
page read and write
5310000
direct allocation
page read and write
CC1000
unkown
page execute and write copy
2374B000
heap
page read and write
1D267000
heap
page read and write
1D277000
heap
page read and write
6CD5E000
unkown
page read and write
4E60000
direct allocation
page read and write
2334E000
heap
page read and write
311F000
stack
page read and write
FB9000
unkown
page execute and write copy
4671000
heap
page read and write
335000
unkown
page execute and read and write
BD1000
unkown
page execute and write copy
EA1000
unkown
page execute and write copy
2E9F000
stack
page read and write
5692000
trusted library allocation
page read and write
D2B000
unkown
page execute and read and write
23344000
heap
page read and write
3157000
heap
page read and write
ED4000
heap
page read and write
4E60000
direct allocation
page read and write
850000
heap
page read and write
56AB000
trusted library allocation
page read and write
D29000
unkown
page write copy
90E000
unkown
page execute and write copy
1151000
heap
page read and write
567B000
trusted library allocation
page read and write
1060000
direct allocation
page read and write
A64000
heap
page read and write
117A000
heap
page read and write
FB8000
unkown
page execute and read and write
1060000
direct allocation
page read and write
295E000
stack
page read and write
47A1000
heap
page read and write
47A1000
heap
page read and write
8C8B000
heap
page read and write
A40000
direct allocation
page read and write
62CF000
stack
page read and write
ED4000
heap
page read and write
293E000
stack
page read and write
5656000
trusted library allocation
page read and write
5690000
trusted library allocation
page read and write
46DF000
stack
page read and write
E6E000
stack
page read and write
2680000
direct allocation
page read and write
3BDE000
stack
page read and write
567F000
trusted library allocation
page read and write
4D10000
direct allocation
page execute and read and write
6E7000
unkown
page execute and write copy
4A90000
direct allocation
page execute and read and write
E24000
heap
page read and write
56CD000
trusted library allocation
page read and write
2980000
direct allocation
page execute and read and write
359F000
stack
page read and write
3F9E000
stack
page read and write
3BAE000
stack
page read and write
5644000
trusted library allocation
page read and write
366E000
stack
page read and write
ED4000
heap
page read and write
1490000
heap
page read and write
2ADB000
heap
page read and write
4671000
heap
page read and write
6DB000
unkown
page execute and write copy
469E000
stack
page read and write
CF7000
stack
page read and write
6CB6E000
unkown
page read and write
2B7000
unkown
page execute and read and write
5784000
trusted library allocation
page read and write
4C6F000
stack
page read and write
362F000
stack
page read and write
4671000
heap
page read and write
BD0000
unkown
page execute and write copy
534F000
stack
page read and write
E24000
heap
page read and write
5310000
direct allocation
page read and write
2C5E000
stack
page read and write
F46000
unkown
page execute and write copy
4B00000
direct allocation
page execute and read and write
4A90000
direct allocation
page execute and read and write
290E000
stack
page read and write
5480000
direct allocation
page execute and read and write
ED4000
heap
page read and write
44A1000
heap
page read and write
F8B000
unkown
page execute and read and write
E24000
heap
page read and write
4671000
heap
page read and write
3F2E000
stack
page read and write
1D280000
heap
page read and write
2B6E000
stack
page read and write
23342000
heap
page read and write
40DF000
stack
page read and write
4671000
heap
page read and write
3A5F000
stack
page read and write
4B30000
direct allocation
page execute and read and write
456E000
stack
page read and write
2DAF000
stack
page read and write
B23000
unkown
page execute and read and write
439E000
stack
page read and write
ED4000
heap
page read and write
1D281000
heap
page read and write
47A1000
heap
page read and write
3D5E000
stack
page read and write
47A1000
heap
page read and write
4671000
heap
page read and write
EE6000
unkown
page execute and write copy
4671000
heap
page read and write
502B000
trusted library allocation
page read and write
E24000
heap
page read and write
ED4000
heap
page read and write
5672000
trusted library allocation
page read and write
ED4000
heap
page read and write
524E000
stack
page read and write
EF1000
unkown
page execute and read and write
8F5000
unkown
page execute and read and write
4671000
heap
page read and write
2A28B000
stack
page read and write
5651000
trusted library allocation
page read and write
1D26B000
heap
page read and write
568A000
trusted library allocation
page read and write
316F000
stack
page read and write
ED4000
heap
page read and write
CC0000
unkown
page readonly
EC7000
unkown
page execute and read and write
ED4000
heap
page read and write
4671000
heap
page read and write
1090000
heap
page read and write
A64000
heap
page read and write
3E7000
unkown
page execute and read and write
4A9F000
stack
page read and write
8C0000
unkown
page execute and read and write
371E000
stack
page read and write
5670000
trusted library allocation
page read and write
90F000
unkown
page execute and read and write
ED4000
heap
page read and write
47A1000
heap
page read and write
1D277000
heap
page read and write
5675000
trusted library allocation
page read and write
8E9000
unkown
page execute and read and write
D22000
unkown
page execute and read and write
4690000
heap
page read and write
A40000
direct allocation
page read and write
F8F000
heap
page read and write
4671000
heap
page read and write
1060000
direct allocation
page read and write
ED4000
heap
page read and write
564A000
trusted library allocation
page read and write
1497000
heap
page read and write
B43000
unkown
page execute and write copy
6CC9000
heap
page read and write
37DF000
stack
page read and write
E24000
heap
page read and write
D29000
unkown
page write copy
4CF0000
direct allocation
page execute and read and write
F08000
unkown
page execute and read and write
388E000
stack
page read and write
A64000
heap
page read and write
54A0000
direct allocation
page execute and read and write
1D280000
heap
page read and write
51E0000
remote allocation
page read and write
F39000
unkown
page execute and read and write
4D30000
direct allocation
page execute and read and write
56D2000
trusted library allocation
page read and write
6DDB000
heap
page read and write
E24000
heap
page read and write
4D30000
direct allocation
page execute and read and write
8B3000
unkown
page execute and write copy
F43000
unkown
page execute and write copy
47A1000
heap
page read and write
ED4000
heap
page read and write
1150000
heap
page read and write
CFA000
stack
page read and write
1D29C000
heap
page read and write
D35000
unkown
page execute and write copy
389F000
stack
page read and write
F5F000
unkown
page execute and read and write
4D60000
heap
page read and write
E8E000
unkown
page execute and write copy
115D000
heap
page read and write
2A57000
heap
page read and write
F1B000
unkown
page execute and read and write
E8E000
unkown
page execute and write copy
4D10000
direct allocation
page execute and read and write
4671000
heap
page read and write
5753000
trusted library allocation
page read and write
3E9E000
stack
page read and write
EA5000
heap
page read and write
552E000
stack
page read and write
FCE000
unkown
page execute and write copy
BB9000
unkown
page execute and read and write
A64000
heap
page read and write
421E000
stack
page read and write
4D60000
direct allocation
page execute and read and write
3A2F000
stack
page read and write
3B0E000
stack
page read and write
8F6000
unkown
page execute and write copy
ED4000
heap
page read and write
A64000
heap
page read and write
1D263000
heap
page read and write
ED4000
heap
page read and write
ED4000
heap
page read and write
990000
direct allocation
page read and write
AD3000
unkown
page execute and read and write
1060000
direct allocation
page read and write
233E0000
trusted library allocation
page read and write
CDB000
stack
page read and write
3DAF000
stack
page read and write
366F000
stack
page read and write
5490000
direct allocation
page execute and read and write
1164000
heap
page read and write
3A2E000
stack
page read and write
E24000
heap
page read and write
4E60000
direct allocation
page read and write
47A1000
heap
page read and write
5677000
trusted library allocation
page read and write
490000
unkown
page readonly
8E5000
unkown
page execute and write copy
4671000
heap
page read and write
8C0000
direct allocation
page read and write
804000
heap
page read and write
4670000
heap
page read and write
600000
heap
page read and write
1D263000
heap
page read and write
ED4000
heap
page read and write
A40000
direct allocation
page read and write
F29000
heap
page read and write
F04000
heap
page read and write
AD2000
unkown
page execute and write copy
44B0000
heap
page read and write
4671000
heap
page read and write
117D000
heap
page read and write
ED4000
heap
page read and write
4671000
heap
page read and write
4701000
heap
page read and write
BE0000
heap
page read and write
329E000
stack
page read and write
4ADE000
stack
page read and write
47A1000
heap
page read and write
8DA000
unkown
page execute and read and write
502D000
trusted library allocation
page read and write
3A9E000
stack
page read and write
4F8E000
stack
page read and write
567E000
trusted library allocation
page read and write
1D26B000
heap
page read and write
EB0000
heap
page read and write
F5E000
unkown
page execute and write copy
2AD0000
heap
page read and write
ED4000
heap
page read and write
59AC000
stack
page read and write
345F000
stack
page read and write
FBC000
unkown
page execute and read and write
F10000
unkown
page execute and read and write
4CC0000
direct allocation
page execute and read and write
120E000
heap
page read and write
4D00000
direct allocation
page execute and read and write
ED4000
heap
page read and write
F25000
heap
page read and write
567A000
trusted library allocation
page read and write
ED4000
heap
page read and write
46B1000
heap
page read and write
2F5E000
stack
page read and write
5470000
direct allocation
page execute and read and write
35CF000
stack
page read and write
ED4000
heap
page read and write
E24000
heap
page read and write
66E000
stack
page read and write
36AE000
stack
page read and write
391F000
stack
page read and write
BC0000
direct allocation
page read and write
1060000
direct allocation
page read and write
4C90000
direct allocation
page execute and read and write
4E60000
direct allocation
page read and write
E9E000
unkown
page execute and read and write
2FEF000
stack
page read and write
FB7000
unkown
page execute and write copy
11F3000
heap
page read and write
F35000
unkown
page execute and write copy
ED5000
heap
page read and write
2EAF000
stack
page read and write
1D278000
heap
page read and write
8C0000
direct allocation
page read and write
ED4000
heap
page read and write
34CE000
stack
page read and write
4C5B000
stack
page read and write
4D00000
direct allocation
page execute and read and write
32AE000
stack
page read and write
435E000
stack
page read and write
1D279000
heap
page read and write
41EE000
stack
page read and write
280000
unkown
page readonly
1D281000
heap
page read and write
56A9000
trusted library allocation
page read and write
29A0000
heap
page read and write
F13000
heap
page read and write
804000
heap
page read and write
4711000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
E73000
heap
page read and write
1D273000
heap
page read and write
1D281000
heap
page read and write
2A38C000
stack
page read and write
2BAF000
stack
page read and write
1D0AD000
stack
page read and write
8DC000
unkown
page execute and write copy
1109000
heap
page read and write
EC7000
unkown
page execute and read and write
565B000
trusted library allocation
page read and write
FBC000
unkown
page execute and read and write
3150000
heap
page read and write
2B5F000
stack
page read and write
EA2000
unkown
page execute and read and write
4B90000
direct allocation
page read and write
34DF000
stack
page read and write
39EF000
stack
page read and write
2ADE000
heap
page read and write
4671000
heap
page read and write
441E000
stack
page read and write
4701000
heap
page read and write
8F3000
unkown
page execute and write copy
D2B000
unkown
page execute and write copy
F2C000
unkown
page execute and write copy
ED4000
heap
page read and write
29AC000
heap
page read and write
115D000
heap
page read and write
4E60000
direct allocation
page read and write
1CF6F000
stack
page read and write
ED4000
heap
page read and write
44A1000
heap
page read and write
3BDE000
stack
page read and write
96F000
unkown
page execute and read and write
AA0000
unkown
page execute and write copy
AB6000
unkown
page execute and read and write
F09000
unkown
page execute and write copy
ED4000
heap
page read and write
1D2FD000
heap
page read and write
CC0000
unkown
page read and write
ED4000
heap
page read and write
267F000
stack
page read and write
671000
unkown
page execute and write copy
1184000
heap
page read and write
410F000
stack
page read and write
47A1000
heap
page read and write
456F000
stack
page read and write
4E81000
heap
page read and write
882E000
stack
page read and write
48E0000
trusted library allocation
page read and write
47A1000
heap
page read and write
83E000
unkown
page execute and write copy
4D20000
direct allocation
page execute and read and write
3A1E000
stack
page read and write
425E000
stack
page read and write
EA2000
unkown
page execute and read and write
2D9E000
stack
page read and write
491000
unkown
page execute and write copy
401F000
stack
page read and write
ED4000
heap
page read and write
E24000
heap
page read and write
ED4000
heap
page read and write
47A1000
heap
page read and write
EE3000
heap
page read and write
4671000
heap
page read and write
ED4000
heap
page read and write
F28000
unkown
page execute and write copy
568C000
trusted library allocation
page read and write
875000
unkown
page execute and write copy
B5E000
stack
page read and write
2CAF000
stack
page read and write
E2E000
stack
page read and write
EB5000
unkown
page execute and write copy
1D27D000
heap
page read and write
EC1000
heap
page read and write
618F000
stack
page read and write
460F000
stack
page read and write
FBE000
unkown
page execute and write copy
A64000
heap
page read and write
E24000
heap
page read and write
2AA0000
direct allocation
page read and write
95B000
unkown
page execute and read and write
4671000
heap
page read and write
DEE000
stack
page read and write
1D0ED000
stack
page read and write
1D273000
heap
page read and write
1D281000
heap
page read and write
56A6000
trusted library allocation
page read and write
8D1000
unkown
page execute and write copy
5490000
direct allocation
page execute and read and write
1D29A000
heap
page read and write
3C1E000
stack
page read and write
4671000
heap
page read and write
61ED3000
direct allocation
page read and write
2AA0000
direct allocation
page read and write
30DE000
stack
page read and write
4DC0000
direct allocation
page execute and read and write
46E0000
heap
page read and write
FB7000
unkown
page execute and write copy
EFD000
heap
page read and write
FA8000
unkown
page execute and write copy
E24000
heap
page read and write
565A000
trusted library allocation
page read and write
A64000
heap
page read and write
4671000
heap
page read and write
E24000
heap
page read and write
ED4000
heap
page read and write
ED4000
heap
page read and write
E24000
heap
page read and write
896000
unkown
page execute and write copy
5662000
trusted library allocation
page read and write
1D281000
heap
page read and write
800000
heap
page read and write
33EF000
stack
page read and write
459F000
stack
page read and write
B44000
unkown
page execute and read and write
4C40000
direct allocation
page execute and read and write
4D5F000
stack
page read and write
ED4000
heap
page read and write
310E000
stack
page read and write
2A4B000
stack
page read and write
A64000
heap
page read and write
3FCF000
stack
page read and write
FBE000
unkown
page execute and write copy
2C87000
heap
page read and write
EB6000
unkown
page execute and read and write
2FDF000
stack
page read and write
309E000
stack
page read and write
4671000
heap
page read and write
4671000
heap
page read and write
402F000
stack
page read and write
ED4000
heap
page read and write
5674000
trusted library allocation
page read and write
8C0000
direct allocation
page read and write
3E8F000
stack
page read and write
4701000
heap
page read and write
ED4000
heap
page read and write
321E000
stack
page read and write
2335B000
heap
page read and write
ED4000
heap
page read and write
4C40000
direct allocation
page execute and read and write
23360000
heap
page read and write
47A1000
heap
page read and write
F35000
unkown
page execute and write copy
A64000
heap
page read and write
72A000
unkown
page execute and read and write
ED4000
heap
page read and write
5677000
trusted library allocation
page read and write
415F000
stack
page read and write
56D6000
trusted library allocation
page read and write
1D26B000
heap
page read and write
ED4000
heap
page read and write
2FCE000
stack
page read and write
4671000
heap
page read and write
281000
unkown
page execute and write copy
449F000
stack
page read and write
339F000
stack
page read and write
A64000
heap
page read and write
359E000
stack
page read and write
3F1E000
stack
page read and write
4F3F000
stack
page read and write
568D000
trusted library allocation
page read and write
1150000
heap
page read and write
ED4000
heap
page read and write
CC1000
unkown
page execute and write copy
11F8000
heap
page read and write
1D1EC000
stack
page read and write
576E000
stack
page read and write
CFB000
stack
page read and write
2BDE000
stack
page read and write
804000
heap
page read and write
1D297000
heap
page read and write
E24000
heap
page read and write
2980000
heap
page read and write
2A50000
heap
page read and write
FBC000
unkown
page execute and read and write
E8C000
unkown
page execute and read and write
4CD0000
direct allocation
page execute and read and write
566D000
stack
page read and write
3ACF000
stack
page read and write
61ECD000
direct allocation
page readonly
395E000
stack
page read and write
4701000
heap
page read and write
44A0000
heap
page read and write
54BF000
stack
page read and write
1150000
heap
page read and write
3CAF000
stack
page read and write
375F000
stack
page read and write
3D0000
heap
page read and write
1D27C000
heap
page read and write
CC0000
unkown
page read and write
F0B000
heap
page read and write
8C83000
heap
page read and write
F45000
unkown
page execute and read and write
26DE000
stack
page read and write
302F000
stack
page read and write
4F2F000
trusted library allocation
page read and write
5659000
trusted library allocation
page read and write
2AA0000
direct allocation
page read and write
369F000
stack
page read and write
E24000
heap
page read and write
3D1F000
stack
page read and write
4AD0000
direct allocation
page execute and read and write
479F000
stack
page read and write
41DF000
stack
page read and write
438F000
stack
page read and write
4C40000
direct allocation
page execute and read and write
EA9000
unkown
page execute and write copy
4E81000
heap
page read and write
1164000
heap
page read and write
576C000
trusted library allocation
page read and write
391F000
stack
page read and write
3B2F000
stack
page read and write
990000
direct allocation
page read and write
455E000
stack
page read and write
ED5000
heap
page read and write
465F000
stack
page read and write
ED4000
heap
page read and write
40DE000
stack
page read and write
47A1000
heap
page read and write
EC0000
heap
page read and write
3E1E000
stack
page read and write
EC7000
unkown
page execute and read and write
EFD000
heap
page read and write
1163000
heap
page read and write
958000
unkown
page execute and write copy
34EF000
stack
page read and write
565F000
trusted library allocation
page read and write
FB7000
unkown
page execute and write copy
152E000
heap
page read and write
35DE000
stack
page read and write
361F000
stack
page read and write
4E60000
direct allocation
page read and write
115A000
heap
page read and write
450000
heap
page read and write
ED4000
heap
page read and write
F2A000
unkown
page execute and read and write
291F000
stack
page read and write
4671000
heap
page read and write
502F000
trusted library allocation
page read and write
ED4000
heap
page read and write
4701000
heap
page read and write
4D1F000
stack
page read and write
123A000
heap
page read and write
BE4000
heap
page read and write
ED4000
heap
page read and write
4701000
heap
page read and write
39DF000
stack
page read and write
3D8E000
stack
page read and write
ED4000
heap
page read and write
ED4000
heap
page read and write
AAD000
unkown
page execute and read and write
4D20000
direct allocation
page execute and read and write
D37000
unkown
page execute and write copy
320F000
stack
page read and write
2B1C000
stack
page read and write
54F0000
direct allocation
page execute and read and write
2EDE000
stack
page read and write
7D0000
heap
page read and write
B4D000
unkown
page execute and read and write
E24000
heap
page read and write
37AE000
stack
page read and write
EE6000
unkown
page execute and write copy
27DF000
stack
page read and write
5668000
trusted library allocation
page read and write
23520000
trusted library allocation
page read and write
315E000
stack
page read and write
804000
heap
page read and write
43DF000
stack
page read and write
5662000
trusted library allocation
page read and write
1D267000
heap
page read and write
7350000
heap
page read and write
6DB000
unkown
page execute and read and write
968000
unkown
page execute and read and write
ED4000
heap
page read and write
474F000
stack
page read and write
54D0000
direct allocation
page execute and read and write
3C6F000
stack
page read and write
2C9F000
stack
page read and write
4672000
heap
page read and write
3B5E000
stack
page read and write
5490000
direct allocation
page execute and read and write
4D40000
direct allocation
page execute and read and write
ED4000
heap
page read and write
F8A000
heap
page read and write
E24000
heap
page read and write
ED4000
heap
page read and write
859000
unkown
page execute and read and write
4B30000
direct allocation
page read and write
450E000
stack
page read and write
38EF000
stack
page read and write
445F000
stack
page read and write
F45000
unkown
page execute and read and write
3D1E000
stack
page read and write
1D26B000
heap
page read and write
10D5000
heap
page read and write
6CB5D000
unkown
page readonly
ED4000
heap
page read and write
5662000
trusted library allocation
page read and write
122B000
heap
page read and write
8B0000
heap
page read and write
4C90000
direct allocation
page execute and read and write
652000
unkown
page execute and read and write
8DF000
unkown
page execute and read and write
348F000
stack
page read and write
D35000
unkown
page execute and write copy
1D29C000
heap
page read and write
F1B000
unkown
page execute and read and write
2680000
direct allocation
page read and write
47A1000
heap
page read and write
23745000
heap
page read and write
5648000
trusted library allocation
page read and write
ED4000
heap
page read and write
569E000
trusted library allocation
page read and write
6D2000
unkown
page execute and write copy
23742000
heap
page read and write
5640000
trusted library allocation
page read and write
ED4000
heap
page read and write
3E5E000
stack
page read and write
495F000
stack
page read and write
5656000
trusted library allocation
page read and write
3F6E000
stack
page read and write
F39000
unkown
page execute and read and write
4D10000
direct allocation
page execute and read and write
E9E000
unkown
page execute and read and write
FCF000
unkown
page execute and write copy
44CF000
stack
page read and write
F8B000
unkown
page execute and read and write
A64000
heap
page read and write
3FDE000
stack
page read and write
3F2F000
stack
page read and write
8C74000
heap
page read and write
32DF000
stack
page read and write
3CDF000
stack
page read and write
872D000
stack
page read and write
2E1F000
stack
page read and write
D35000
unkown
page execute and write copy
1D267000
heap
page read and write
F40000
unkown
page execute and write copy
804000
heap
page read and write
34C000
unkown
page execute and read and write
2D5F000
stack
page read and write
445F000
stack
page read and write
5669000
trusted library allocation
page read and write
F17000
unkown
page execute and write copy
ECE000
heap
page read and write
1D281000
heap
page read and write
4671000
heap
page read and write
4A90000
direct allocation
page execute and read and write
1D29C000
heap
page read and write
47A1000
heap
page read and write
EAD000
stack
page read and write
ED4000
heap
page read and write
F9E000
heap
page read and write
4671000
heap
page read and write
4D90000
direct allocation
page execute and read and write
47A1000
heap
page read and write
345E000
stack
page read and write
2B9E000
stack
page read and write
6CD1F000
unkown
page readonly
2C2E000
stack
page read and write
E71000
heap
page read and write
ED4000
heap
page read and write
61EB7000
direct allocation
page readonly
1060000
direct allocation
page read and write
4671000
heap
page read and write
355F000
stack
page read and write
29A7000
heap
page read and write
1D274000
heap
page read and write
F29000
heap
page read and write
3CED000
stack
page read and write
97E000
unkown
page execute and write copy
ED5000
heap
page read and write
E24000
heap
page read and write
ED4000
heap
page read and write
4B7D000
stack
page read and write
804000
heap
page read and write
A40000
direct allocation
page read and write
AC7000
unkown
page execute and write copy
A64000
heap
page read and write
4C2F000
stack
page read and write
BE4000
heap
page read and write
4D10000
direct allocation
page execute and read and write
990000
direct allocation
page read and write
ED4000
heap
page read and write
8C0000
direct allocation
page read and write
4C56000
direct allocation
page read and write
4E4E000
stack
page read and write
4701000
heap
page read and write
6CB72000
unkown
page readonly
F40000
unkown
page execute and write copy
5490000
direct allocation
page execute and read and write
ED4000
heap
page read and write
A64000
heap
page read and write
1184000
heap
page read and write
E24000
heap
page read and write
409F000
stack
page read and write
BB8000
unkown
page execute and write copy
31DF000
stack
page read and write
395F000
stack
page read and write
A40000
direct allocation
page read and write
4CB0000
direct allocation
page execute and read and write
E8C000
unkown
page execute and read and write
ED4000
heap
page read and write
574D000
trusted library allocation
page read and write
47A1000
heap
page read and write
F03000
unkown
page execute and write copy
47A1000
heap
page read and write
1D27B000
heap
page read and write
5520000
direct allocation
page execute and read and write
862000
unkown
page execute and read and write
4D10000
direct allocation
page execute and read and write
11F6000
heap
page read and write
E24000
heap
page read and write
432E000
stack
page read and write
D22000
unkown
page execute and write copy
568B000
trusted library allocation
page read and write
E24000
heap
page read and write
56A1000
trusted library allocation
page read and write
442F000
stack
page read and write
503A000
trusted library allocation
page read and write
4A90000
direct allocation
page execute and read and write
45AE000
stack
page read and write
4E80000
heap
page read and write
1D281000
heap
page read and write
1D277000
heap
page read and write
151E000
stack
page read and write
582C000
trusted library allocation
page read and write
1060000
direct allocation
page read and write
568D000
trusted library allocation
page read and write
2CDF000
stack
page read and write
926000
unkown
page execute and write copy
1D299000
heap
page read and write
4AB0000
trusted library allocation
page read and write
D36000
unkown
page execute and read and write
381F000
stack
page read and write
47B0000
heap
page read and write
A9E000
unkown
page execute and read and write
A64000
heap
page read and write
ED4000
heap
page read and write
A64000
heap
page read and write
564A000
trusted library allocation
page read and write
115D000
heap
page read and write
47A1000
heap
page read and write
2DDF000
stack
page read and write
4671000
heap
page read and write
1115000
heap
page read and write
F2F000
unkown
page execute and read and write
416F000
stack
page read and write
580000
heap
page read and write
ED4000
heap
page read and write
4671000
heap
page read and write
90A000
unkown
page execute and read and write
6CB81000
unkown
page execute read
395E000
stack
page read and write
F2C000
unkown
page execute and write copy
54E0000
direct allocation
page execute and read and write
565C000
trusted library allocation
page read and write
932000
unkown
page execute and write copy
451F000
stack
page read and write
D22000
unkown
page execute and read and write
449E000
stack
page read and write
E9E000
unkown
page execute and read and write
F46000
unkown
page execute and write copy
31AE000
stack
page read and write
5669000
trusted library allocation
page read and write
ED4000
heap
page read and write
405E000
stack
page read and write
2AA0000
direct allocation
page read and write
5644000
trusted library allocation
page read and write
1D281000
heap
page read and write
ADF000
unkown
page execute and read and write
61ED0000
direct allocation
page read and write
8C0000
direct allocation
page read and write
52C0000
trusted library allocation
page read and write
FB8000
unkown
page execute and read and write
3C0F000
stack
page read and write
4E70000
heap
page read and write
2E1E000
stack
page read and write
1D271000
heap
page read and write
8C0000
direct allocation
page read and write
45DE000
stack
page read and write
A64000
heap
page read and write
442E000
stack
page read and write
47A1000
heap
page read and write
3D9F000
stack
page read and write
BC0000
unkown
page execute and write copy
8C0000
direct allocation
page read and write
EA9000
unkown
page execute and read and write
EFD000
stack
page read and write
4D10000
direct allocation
page execute and read and write
6430000
heap
page read and write
990000
direct allocation
page read and write
4701000
heap
page read and write
2369F000
stack
page read and write
56D6000
trusted library allocation
page read and write
3F5F000
stack
page read and write
1D252000
heap
page read and write
47A1000
heap
page read and write
9F0000
heap
page read and write
ED4000
heap
page read and write
421F000
stack
page read and write
406E000
stack
page read and write
4B6E000
stack
page read and write
38AF000
stack
page read and write
AE7000
unkown
page execute and write copy
4671000
heap
page read and write
532F000
stack
page read and write
ED4000
heap
page read and write
3E5E000
stack
page read and write
6CC0000
heap
page read and write
2F1F000
stack
page read and write
84E000
unkown
page execute and read and write
5824000
trusted library allocation
page read and write
2A0F000
stack
page read and write
A64000
heap
page read and write
38EE000
stack
page read and write
A64000
heap
page read and write
E24000
heap
page read and write
3E5F000
stack
page read and write
56AB000
trusted library allocation
page read and write
5530000
heap
page read and write
A64000
heap
page read and write
331E000
stack
page read and write
4671000
heap
page read and write
A64000
heap
page read and write
47A1000
heap
page read and write
EA1000
unkown
page execute and write copy
ED4000
heap
page read and write
50BE000
stack
page read and write
BC0000
direct allocation
page read and write
51E0000
remote allocation
page read and write
7351000
heap
page read and write
2351E000
stack
page read and write
4890000
heap
page read and write
56B0000
trusted library allocation
page read and write
5693000
trusted library allocation
page read and write
1D277000
heap
page read and write
5490000
direct allocation
page execute and read and write
1D297000
heap
page read and write
568B000
trusted library allocation
page read and write
3C4E000
stack
page read and write
ED4000
heap
page read and write
2B2F000
stack
page read and write
735E000
heap
page read and write
61ED4000
direct allocation
page readonly
ED4000
heap
page read and write
4E81000
heap
page read and write
569B000
trusted library allocation
page read and write
4C70000
direct allocation
page execute and read and write
564A000
trusted library allocation
page read and write
F46000
unkown
page execute and write copy
4671000
heap
page read and write
8D8000
unkown
page execute and write copy
43EF000
stack
page read and write
F28000
unkown
page execute and write copy
CB0000
direct allocation
page read and write
5672000
trusted library allocation
page read and write
1D290000
heap
page read and write
F2F000
unkown
page execute and read and write
2CDE000
stack
page read and write
D37000
unkown
page execute and write copy
8C0000
direct allocation
page read and write
2690000
heap
page read and write
5680000
trusted library allocation
page read and write
4AF0000
direct allocation
page execute and read and write
4E60000
direct allocation
page read and write
23730000
heap
page read and write
5641000
trusted library allocation
page read and write
4E3E000
stack
page read and write
326F000
stack
page read and write
56C5000
trusted library allocation
page read and write
F08000
unkown
page execute and read and write
280000
unkown
page read and write
130F000
stack
page read and write
356E000
stack
page read and write
ED4000
heap
page read and write
581C000
trusted library allocation
page read and write
ED4000
heap
page read and write
840000
heap
page read and write
E24000
heap
page read and write
8C0E000
heap
page read and write
E24000
heap
page read and write
B3A000
unkown
page execute and read and write
FB7000
unkown
page execute and write copy
464E000
stack
page read and write
338E000
stack
page read and write
385E000
stack
page read and write
1D281000
heap
page read and write
8C19000
heap
page read and write
58B000
stack
page read and write
B21000
unkown
page execute and write copy
3F9F000
stack
page read and write
4701000
heap
page read and write
4701000
heap
page read and write
536E000
stack
page read and write
1CB9F000
stack
page read and write
A64000
heap
page read and write
ED4000
heap
page read and write
2AA0000
direct allocation
page read and write
4701000
heap
page read and write
1060000
direct allocation
page read and write
8C0000
direct allocation
page read and write
5EB000
stack
page read and write
4671000
heap
page read and write
112F000
heap
page read and write
1D29C000
heap
page read and write
B12000
unkown
page execute and read and write
E24000
heap
page read and write
F2C000
unkown
page execute and write copy
47A6000
heap
page read and write
A60000
heap
page read and write
E24000
heap
page read and write
A64000
heap
page read and write
4E60000
direct allocation
page read and write
44A1000
heap
page read and write
FBE000
unkown
page execute and write copy
97D000
unkown
page execute and read and write
F1B000
unkown
page execute and read and write
ED4000
heap
page read and write
990000
direct allocation
page read and write
8F0000
unkown
page execute and write copy
46B1000
heap
page read and write
ED5000
heap
page read and write
4D5E000
stack
page read and write
2E5E000
stack
page read and write
EB2000
heap
page read and write
990000
direct allocation
page read and write
4701000
heap
page read and write
4A80000
direct allocation
page execute and read and write
319F000
stack
page read and write
ED4000
heap
page read and write
2BAF000
stack
page read and write
4A60000
direct allocation
page execute and read and write
CC1000
unkown
page execute and write copy
101A000
heap
page read and write
1D280000
heap
page read and write
EC5000
unkown
page execute and write copy
567A000
trusted library allocation
page read and write
FCE000
unkown
page execute and read and write
A64000
heap
page read and write
F5F000
unkown
page execute and read and write
47A1000
heap
page read and write
4A90000
direct allocation
page execute and read and write
61EB4000
direct allocation
page read and write
4DA7000
trusted library allocation
page read and write
4671000
heap
page read and write
ED4000
heap
page read and write
F8B000
unkown
page execute and read and write
4701000
heap
page read and write
1152000
heap
page read and write
47A1000
heap
page read and write
CAE000
stack
page read and write
325F000
stack
page read and write
4671000
heap
page read and write
4671000
heap
page read and write
1D25E000
heap
page read and write
36C000
stack
page read and write
3C5F000
stack
page read and write
2C6F000
stack
page read and write
B2B000
unkown
page execute and write copy
3DEF000
stack
page read and write
1150000
heap
page read and write
D22000
unkown
page execute and write copy
33EE000
stack
page read and write
568A000
trusted library allocation
page read and write
ED4000
heap
page read and write
4C1E000
stack
page read and write
4AEC000
stack
page read and write
ED4000
heap
page read and write
1D279000
heap
page read and write
2BEE000
stack
page read and write
E24000
heap
page read and write
4C80000
direct allocation
page execute and read and write
8C7000
unkown
page execute and write copy
ED4000
heap
page read and write
ED4000
heap
page read and write
6CAE0000
unkown
page readonly
A64000
heap
page read and write
ED4000
heap
page read and write
33AF000
stack
page read and write
5654000
trusted library allocation
page read and write
37DF000
stack
page read and write
568A000
trusted library allocation
page read and write
5650000
trusted library allocation
page read and write
ED4000
heap
page read and write
2A5F000
stack
page read and write
ED4000
heap
page read and write
4671000
heap
page read and write
3ECE000
stack
page read and write
5697000
trusted library allocation
page read and write
51E0000
remote allocation
page read and write
4D40000
direct allocation
page execute and read and write
F1E000
heap
page read and write
46DF000
stack
page read and write
EA9000
unkown
page execute and write copy
14DE000
stack
page read and write
A64000
heap
page read and write
1D28C000
heap
page read and write
568D000
trusted library allocation
page read and write
4671000
heap
page read and write
F40000
unkown
page execute and write copy
478E000
stack
page read and write
47A1000
heap
page read and write
ED4000
heap
page read and write
1060000
direct allocation
page read and write
8D0000
unkown
page read and write
101E000
stack
page read and write
5677000
trusted library allocation
page read and write
990000
direct allocation
page read and write
4AE0000
direct allocation
page execute and read and write
411E000
stack
page read and write
23341000
heap
page read and write
CA0000
heap
page read and write
E30000
heap
page read and write
896C000
stack
page read and write
112F000
stack
page read and write
BE4000
heap
page read and write
1D279000
heap
page read and write
56AB000
trusted library allocation
page read and write
310E000
stack
page read and write
4671000
heap
page read and write
4800000
trusted library allocation
page read and write
429F000
stack
page read and write
406F000
stack
page read and write
1060000
direct allocation
page read and write
E24000
heap
page read and write
EA9000
unkown
page execute and read and write
1060000
direct allocation
page read and write
E24000
heap
page read and write
E24000
heap
page read and write
3CAE000
stack
page read and write
47A1000
heap
page read and write
4671000
heap
page read and write
BBA000
unkown
page execute and write copy
4671000
heap
page read and write
FA8000
unkown
page execute and write copy
B1B000
unkown
page execute and write copy
56C4000
trusted library allocation
page read and write
ED4000
heap
page read and write
56A6000
trusted library allocation
page read and write
97F000
unkown
page execute and write copy
EB5000
unkown
page execute and write copy
AA1000
unkown
page execute and read and write
232E0000
trusted library allocation
page read and write
37EE000
stack
page read and write
F42000
unkown
page execute and read and write
F44000
heap
page read and write
4671000
heap
page read and write
5F45000
heap
page read and write
9A0000
heap
page read and write
1D273000
heap
page read and write
E93000
heap
page read and write
499E000
stack
page read and write
1D29C000
heap
page read and write
96E000
unkown
page execute and write copy
409F000
stack
page read and write
55AD000
stack
page read and write
56FE000
trusted library allocation
page read and write
10EF000
heap
page read and write
F2F000
unkown
page execute and read and write
A64000
heap
page read and write
5653000
trusted library allocation
page read and write
11BE000
stack
page read and write
3DDD000
stack
page read and write
4701000
heap
page read and write
5677000
trusted library allocation
page read and write
47A0000
heap
page read and write
4671000
heap
page read and write
D37000
unkown
page execute and write copy
FDE000
stack
page read and write
567D000
trusted library allocation
page read and write
ED4000
heap
page read and write
8AFC000
stack
page read and write
1D281000
heap
page read and write
1070000
heap
page read and write
399E000
stack
page read and write
1D27D000
heap
page read and write
40DE000
stack
page read and write
F9C000
heap
page read and write
341F000
stack
page read and write
A40000
direct allocation
page read and write
ED4000
heap
page read and write
4671000
heap
page read and write
2AA0000
direct allocation
page read and write
459F000
stack
page read and write
47A1000
heap
page read and write
ED4000
heap
page read and write
376F000
stack
page read and write
3B1F000
stack
page read and write
F96000
heap
page read and write
47A1000
heap
page read and write
107E000
heap
page read and write
F43000
unkown
page execute and write copy
F09000
unkown
page execute and write copy
E24000
heap
page read and write
967000
unkown
page execute and write copy
9AB000
heap
page read and write
5EE000
stack
page read and write
BE4000
heap
page read and write
379E000
stack
page read and write
1D250000
heap
page read and write
1CFAD000
stack
page read and write
452F000
stack
page read and write
AAC000
unkown
page execute and write copy
1CA9E000
stack
page read and write
305F000
stack
page read and write
565D000
trusted library allocation
page read and write
4671000
heap
page read and write
4671000
heap
page read and write
EF1000
unkown
page execute and read and write
3B9F000
stack
page read and write
5653000
trusted library allocation
page read and write
47A1000
heap
page read and write
93B000
unkown
page execute and read and write
ED4000
heap
page read and write
568D000
trusted library allocation
page read and write
47A1000
heap
page read and write
11B0000
heap
page read and write
E24000
heap
page read and write
F43000
unkown
page execute and write copy
47A1000
heap
page read and write
ED4000
heap
page read and write
1470000
heap
page read and write
112F000
heap
page read and write
ED4000
heap
page read and write
4701000
heap
page read and write
5696000
trusted library allocation
page read and write
8D0000
unkown
page readonly
1D275000
heap
page read and write
A64000
heap
page read and write
F2A000
unkown
page execute and read and write
306E000
stack
page read and write
EA2000
unkown
page execute and read and write
324E000
stack
page read and write
47A1000
heap
page read and write
ED4000
heap
page read and write
5490000
direct allocation
page execute and read and write
4671000
heap
page read and write
2E8F000
stack
page read and write
FB9000
unkown
page execute and write copy
4671000
heap
page read and write
4C80000
direct allocation
page execute and read and write
299E000
stack
page read and write
F4C000
unkown
page execute and read and write
4671000
heap
page read and write
1D297000
heap
page read and write
4671000
heap
page read and write
F29000
heap
page read and write
E96000
heap
page read and write
1497000
heap
page read and write
1D281000
heap
page read and write
ED4000
heap
page read and write
6CB80000
unkown
page readonly
1D26A000
heap
page read and write
4CD0000
direct allocation
page execute and read and write
9F0000
heap
page read and write
ED4000
heap
page read and write
4E60000
direct allocation
page read and write
47A1000
heap
page read and write
D29000
unkown
page write copy
ED4000
heap
page read and write
FB7000
unkown
page execute and write copy
42EE000
stack
page read and write
E24000
heap
page read and write
F45000
unkown
page execute and read and write
42EF000
stack
page read and write
A64000
heap
page read and write
923000
unkown
page execute and write copy
EF1000
unkown
page execute and read and write
3A9E000
stack
page read and write
1D274000
heap
page read and write
349E000
stack
page read and write
446E000
stack
page read and write
37AF000
stack
page read and write
E3E000
heap
page read and write
2AA0000
direct allocation
page read and write
2D1E000
stack
page read and write
30CC000
stack
page read and write
ED4000
heap
page read and write
352F000
stack
page read and write
4671000
heap
page read and write
42AF000
stack
page read and write
47A1000
heap
page read and write
6CD60000
unkown
page read and write
5684000
trusted library allocation
page read and write
47A1000
heap
page read and write
F4C000
unkown
page execute and read and write
4BCC000
stack
page read and write
10DC000
heap
page read and write
2AC0000
direct allocation
page read and write
421E000
stack
page read and write
ECA000
heap
page read and write
A64000
heap
page read and write
2DEE000
stack
page read and write
508F000
stack
page read and write
8C0000
direct allocation
page read and write
865000
unkown
page execute and write copy
1184000
heap
page read and write
6E6000
unkown
page execute and read and write
4CB0000
direct allocation
page execute and read and write
76D000
unkown
page execute and write copy
ED4000
heap
page read and write
2F2E000
stack
page read and write
566E000
trusted library allocation
page read and write
B6E000
stack
page read and write
5645000
trusted library allocation
page read and write
53BE000
stack
page read and write
522E000
stack
page read and write
A64000
heap
page read and write
608E000
stack
page read and write
A84000
unkown
page execute and write copy
912000
unkown
page execute and write copy
1D279000
heap
page read and write
F42000
unkown
page execute and read and write
41DF000
stack
page read and write
566B000
trusted library allocation
page read and write
BE4000
heap
page read and write
ED4000
heap
page read and write
FAA000
unkown
page execute and write copy
804000
heap
page read and write
FB8000
unkown
page execute and read and write
ED4000
heap
page read and write
1D275000
heap
page read and write
4C40000
direct allocation
page execute and read and write
365E000
stack
page read and write
A64000
heap
page read and write
43CE000
stack
page read and write
4701000
heap
page read and write
FBE000
unkown
page execute and write copy
41AF000
stack
page read and write
100E000
stack
page read and write
488F000
stack
page read and write
8FD000
stack
page read and write
4DEB000
stack
page read and write
2A390000
heap
page read and write
6CD5F000
unkown
page write copy
D29000
unkown
page write copy
2A391000
heap
page read and write
567E000
trusted library allocation
page read and write
101E000
heap
page read and write
804000
heap
page read and write
1CD1E000
stack
page read and write
32AF000
stack
page read and write
1D281000
heap
page read and write
23346000
heap
page read and write
1D274000
heap
page read and write
E24000
heap
page read and write
E24000
heap
page read and write
1D28D000
heap
page read and write
5648000
trusted library allocation
page read and write
5F0000
heap
page read and write
232E0000
heap
page read and write
485E000
stack
page read and write
117A000
heap
page read and write
56AD000
trusted library allocation
page read and write
877000
unkown
page execute and read and write
ED4000
heap
page read and write
A64000
heap
page read and write
1D271000
heap
page read and write
ED4000
heap
page read and write
46B0000
heap
page read and write
4C40000
direct allocation
page execute and read and write
990000
direct allocation
page read and write
47C0000
heap
page read and write
804000
heap
page read and write
4A5F000
stack
page read and write
1D25E000
heap
page read and write
ED4000
heap
page read and write
ED4000
heap
page read and write
54B0000
direct allocation
page execute and read and write
895000
heap
page read and write
152A000
heap
page read and write
36DF000
stack
page read and write
3A6E000
stack
page read and write
F28000
heap
page read and write
46AF000
stack
page read and write
3E1F000
stack
page read and write
56D6000
trusted library allocation
page read and write
B13000
unkown
page execute and write copy
1D370000
trusted library allocation
page read and write
47A1000
heap
page read and write
4671000
heap
page read and write
4E60000
direct allocation
page read and write
4C30000
direct allocation
page execute and read and write
335F000
stack
page read and write
8C0000
direct allocation
page read and write
2990000
direct allocation
page execute and read and write
4701000
heap
page read and write
3B6F000
stack
page read and write
1D297000
heap
page read and write
5669000
trusted library allocation
page read and write
5659000
trusted library allocation
page read and write
BD0000
unkown
page execute and read and write
B35000
unkown
page execute and write copy
4CE0000
direct allocation
page execute and read and write
309F000
stack
page read and write
3F5F000
stack
page read and write
B9E000
stack
page read and write
1060000
direct allocation
page read and write
334F000
stack
page read and write
56C5000
trusted library allocation
page read and write
ED4000
heap
page read and write
50CE000
stack
page read and write
61ECC000
direct allocation
page read and write
ED4000
heap
page read and write
4AB0000
direct allocation
page execute and read and write
ED4000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
312F000
stack
page read and write
5694000
trusted library allocation
page read and write
1101000
heap
page read and write
1D273000
heap
page read and write
4A90000
direct allocation
page execute and read and write
FCE000
unkown
page execute and read and write
D36000
unkown
page execute and read and write
47A1000
heap
page read and write
563E000
stack
page read and write
96E000
unkown
page execute and write copy
1D273000
heap
page read and write
94F000
stack
page read and write
BC0000
direct allocation
page read and write
ED4000
heap
page read and write
D22000
unkown
page execute and write copy
F4C000
unkown
page execute and read and write
ED5000
heap
page read and write
392E000
stack
page read and write
BE4000
heap
page read and write
CB0000
direct allocation
page read and write
3E2E000
stack
page read and write
2AA0000
direct allocation
page read and write
804000
heap
page read and write
56CD000
trusted library allocation
page read and write
6CAE1000
unkown
page execute read
3DEE000
stack
page read and write
5688000
trusted library allocation
page read and write
8C76000
heap
page read and write
360E000
stack
page read and write
1037000
heap
page read and write
4671000
heap
page read and write
51BF000
stack
page read and write
5510000
direct allocation
page execute and read and write
3A9F000
stack
page read and write
A40000
direct allocation
page read and write
E24000
heap
page read and write
57F4000
trusted library allocation
page read and write
F5E000
unkown
page execute and write copy
4671000
heap
page read and write
A40000
direct allocation
page read and write
E24000
heap
page read and write
2F9E000
stack
page read and write
47A1000
heap
page read and write
5670000
trusted library allocation
page read and write
4B2B000
stack
page read and write
1232000
heap
page read and write
370F000
stack
page read and write
4671000
heap
page read and write
1101000
heap
page read and write
4B20000
direct allocation
page execute and read and write
33DE000
stack
page read and write
4CA0000
direct allocation
page execute and read and write
3A5F000
stack
page read and write
1520000
heap
page read and write
102E000
stack
page read and write
8F2000
unkown
page execute and read and write
304000
unkown
page execute and read and write
4CF0000
direct allocation
page execute and read and write
565C000
trusted library allocation
page read and write
56A6000
trusted library allocation
page read and write
7360000
heap
page read and write
E3A000
heap
page read and write
FCE000
unkown
page execute and read and write
E24000
heap
page read and write
4D90000
direct allocation
page execute and read and write
990000
direct allocation
page read and write
56BD000
trusted library allocation
page read and write
495E000
stack
page read and write
431F000
stack
page read and write
4D96000
trusted library allocation
page read and write
ED4000
heap
page read and write
886B000
stack
page read and write
5648000
trusted library allocation
page read and write
E7D000
heap
page read and write
4E60000
direct allocation
page read and write
4701000
heap
page read and write
ED4000
heap
page read and write
47A1000
heap
page read and write
40AE000
stack
page read and write
3D4F000
stack
page read and write
A64000
heap
page read and write
8FC000
unkown
page execute and read and write
A40000
direct allocation
page read and write
3ADE000
stack
page read and write
567D000
trusted library allocation
page read and write
56A5000
trusted library allocation
page read and write
ED4000
heap
page read and write
4671000
heap
page read and write
1D27C000
heap
page read and write
BE4000
heap
page read and write
4680000
heap
page read and write
1D25B000
heap
page read and write
2AA0000
direct allocation
page read and write
1D37E000
heap
page read and write
B8F000
unkown
page execute and read and write
FCE000
unkown
page execute and write copy
564A000
trusted library allocation
page read and write
47A1000
heap
page read and write
5043000
trusted library allocation
page read and write
5051000
trusted library allocation
page read and write
47A1000
heap
page read and write
435E000
stack
page read and write
2A9F000
stack
page read and write
ED4000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
1D277000
heap
page read and write
ED4000
heap
page read and write
61CE000
stack
page read and write
F1B000
heap
page read and write
967000
unkown
page execute and write copy
1D26B000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
2EEE000
stack
page read and write
335E000
stack
page read and write
D2B000
unkown
page execute and write copy
1CE6E000
stack
page read and write
428E000
stack
page read and write
345F000
stack
page read and write
E24000
heap
page read and write
D29000
unkown
page write copy
47A1000
heap
page read and write
1D281000
heap
page read and write
110D000
heap
page read and write
42DE000
stack
page read and write
2C1F000
stack
page read and write
83C000
unkown
page execute and read and write
F17000
unkown
page execute and write copy
567A000
trusted library allocation
page read and write
1158000
heap
page read and write
110A000
heap
page read and write
4F4C000
stack
page read and write
FB7000
unkown
page execute and write copy
84E000
stack
page read and write
566B000
trusted library allocation
page read and write
E20000
heap
page read and write
3D1E000
stack
page read and write
297E000
stack
page read and write
5B5C000
stack
page read and write
ED4000
heap
page read and write
There are 1902 hidden memdumps, click here to show them.