IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\oi[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1005824001\591832b8e5.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1005893001\oi.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\exploma.exe.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsGDBFCGIIIJ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\CGIJJKEH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\GCGDGHCBGDHJJKECAECB
ASCII text, with very long lines (1769), with CRLF line terminators
dropped
C:\ProgramData\HIDHDAAEHIEHIECBKJDGDBFBGI
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\HIIIJDAAAAAAKECBFBAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\IECFHDBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JJDHIDBFBFHIJKFHCGIEGIDAEH
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KKFBFCAFCBKFIEBFHIDB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\180553cf-d479-4511-bd26-679c1d8c5a6e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4e0d25fe-044a-4c7e-8fc2-62700197ca20.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74e5ba03-07e8-4d1f-af01-d6a67f75093a.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9268f10c-ed92-461c-b3e8-50a55ff6da1f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9acf647f-fab5-472c-9548-b9777a1b0e94.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\14546d6d-7dad-458a-8287-6d6a6c4bb425.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6734AC81-82C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6734AC82-1524.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\173348b1-779d-4c55-93ad-034a2b258e95.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\760b0311-239e-4801-9386-8620460b9493.tmp
Unicode text, UTF-8 text, with very long lines (17206), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\85e95f4d-418d-46a6-9404-f72fdfbda1ae.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8ee92f79-87de-4190-8677-38b6786b00fd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\991feefe-fb5d-4715-aaa9-77c7f2e8f31f.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9bbea375-7c64-40d8-a6ad-4f9e30a0178c.tmp
Unicode text, UTF-8 text, with very long lines (17206), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\240ecc51-3591-49ed-b6b2-a14a2f366486.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\70a2fe94-f3da-4acc-8c1f-b2773d01a14f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8db9bd33-bf63-48fa-a833-052927bad9eb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ef797d9-872f-4795-870b-8d86ed9ce307.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF358a0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF25068.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF26373.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2696e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a6df9f03-e91f-4f42-a112-601b3d77c93f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ad03f86d-ad22-4ca0-be69-97b136bd7cbd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ebbc4471-ba79-4742-82a3-85a0db212243.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF28bbb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2d7d8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34d08.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2907e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF2b6c3.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375978884915530
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\264046ad-3435-4fd5-8ed2-c4b252618af9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5b65c03a-2db6-49a7-8589-529699274c24.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF26382.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2697e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b771959f-7033-4720-8fb9-6cb6db15fb10.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d43419d7-feb8-421f-a898-c4703113b9f1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ec94e9b9-2d3c-4933-b0ca-624664883fd2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bd4add16-2acd-4cc2-b997-e7d46cd48baf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f45c73ac-c1ee-4a42-ba11-fef90db6df64.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fd689ace-c3a9-46b6-8356-0eb2fcd63586.tmp
Unicode text, UTF-8 text, with very long lines (17041), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23a50.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23a5f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF23c15.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF262b7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28fa3.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34ce8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37408.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a9fd.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a82f6623-1b3e-42ff-a1c6-032a5f12dab2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b59751e9-0b09-4cba-a030-d00f3cebba13.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\da684e78-0bfc-4c3b-a21b-b0591fd9434e.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dfaf087e-1561-4a3d-bbfb-fd4d443215d8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\line[1].txt
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\6621357ed8034a07b39d149a6f3e52d8[1].json
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\6621357ed8034a07b39d149a6f3e52d8[1].json
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\line[1].txt
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\0af3f732-82d6-4706-9f31-12c2d2e998ed.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\23646c95-e913-4a82-b7a2-66187bb466ca.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\4d98ae41-173c-4a8c-ba52-a98284827f0f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\5a89d4c0-279b-4590-b3c0-20ef91dc60cc.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\801538ab-8e7b-461f-8449-c8674e5841ba.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\803591ed-014c-4b4a-947c-cfeeafdf2e26.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\Ace
data
dropped
C:\Users\user\AppData\Local\Temp\Advertiser
data
dropped
C:\Users\user\AppData\Local\Temp\Bryan
data
dropped
C:\Users\user\AppData\Local\Temp\Concerts
data
dropped
C:\Users\user\AppData\Local\Temp\Maintained
data
modified
C:\Users\user\AppData\Local\Temp\Simplified
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Temp\Stored
data
dropped
C:\Users\user\AppData\Local\Temp\Tech
data
dropped
C:\Users\user\AppData\Local\Temp\Tiny
data
dropped
C:\Users\user\AppData\Local\Temp\Uh
ASCII text, with very long lines (639), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Uh.cmd
ASCII text, with very long lines (639), with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\aa0ad788-9884-4b91-a99b-d02e79e4d371.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\801538ab-8e7b-461f-8449-c8674e5841ba.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3700)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_2001610878\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3705)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_214942146\4d98ae41-173c-4a8c-ba52-a98284827f0f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_214942146\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_214942146\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_214942146\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5412_214942146\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 468
ASCII text, with very long lines (787)
downloaded
Chrome Cache Entry: 469
ASCII text
downloaded
Chrome Cache Entry: 470
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 471
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 472
ASCII text, with very long lines (1302)
downloaded
Chrome Cache Entry: 473
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 474
SVG Scalable Vector Graphics image
downloaded
There are 305 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2220,i,8398956944613471196,4517818318250730757,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2240,i,9997244050873834229,8109525789655161871,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2020,i,9389031914118789707,10044134577850243692,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6656 --field-trial-handle=2020,i,9389031914118789707,10044134577850243692,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6804 --field-trial-handle=2020,i,9389031914118789707,10044134577850243692,262144 /prefetch:8
malicious
C:\Users\user\DocumentsGDBFCGIIIJ.exe
"C:\Users\user\DocumentsGDBFCGIIIJ.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7112 --field-trial-handle=2020,i,9389031914118789707,10044134577850243692,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1005824001\591832b8e5.exe
"C:\Users\user~1\AppData\Local\Temp\1005824001\591832b8e5.exe"
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c start cmd /C "ping localhost -n 1 && start C:\Users\user\AppData\Local\exploma.exe.exe"
 malicious
C:\Windows\System32\cmd.exe
cmd /C "ping localhost -n 1 && start C:\Users\user\AppData\Local\exploma.exe.exe"
 malicious
C:\Windows\System32\PING.EXE
ping localhost -n 1
 malicious
C:\Users\user\AppData\Local\exploma.exe.exe
C:\Users\user\AppData\Local\exploma.exe.exe
 malicious
C:\Users\user\AppData\Local\Temp\1005893001\oi.exe
"C:\Users\user~1\AppData\Local\Temp\1005893001\oi.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGDBFCGIIIJ.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy Uh Uh.cmd & Uh.cmd
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\tasklist.exe
tasklist
There are 16 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
http://ip-api.com/line/d
unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dllO1
unknown
http://31.41.244.11/files/random.exe%
unknown
https://msn.comXIDv10R
unknown
http://185.215.113.206/c4becf79229cb002.php=C
unknown
https://ntp.msn.com/0
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731511551958&w=0&anoncknm=app_anon&NoResponseBody=true
51.132.193.105
https://ntp.msn.com/_default
unknown
https://dev-marcepan.grupa-abs.pl/TWq
unknown
http://31.41.244.11/files/random.exe;
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://dev-marcepan.grupa-abs.pl/
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://147.45.47.61/uu
unknown
http://31.41.244.11/files/random.exe7
unknown
https://www.autoitscript.com/autoit3/
unknown
https://sb.scorecardresearch.com/
unknown
https://docs.google.com/
unknown
http://31.41.244.11/
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
http://185.215.113.206/68b591d6548ec281/mozglue.dll2
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
http://ip-api.com/line/5
unknown
https://drive.google.com/
unknown
https://sb.scorecardresearch.com/b?rn=1731511548693&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2B7552435FBF62BD3EE147755E31634B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
3.168.2.84
http://ip-api.com/line/d-
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
http://ip-api.com/line/Am
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
172.217.18.4
http://31.41.244.11/files/random.exe.46
unknown
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
unknown
http://147.45.47.61:8888/6621357ed8034a07b39d14
unknown
http://ip-api.com/line/m%
unknown
185.215.113.206/c4becf79229cb002.php
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731511550968&w=0&anoncknm=app_anon&NoResponseBody=true
51.132.193.105
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://dev-marcepan.grupa-abs.pl/0W
unknown
https://drive-daily-2.corp.google.com/
unknown
https://drive-daily-4.corp.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731511548691&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
51.132.193.105
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://c.msn.com/c.gif?rnd=1731511548692&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=be3c4083b4ed4fbea41c70caa22e4593&activityId=be3c4083b4ed4fbea41c70caa22e4593&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=1DE24314577C4C24ACA0B89F4370084C&MUID=2B7552435FBF62BD3EE147755E31634B
20.125.209.212
http://185.215.113.206/c4becf79229cb002.php)
unknown
http://www.autoitscript.com/autoit3/X
unknown
http://185.215.113.16/mine/random.exeI0
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731511551652&w=0&anoncknm=app_anon&NoResponseBody=true
51.132.193.105
http://31.41.244.11/files/random.exe131
unknown
https://drive-daily-1.corp.google.com/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://147.45.47.61:8888/6621357ed8034a07b39d149a6f3e52d8/l
unknown
https://drive-daily-5.corp.google.com/
unknown
http://31.41.244.11//Zu7JuNko/index.php
unknown
https://play.google.com/log?format=json&hasfast=true
142.250.185.206
http://31.41.244.11/215.113.43/Zu7JuNko/index.php
unknown
https://www.google.com/chrome
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
142.250.185.78
http://147.45.47.61:8888/6621357ed8034a07b39d149a6f3e52d8/
147.45.47.61
http://ip-api.com/line/j-
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
http://185.215.113.206/c4becf79229cb002.phpH
unknown
http://147.45.47.61:8888/6621357ed8034a07b39d149a6f3e52d8/A
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllZ)E
unknown
http://ip-api.com/line/RUBYUA73686B262827413CAFE9981D71660D60X0dCSAxtHQcGDxwDAR8HdG9wdAMBAAl8GAcABAF
unknown
https://chromewebstore.google.com/
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
http://31.41.244.11/files/random.exe
unknown
https://chrome.google.com/webstore/
unknown
http://185.215.113.206rontdesk
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx
142.250.186.97
http://185.215.113.206/c4becf79229cb002.phpT
unknown
http://185.215.113.206s
unknown
https://marcepdev-marcepan.grupa-abs.pl/oi.exen
unknown
https://assets.msn.cn/resolver/
unknown
https://sb.scorecardresearch.com/b2?rn=1731511548693&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2B7552435FBF62BD3EE147755E31634B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
3.168.2.84
http://ip-api.com/line/dll
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://147.45.47.61:8888/662135
unknown
http://147.45.47.61:8888/6621357ed8034a07b39d149a6f3e52d8/573ef1
unknown
http://147.45.47.61/
unknown
http://147.45.47.61:8888/6621357ed8034a07b39d149a6f3e52d8/zkT-
unknown
https://dev-marcepan.grupa-abs.pl/emp
unknown
https://ntp.msn.com/edge/ntp
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ZByrsnSvAcGEaDRNGjI.ZByrsnSvAcGEaDRNGjI
unknown
 malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.185.78
play.google.com
142.250.185.206
dev-marcepan.grupa-abs.pl
212.87.244.196
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.65.39.56
www.google.com
172.217.18.4
ip-api.com
208.95.112.1
googlehosted.l.googleusercontent.com
142.250.186.97
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.7
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
23.198.7.166
unknown
United States
192.168.2.8
unknown
unknown
20.125.209.212
unknown
United States
162.159.61.3
unknown
United States
18.65.39.56
sb.scorecardresearch.com
United States
172.217.18.4
www.google.com
United States
3.168.2.84
unknown
United States
208.95.112.1
ip-api.com
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
142.250.185.78
plus.l.google.com
United States
142.250.185.206
play.google.com
United States
51.132.193.105
unknown
United Kingdom
23.96.180.189
unknown
United States
104.117.247.123
unknown
United States
212.87.244.196
dev-marcepan.grupa-abs.pl
Poland
204.79.197.219
unknown
United States
142.250.186.97
googlehosted.l.googleusercontent.com
United States
4.153.29.52
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
31.41.244.11
unknown
Russian Federation
13.107.246.57
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
23.221.22.211
unknown
United States
147.45.47.61
unknown
Russian Federation
23.192.223.230
unknown
United States
There are 20 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
591832b8e5.exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
exploma.exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197700
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197700
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197700
WindowTabManagerFileMappingId
There are 135 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5570000
direct allocation
page read and write
 malicious
331000
unkown
page execute and read and write
 malicious
144E000
heap
page read and write
 malicious
DA1000
unkown
page execute and read and write
 malicious
391000
unkown
page execute and read and write
 malicious
391000
unkown
page execute and read and write
 malicious
63E000
unkown
page execute and write copy
2947000
heap
page read and write
50F0000
heap
page read and write
61EB7000
direct allocation
page readonly
23DE2000
heap
page read and write
406000
unkown
page execute and read and write
42CF000
stack
page read and write
3B9E000
stack
page read and write
356E000
stack
page read and write
4570000
heap
page read and write
B44000
heap
page read and write
1DD02000
heap
page read and write
50F1000
heap
page read and write
1DCFF000
heap
page read and write
C45000
heap
page read and write
3A4E000
stack
page read and write
4EAE000
stack
page read and write
50F1000
heap
page read and write
7081000
heap
page read and write
B44000
heap
page read and write
5ECF000
stack
page read and write
61E00000
direct allocation
page execute and read and write
617000
heap
page read and write
C40000
heap
page read and write
FEC000
unkown
page execute and read and write
61B000
heap
page read and write
4561000
heap
page read and write
1DD0E000
heap
page read and write
5DA000
unkown
page execute and write copy
C44000
heap
page read and write
5E7000
unkown
page execute and read and write
1DD22000
heap
page read and write
33F0000
direct allocation
page read and write
365F000
stack
page read and write
57B000
unkown
page execute and write copy
4561000
heap
page read and write
15B4000
heap
page read and write
340E000
stack
page read and write
B44000
heap
page read and write
3E6E000
stack
page read and write
C44000
heap
page read and write
588000
unkown
page execute and write copy
C44000
heap
page read and write
1DD13000
heap
page read and write
2C3E000
stack
page read and write
3FB000
unkown
page execute and write copy
B44000
heap
page read and write
15B4000
heap
page read and write
684000
unkown
page execute and write copy
B44000
heap
page read and write
603000
heap
page read and write
98000
stack
page read and write
73C000
stack
page read and write
4561000
heap
page read and write
1DD30000
heap
page read and write
7FF72B5AE000
unkown
page read and write
486E000
stack
page read and write
C10000
direct allocation
page read and write
50F1000
heap
page read and write
1DD0F000
heap
page read and write
6D135000
unkown
page readonly
B44000
heap
page read and write
28DF000
stack
page read and write
5BA000
heap
page read and write
419F000
stack
page read and write
57A000
unkown
page execute and write copy
C44000
heap
page read and write
4F9000
unkown
page execute and read and write
5FB000
unkown
page execute and write copy
4561000
heap
page read and write
1DD07000
heap
page read and write
B30000
direct allocation
page read and write
B44000
heap
page read and write
51B000
unkown
page execute and write copy
2DCE000
stack
page read and write
62B000
unkown
page execute and read and write
37EC000
stack
page read and write
354E000
stack
page read and write
56E0000
direct allocation
page execute and read and write
B30000
direct allocation
page read and write
7FF72B5B6000
unkown
page read and write
4BE0000
direct allocation
page execute and read and write
B44000
heap
page read and write
5EF000
heap
page read and write
1D7BE000
stack
page read and write
23FF0000
trusted library allocation
page read and write
418F000
stack
page read and write
845D000
stack
page read and write
708E000
heap
page read and write
346C000
stack
page read and write
61B000
heap
page read and write
C44000
heap
page read and write
B44000
heap
page read and write
1DD12000
heap
page read and write
882C000
stack
page read and write
33EF000
stack
page read and write
3A5000
unkown
page execute and write copy
25788F0C000
heap
page read and write
15FE000
stack
page read and write
3FB000
unkown
page execute and write copy
2AC90000
heap
page read and write
1DD14000
heap
page read and write
617000
heap
page read and write
3FB000
unkown
page execute and read and write
B44000
heap
page read and write
7FF7A239D000
unkown
page readonly
CE0000
heap
page read and write
1DD13000
heap
page read and write
39FE000
stack
page read and write
390000
unkown
page read and write
25788F60000
heap
page read and write
BD7000
heap
page read and write
409E000
stack
page read and write
4D6E000
stack
page read and write
38CF000
stack
page read and write
612000
heap
page read and write
4561000
heap
page read and write
B44000
heap
page read and write
50F1000
heap
page read and write
C44000
heap
page read and write
1E8759FC000
heap
page read and write
1D4EF000
stack
page read and write
1DD12000
heap
page read and write
1DD15000
heap
page read and write
432F000
stack
page read and write
6160000
heap
page read and write
4561000
heap
page read and write
677000
unkown
page execute and write copy
D0B000
heap
page read and write
1DD30000
heap
page read and write
7090000
heap
page read and write
15B4000
heap
page read and write
1DCFB000
heap
page read and write
23E70000
trusted library allocation
page read and write
50F1000
heap
page read and write
1DD0D000
heap
page read and write
59E000
unkown
page execute and read and write
E1E000
stack
page read and write
1DCF1000
heap
page read and write
4550000
heap
page read and write
1E8759F6000
heap
page read and write
4800000
trusted library allocation
page read and write
5EF000
heap
page read and write
331000
unkown
page execute and write copy
4561000
heap
page read and write
4A40000
direct allocation
page execute and read and write
7FF7A21E0000
unkown
page readonly
E24000
unkown
page execute and read and write
417E000
stack
page read and write
1DD09000
heap
page read and write
31A0000
trusted library section
page read and write
277A000
heap
page read and write
24083000
heap
page read and write
15B4000
heap
page read and write
617000
heap
page read and write
391000
unkown
page execute and write copy
4B40000
direct allocation
page execute and read and write
4B40000
direct allocation
page execute and read and write
4B40000
direct allocation
page execute and read and write
50F1000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
33F0000
direct allocation
page read and write
61B000
heap
page read and write
49D0000
direct allocation
page execute and read and write
D724EFE000
stack
page read and write
50F1000
heap
page read and write
4850000
direct allocation
page read and write
1DD22000
heap
page read and write
E10000
heap
page read and write
D724DFF000
stack
page read and write
43C1000
heap
page read and write
2D7E000
stack
page read and write
5EC000
heap
page read and write
DA0000
unkown
page read and write
B44000
heap
page read and write
B30000
direct allocation
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
DA0000
unkown
page readonly
5D9000
unkown
page execute and read and write
342E000
heap
page read and write
B10000
direct allocation
page read and write
1DD12000
heap
page read and write
498F000
stack
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
4BA4000
heap
page read and write
277A000
heap
page read and write
5F8000
unkown
page execute and read and write
4561000
heap
page read and write
855E000
stack
page read and write
61EB4000
direct allocation
page read and write
50F1000
heap
page read and write
1E8773E5000
heap
page read and write
B10000
direct allocation
page read and write
5D5000
unkown
page execute and write copy
40B000
unkown
page read and write
CF4000
heap
page read and write
673000
unkown
page execute and write copy
15B4000
heap
page read and write
6C0000
heap
page read and write
B44000
heap
page read and write
6EF0000
heap
page read and write
436E000
stack
page read and write
15B4000
heap
page read and write
892C000
stack
page read and write
B44000
heap
page read and write
5FB000
heap
page read and write
B44000
heap
page read and write
527000
unkown
page execute and read and write
33F0000
direct allocation
page read and write
1DD15000
heap
page read and write
2777000
heap
page read and write
608000
heap
page read and write
CC2000
heap
page read and write
3A6F000
stack
page read and write
3F2000
unkown
page execute and read and write
3D2E000
stack
page read and write
C44000
heap
page read and write
4D6E000
stack
page read and write
4BB0000
direct allocation
page execute and read and write
7080000
heap
page read and write
5FB000
heap
page read and write
400000
unkown
page readonly
B30000
heap
page read and write
D8A000
heap
page read and write
7C64FFE000
stack
page read and write
4FA000
unkown
page readonly
B44000
heap
page read and write
E6C000
unkown
page execute and read and write
B30000
direct allocation
page read and write
37AC000
stack
page read and write
15B4000
heap
page read and write
1E8759F0000
heap
page read and write
4B50000
direct allocation
page execute and read and write
1DD30000
heap
page read and write
1DCFB000
heap
page read and write
690000
unkown
page execute and write copy
6D0EF000
unkown
page readonly
310000
heap
page read and write
B44000
heap
page read and write
408000
unkown
page readonly
B44000
heap
page read and write
4A00000
direct allocation
page execute and read and write
305E000
stack
page read and write
3FB000
unkown
page execute and read and write
14C4000
heap
page read and write
58D000
unkown
page execute and read and write
50F1000
heap
page read and write
50F1000
heap
page read and write
61B000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
50F1000
heap
page read and write
B44000
heap
page read and write
5EF000
heap
page read and write
3C9E000
stack
page read and write
B44000
heap
page read and write
5700000
direct allocation
page execute and read and write
614F000
stack
page read and write
617000
heap
page read and write
B44000
heap
page read and write
5FD000
heap
page read and write
50F1000
heap
page read and write
C9F000
heap
page read and write
C44000
heap
page read and write
B3A000
heap
page read and write
55B000
unkown
page execute and write copy
CCE000
stack
page read and write
B44000
heap
page read and write
446F000
stack
page read and write
61C000
heap
page read and write
404F000
stack
page read and write
B44000
heap
page read and write
CE7000
heap
page read and write
1DD20000
heap
page read and write
61F000
heap
page read and write
CF4000
heap
page read and write
3E1E000
stack
page read and write
7FF72B40D000
unkown
page readonly
575000
unkown
page execute and write copy
603000
heap
page read and write
29BF000
stack
page read and write
613000
unkown
page execute and write copy
C6C000
stack
page read and write
B44000
heap
page read and write
5680000
remote allocation
page read and write
612000
heap
page read and write
4561000
heap
page read and write
DD7000
unkown
page execute and read and write
1DD22000
heap
page read and write
2120000
heap
page read and write
B44000
heap
page read and write
4E6F000
stack
page read and write
CFF000
heap
page read and write
379F000
stack
page read and write
4561000
heap
page read and write
4A70000
direct allocation
page execute and read and write
2775000
heap
page read and write
70152000
unkown
page readonly
3F9000
unkown
page write copy
51F0000
trusted library allocation
page read and write
E55000
unkown
page execute and read and write
15B0000
heap
page read and write
625000
unkown
page execute and read and write
5ED000
unkown
page execute and read and write
50F1000
heap
page read and write
C44000
heap
page read and write
B44000
heap
page read and write
1281000
unkown
page execute and read and write
C2A000
heap
page read and write
23E3F000
heap
page read and write
637000
heap
page read and write
1DD13000
heap
page read and write
15B4000
heap
page read and write
C44000
heap
page read and write
D30000
direct allocation
page execute and read and write
4B40000
direct allocation
page execute and read and write
320000
heap
page read and write
1DD09000
heap
page read and write
319E000
stack
page read and write
1DE07000
heap
page read and write
49A0000
heap
page read and write
41EF000
stack
page read and write
364F000
stack
page read and write
624000
unkown
page execute and write copy
608000
heap
page read and write
2F1E000
stack
page read and write
B44000
heap
page read and write
7FF7A2542000
unkown
page read and write
1E875AF0000
heap
page read and write
CF4000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
286F000
stack
page read and write
B44000
heap
page read and write
AFD000
stack
page read and write
C44000
heap
page read and write
55B000
unkown
page execute and write copy
5B0000
heap
page read and write
619000
unkown
page execute and read and write
34FE000
stack
page read and write
C44000
heap
page read and write
1DD30000
heap
page read and write
617000
unkown
page execute and write copy
CA8000
heap
page read and write
62E000
unkown
page execute and read and write
B44000
heap
page read and write
CF4000
heap
page read and write
D86000
heap
page read and write
617000
heap
page read and write
33BE000
stack
page read and write
B44000
heap
page read and write
5A2000
unkown
page execute and read and write
6187000
heap
page read and write
3E2F000
stack
page read and write
7FF7A21E0000
unkown
page readonly
4B40000
direct allocation
page execute and read and write
4A1C000
stack
page read and write
4BE0000
direct allocation
page execute and read and write
C44000
heap
page read and write
40AF000
stack
page read and write
15B4000
heap
page read and write
B44000
heap
page read and write
7FF7A253E000
unkown
page read and write
4561000
heap
page read and write
2BFF000
stack
page read and write
15B4000
heap
page read and write
39B000
unkown
page execute and read and write
B3E000
heap
page read and write
B45000
heap
page read and write
304E000
stack
page read and write
7C653FD000
stack
page read and write
B10000
direct allocation
page read and write
4BA0000
heap
page read and write
D724AF9000
stack
page read and write
B44000
heap
page read and write
4B40000
direct allocation
page execute and read and write
2ECF000
stack
page read and write
15B4000
heap
page read and write
B44000
heap
page read and write
7FF7A2541000
unkown
page write copy
4561000
heap
page read and write
2772000
heap
page read and write
66F0000
trusted library allocation
page read and write
4561000
heap
page read and write
1241000
unkown
page execute and read and write
C45000
heap
page read and write
B44000
heap
page read and write
C44000
heap
page read and write
C44000
heap
page read and write
7C64DFF000
stack
page read and write
2D9F000
stack
page read and write
BDE000
heap
page read and write
4B20000
direct allocation
page execute and read and write
617000
heap
page read and write
400000
unkown
page readonly
4B40000
direct allocation
page execute and read and write
1DD01000
heap
page read and write
1DD0C000
heap
page read and write
1DD15000
heap
page read and write
4B80000
direct allocation
page execute and read and write
64C000
unkown
page execute and write copy
5FB000
heap
page read and write
45EE000
stack
page read and write
26BE000
stack
page read and write
C44000
heap
page read and write
2A1E000
stack
page read and write
330000
unkown
page readonly
C44000
heap
page read and write
1DCFB000
heap
page read and write
2F0E000
stack
page read and write
617000
heap
page read and write
19CE000
stack
page read and write
C20000
heap
page read and write
B00000
heap
page read and write
5CA000
unkown
page execute and read and write
399000
unkown
page write copy
1DD11000
heap
page read and write
43C0000
heap
page read and write
1DD0B000
heap
page read and write
B44000
heap
page read and write
D40000
heap
page read and write
1DD00000
heap
page read and write
2E7F000
stack
page read and write
C10000
direct allocation
page read and write
277D000
heap
page read and write
2128000
heap
page read and write
355E000
stack
page read and write
50F1000
heap
page read and write
3C8F000
stack
page read and write
629000
unkown
page execute and write copy
1DCE0000
heap
page read and write
1DD0F000
heap
page read and write
15B4000
heap
page read and write
B44000
heap
page read and write
5B9000
unkown
page execute and read and write
49A0000
direct allocation
page execute and read and write
685000
unkown
page execute and read and write
B10000
direct allocation
page read and write
B10000
direct allocation
page read and write
2578A7D5000
heap
page read and write
2780000
heap
page read and write
2B5E000
stack
page read and write
342B000
heap
page read and write
B44000
heap
page read and write
5F0E000
stack
page read and write
C44000
heap
page read and write
570000
unkown
page execute and read and write
1DCFB000
heap
page read and write
1DB3D000
stack
page read and write
3A5E000
stack
page read and write
5DA000
unkown
page execute and write copy
28AE000
stack
page read and write
597000
unkown
page execute and read and write
B44000
heap
page read and write
B44000
heap
page read and write
49D0000
direct allocation
page execute and read and write
50F1000
heap
page read and write
1DCEF000
heap
page read and write
B44000
heap
page read and write
59B000
unkown
page execute and write copy
570000
unkown
page execute and read and write
390E000
stack
page read and write
3BAF000
stack
page read and write
5D5000
unkown
page execute and write copy
56F0000
direct allocation
page execute and read and write
CF4000
heap
page read and write
B44000
heap
page read and write
40B000
unkown
page write copy
612000
heap
page read and write
D10000
direct allocation
page read and write
38ED000
stack
page read and write
15B4000
heap
page read and write
2846000
heap
page read and write
2FBF000
stack
page read and write
2AFE000
stack
page read and write
B44000
heap
page read and write
23D90000
heap
page read and write
61ECD000
direct allocation
page readonly
2294000
heap
page read and write
23D70000
heap
page read and write
1DD11000
heap
page read and write
3CCE000
stack
page read and write
D7254FE000
stack
page read and write
2578A7D0000
heap
page read and write
1DD0A000
heap
page read and write
33F0000
direct allocation
page read and write
4BB0000
direct allocation
page execute and read and write
584000
unkown
page execute and write copy
1DD03000
heap
page read and write
50F1000
heap
page read and write
B44000
heap
page read and write
1D8FD000
stack
page read and write
CC6000
heap
page read and write
53AD000
stack
page read and write
62A000
unkown
page execute and read and write
4A10000
direct allocation
page execute and read and write
7090000
heap
page read and write
C20000
heap
page read and write
3F9000
unkown
page write copy
C44000
heap
page read and write
1DCF1000
heap
page read and write
63F000
unkown
page execute and write copy
B44000
heap
page read and write
5EC000
unkown
page execute and write copy
4561000
heap
page read and write
B10000
direct allocation
page read and write
43BF000
stack
page read and write
C44000
heap
page read and write
1415000
unkown
page execute and read and write
33F0000
direct allocation
page read and write
D7252FD000
stack
page read and write
1DD1D000
heap
page read and write
33F0000
direct allocation
page read and write
440F000
stack
page read and write
49D0000
direct allocation
page execute and read and write
5C9000
unkown
page execute and write copy
3420000
heap
page read and write
C10000
direct allocation
page read and write
1DD07000
heap
page read and write
1272000
unkown
page execute and read and write
B44000
heap
page read and write
1E8772C0000
heap
page read and write
4A0E000
stack
page read and write
4560000
heap
page read and write
15B4000
heap
page read and write
B44000
heap
page read and write
61ED4000
direct allocation
page readonly
15B4000
heap
page read and write
1D3EE000
stack
page read and write
CC2000
heap
page read and write
7FF7A21E1000
unkown
page execute read
C44000
heap
page read and write
25788F5C000
heap
page read and write
CC2000
heap
page read and write
3B4F000
stack
page read and write
2EBE000
stack
page read and write
CFF000
heap
page read and write
5B3000
unkown
page execute and write copy
1DD02000
heap
page read and write
55E000
stack
page read and write
4561000
heap
page read and write
B44000
heap
page read and write
C10000
direct allocation
page read and write
B45000
heap
page read and write
5BE000
heap
page read and write
B44000
heap
page read and write
387F000
stack
page read and write
C7F000
heap
page read and write
15B4000
heap
page read and write
1DD15000
heap
page read and write
CF4000
heap
page read and write
619000
unkown
page execute and read and write
2040000
heap
page read and write
658000
unkown
page execute and read and write
608000
heap
page read and write
B44000
heap
page read and write
612000
heap
page read and write
56BE000
stack
page read and write
209E000
stack
page read and write
1DCFC000
heap
page read and write
2DDE000
stack
page read and write
C10000
direct allocation
page read and write
33F0000
direct allocation
page read and write
B44000
heap
page read and write
C44000
heap
page read and write
50F1000
heap
page read and write
4561000
heap
page read and write
4B50000
direct allocation
page execute and read and write
C44000
heap
page read and write
2ABDC000
stack
page read and write
5FB000
heap
page read and write
4FEE000
stack
page read and write
15B4000
heap
page read and write
C44000
heap
page read and write
11CF000
stack
page read and write
42DF000
stack
page read and write
1DCFB000
heap
page read and write
B44000
heap
page read and write
69E000
unkown
page execute and read and write
CF4000
heap
page read and write
658000
unkown
page execute and read and write
B44000
heap
page read and write
401000
unkown
page execute read
3F4E000
stack
page read and write
50F1000
heap
page read and write
7FD000
stack
page read and write
603000
heap
page read and write
3EFE000
stack
page read and write
454F000
stack
page read and write
14A9000
heap
page read and write
B44000
heap
page read and write
1DCF9000
heap
page read and write
B30000
direct allocation
page read and write
32EE000
stack
page read and write
50F1000
heap
page read and write
1440000
heap
page read and write
5ED000
unkown
page execute and read and write
378F000
stack
page read and write
2EDF000
stack
page read and write
B44000
heap
page read and write
61F000
heap
page read and write
44AE000
stack
page read and write
C75000
heap
page read and write
7FF7A253E000
unkown
page write copy
B44000
heap
page read and write
600F000
stack
page read and write
50F1000
heap
page read and write
C10000
direct allocation
page read and write
301F000
stack
page read and write
56B0000
heap
page read and write
3AAE000
stack
page read and write
7FF72B250000
unkown
page readonly
4D2F000
stack
page read and write
390000
unkown
page readonly
4F4000
unkown
page readonly
5AE000
stack
page read and write
C10000
direct allocation
page read and write
382E000
stack
page read and write
597000
unkown
page execute and read and write
B45000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
7A0000
heap
page read and write
68C000
unkown
page execute and write copy
15B4000
heap
page read and write
608000
heap
page read and write
1DD0B000
heap
page read and write
594C000
stack
page read and write
39B000
unkown
page execute and write copy
C10000
direct allocation
page read and write
B10000
direct allocation
page read and write
C8E000
stack
page read and write
50EE000
stack
page read and write
399000
unkown
page write copy
4561000
heap
page read and write
1DD20000
heap
page read and write
D9E000
heap
page read and write
B44000
heap
page read and write
CF4000
heap
page read and write
557000
unkown
page execute and write copy
50F1000
heap
page read and write
407000
unkown
page execute and write copy
617000
heap
page read and write
1DCFC000
heap
page read and write
B44000
heap
page read and write
7FF72B251000
unkown
page execute read
4B40000
direct allocation
page execute and read and write
C44000
heap
page read and write
613000
unkown
page execute and write copy
61ECC000
direct allocation
page read and write
686000
unkown
page execute and write copy
CC2000
heap
page read and write
4B40000
direct allocation
page execute and read and write
89F000
stack
page read and write
4FAF000
stack
page read and write
587000
unkown
page execute and read and write
1DD22000
heap
page read and write
1DD30000
heap
page read and write
C44000
heap
page read and write
50F1000
heap
page read and write
1DD13000
heap
page read and write
41CE000
stack
page read and write
7013D000
unkown
page readonly
61F000
heap
page read and write
406000
unkown
page execute and read and write
4561000
heap
page read and write
C10000
direct allocation
page read and write
43C1000
heap
page read and write
292E000
stack
page read and write
23EEE000
stack
page read and write
D7253F8000
stack
page read and write
CF4000
heap
page read and write
C44000
heap
page read and write
3FFF000
stack
page read and write
7FF7A2549000
unkown
page readonly
593000
unkown
page execute and write copy
B44000
heap
page read and write
2775000
heap
page read and write
C44000
heap
page read and write
ECF000
stack
page read and write
15B4000
heap
page read and write
1505000
heap
page read and write
4B40000
direct allocation
page execute and read and write
CF4000
heap
page read and write
560D000
stack
page read and write
4B60000
direct allocation
page execute and read and write
29DF000
stack
page read and write
300F000
stack
page read and write
B44000
heap
page read and write
50F1000
heap
page read and write
4551000
heap
page read and write
1DD30000
heap
page read and write
C10000
direct allocation
page read and write
3B8E000
stack
page read and write
B8B000
stack
page read and write
B44000
heap
page read and write
318E000
stack
page read and write
391E000
stack
page read and write
B44000
heap
page read and write
617C000
heap
page read and write
1DD22000
heap
page read and write
50F1000
heap
page read and write
68B000
unkown
page execute and read and write
15B4000
heap
page read and write
B10000
direct allocation
page read and write
7D0000
heap
page read and write
4B90000
direct allocation
page execute and read and write
C44000
heap
page read and write
7B0000
heap
page read and write
684000
unkown
page execute and write copy
1DD22000
heap
page read and write
1161000
unkown
page execute and read and write
32DE000
stack
page read and write
24090000
heap
page read and write
2A4F000
stack
page read and write
B10000
direct allocation
page read and write
277C000
heap
page read and write
50F1000
heap
page read and write
390000
unkown
page readonly
368E000
stack
page read and write
33CF000
stack
page read and write
B44000
heap
page read and write
603000
heap
page read and write
4AAF000
stack
page read and write
B44000
heap
page read and write
341E000
stack
page read and write
1DD13000
heap
page read and write
700C1000
unkown
page execute read
612000
heap
page read and write
3DDF000
stack
page read and write
4A30000
direct allocation
page execute and read and write
15B4000
heap
page read and write
61F000
heap
page read and write
15B4000
heap
page read and write
4551000
heap
page read and write
C44000
heap
page read and write
7C650FE000
stack
page read and write
D7251FD000
stack
page read and write
33F0000
direct allocation
page read and write
FD8000
unkown
page execute and read and write
2D8F000
stack
page read and write
15B4000
heap
page read and write
7A0000
heap
page read and write
55AB000
stack
page read and write
50F1000
heap
page read and write
B44000
heap
page read and write
2FFE000
stack
page read and write
366F000
stack
page read and write
4A50000
direct allocation
page execute and read and write
B10000
direct allocation
page read and write
6C5000
heap
page read and write
61F000
heap
page read and write
56B0000
direct allocation
page execute and read and write
1E877730000
heap
page read and write
B10000
direct allocation
page read and write
4561000
heap
page read and write
B44000
heap
page read and write
4BA0000
direct allocation
page execute and read and write
337F000
stack
page read and write
422E000
stack
page read and write
B44000
heap
page read and write
859B000
stack
page read and write
56E0000
direct allocation
page execute and read and write
7FF72B250000
unkown
page readonly
43C1000
heap
page read and write
B44000
heap
page read and write
2ABF000
stack
page read and write
68E000
unkown
page execute and read and write
401000
unkown
page execute read
33F0000
direct allocation
page read and write
3190000
trusted library section
page read and write
1416000
unkown
page execute and write copy
34BF000
stack
page read and write
307F000
stack
page read and write
B44000
heap
page read and write
33F0000
direct allocation
page read and write
5DC5000
heap
page read and write
49C0000
direct allocation
page execute and read and write
1282000
unkown
page execute and write copy
B44000
heap
page read and write
5A9C000
stack
page read and write
49D0000
direct allocation
page execute and read and write
630000
unkown
page execute and write copy
4561000
heap
page read and write
2578A7A0000
heap
page read and write
690000
unkown
page execute and write copy
B45000
heap
page read and write
C44000
heap
page read and write
4FAF000
stack
page read and write
B30000
direct allocation
page read and write
15B4000
heap
page read and write
B44000
heap
page read and write
23D70000
trusted library allocation
page read and write
1DD14000
heap
page read and write
15B4000
heap
page read and write
CF2000
heap
page read and write
D724CFF000
stack
page read and write
E0A000
heap
page read and write
46EF000
stack
page read and write
1DCF1000
heap
page read and write
69F000
unkown
page execute and write copy
B44000
heap
page read and write
36AF000
stack
page read and write
15B4000
heap
page read and write
4BA0000
direct allocation
page execute and read and write
23DEA000
heap
page read and write
B44000
heap
page read and write
49F0000
direct allocation
page execute and read and write
315F000
stack
page read and write
50F1000
heap
page read and write
23DF7000
heap
page read and write
5680000
remote allocation
page read and write
1DD13000
heap
page read and write
50F1000
heap
page read and write
B30000
direct allocation
page read and write
74A000
stack
page read and write
1DD09000
heap
page read and write
6EF9000
heap
page read and write
CDE000
heap
page read and write
BD0000
heap
page read and write
61B000
heap
page read and write
69F000
unkown
page execute and write copy
CF4000
heap
page read and write
3DCE000
stack
page read and write
5C1000
unkown
page execute and read and write
6170000
heap
page read and write
3FAE000
stack
page read and write
533000
unkown
page execute and write copy
B44000
heap
page read and write
684000
unkown
page execute and write copy
1DD09000
heap
page read and write
B45000
heap
page read and write
276E000
stack
page read and write
625000
heap
page read and write
1DD22000
heap
page read and write
392F000
stack
page read and write
C44000
heap
page read and write
2290000
heap
page read and write
4990000
trusted library allocation
page read and write
38BE000
stack
page read and write
B44000
heap
page read and write
1DD0E000
heap
page read and write
396E000
stack
page read and write
50F1000
heap
page read and write
50F1000
heap
page read and write
28BF000
stack
page read and write
1DCFB000
heap
page read and write
B44000
heap
page read and write
604E000
stack
page read and write
B10000
direct allocation
page read and write
413F000
stack
page read and write
5E8000
unkown
page execute and write copy
25788F06000
heap
page read and write
CF5000
heap
page read and write
3A7000
unkown
page execute and write copy
1DD22000
heap
page read and write
3A6000
unkown
page execute and read and write
612000
heap
page read and write
612000
heap
page read and write
684000
unkown
page execute and write copy
144A000
heap
page read and write
69E000
unkown
page execute and read and write
B44000
heap
page read and write
7C64CF9000
stack
page read and write
C10000
direct allocation
page read and write
1DBDE000
stack
page read and write
C44000
heap
page read and write
62A000
unkown
page execute and read and write
43D0000
heap
page read and write
45AF000
stack
page read and write
4561000
heap
page read and write
50EF000
stack
page read and write
3F2000
unkown
page execute and write copy
5EF000
heap
page read and write
4A60000
direct allocation
page execute and read and write
608000
heap
page read and write
33F0000
direct allocation
page read and write
472E000
stack
page read and write
61C000
heap
page read and write
7FF72B5B9000
unkown
page readonly
C44000
heap
page read and write
522F000
stack
page read and write
1B0E000
stack
page read and write
CF4000
heap
page read and write
1E875910000
heap
page read and write
126B000
unkown
page execute and read and write
CC6000
heap
page read and write
50F1000
heap
page read and write
AFD000
stack
page read and write
350F000
stack
page read and write
50F1000
heap
page read and write
50F1000
heap
page read and write
B10000
direct allocation
page read and write
28EE000
stack
page read and write
587000
unkown
page execute and read and write
50F1000
heap
page read and write
403E000
stack
page read and write
441F000
stack
page read and write
613000
unkown
page execute and write copy
C44000
heap
page read and write
2ADA1000
heap
page read and write
38DF000
stack
page read and write
CC6000
heap
page read and write
B30000
direct allocation
page read and write
1DCDE000
stack
page read and write
B44000
heap
page read and write
3BEE000
stack
page read and write
36EE000
stack
page read and write
C80000
heap
page read and write
B44000
heap
page read and write
612000
heap
page read and write
56C0000
direct allocation
page execute and read and write
55A6000
direct allocation
page read and write
40EE000
stack
page read and write
50F1000
heap
page read and write
15B4000
heap
page read and write
455F000
stack
page read and write
B44000
heap
page read and write
7FF72B5B9000
unkown
page readonly
B44000
heap
page read and write
4561000
heap
page read and write
510000
unkown
page execute and read and write
B44000
heap
page read and write
15B4000
heap
page read and write
7AE000
stack
page read and write
4850000
direct allocation
page read and write
61E1000
heap
page read and write
5BA0000
heap
page read and write
2AB000
stack
page read and write
50F1000
heap
page read and write
4B40000
direct allocation
page execute and read and write
445E000
stack
page read and write
CC6000
heap
page read and write
373F000
stack
page read and write
15B4000
heap
page read and write
B44000
heap
page read and write
330000
unkown
page read and write
407000
unkown
page execute and write copy
1DCFB000
heap
page read and write
4EAE000
stack
page read and write
BCE000
stack
page read and write
5D9000
unkown
page execute and read and write
63E000
unkown
page execute and read and write
49E0000
direct allocation
page execute and read and write
4561000
heap
page read and write
2ADC8000
heap
page read and write
B44000
heap
page read and write
50F1000
heap
page read and write
3F2000
unkown
page execute and read and write
50F1000
heap
page read and write
15B4000
heap
page read and write
C0E000
stack
page read and write
5FD000
heap
page read and write
6D12E000
unkown
page read and write
593000
unkown
page execute and write copy
1539000
heap
page read and write
B44000
heap
page read and write
D0C000
heap
page read and write
1E875A51000
heap
page read and write
677000
unkown
page execute and write copy
3CEF000
stack
page read and write
1D8BF000
stack
page read and write
1DCF3000
heap
page read and write
C10000
direct allocation
page read and write
630000
unkown
page execute and write copy
C74000
heap
page read and write
7FF72B251000
unkown
page execute read
36AC000
stack
page read and write
24088000
heap
page read and write
B30000
direct allocation
page read and write
461000
unkown
page read and write
3C7E000
stack
page read and write
DD9000
heap
page read and write
68C000
unkown
page execute and write copy
B44000
heap
page read and write
377E000
stack
page read and write
5EF000
heap
page read and write
35FF000
stack
page read and write
3EBF000
stack
page read and write
4561000
heap
page read and write
1DD0E000
heap
page read and write
7180000
heap
page read and write
23DF3000
heap
page read and write
1DD07000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
1DA3E000
stack
page read and write
CE6000
heap
page read and write
CAE000
stack
page read and write
2B4F000
stack
page read and write
2408B000
heap
page read and write
B44000
heap
page read and write
4551000
heap
page read and write
B44000
heap
page read and write
7C654F8000
stack
page read and write
57B000
unkown
page execute and write copy
2838000
heap
page read and write
50F1000
heap
page read and write
24091000
heap
page read and write
4561000
heap
page read and write
D0C000
stack
page read and write
2C5F000
stack
page read and write
5DC6000
heap
page read and write
69E000
unkown
page execute and write copy
C2E000
heap
page read and write
4F4000
unkown
page readonly
4BD0000
direct allocation
page execute and read and write
5ED000
unkown
page execute and read and write
3B5F000
stack
page read and write
CEA000
heap
page read and write
73C000
stack
page read and write
444E000
stack
page read and write
33DF000
stack
page read and write
DD0000
heap
page read and write
C44000
heap
page read and write
15A0000
heap
page read and write
51B000
unkown
page execute and read and write
B44000
heap
page read and write
5FB000
heap
page read and write
4B0F000
stack
page read and write
CEE000
stack
page read and write
61B000
heap
page read and write
2B1F000
stack
page read and write
405F000
stack
page read and write
390000
unkown
page read and write
41DE000
stack
page read and write
3180000
trusted library section
page read and write
61DD000
heap
page read and write
B44000
heap
page read and write
512E000
stack
page read and write
4564000
heap
page read and write
B30000
direct allocation
page read and write
7C64EFF000
stack
page read and write
B44000
heap
page read and write
C44000
heap
page read and write
510000
heap
page read and write
CF5000
heap
page read and write
F3F000
stack
page read and write
7FF72B40D000
unkown
page readonly
C44000
heap
page read and write
B20000
heap
page read and write
B1E000
stack
page read and write
50F1000
heap
page read and write
61D000
heap
page read and write
D4B000
heap
page read and write
1DCFF000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
1DD04000
heap
page read and write
50F1000
heap
page read and write
B44000
heap
page read and write
DBA000
heap
page read and write
B30000
direct allocation
page read and write
CF0000
heap
page read and write
4561000
heap
page read and write
69E000
unkown
page execute and write copy
23DE5000
heap
page read and write
7C651FF000
stack
page read and write
629000
unkown
page execute and write copy
61EF000
heap
page read and write
1DD15000
heap
page read and write
7C654FA000
stack
page read and write
50F1000
heap
page read and write
50F1000
heap
page read and write
23FEF000
stack
page read and write
608000
heap
page read and write
CFF000
heap
page read and write
D6B000
stack
page read and write
1DD0E000
heap
page read and write
B44000
heap
page read and write
1DD30000
heap
page read and write
5B7000
unkown
page execute and write copy
5FF000
unkown
page execute and write copy
35AE000
stack
page read and write
5E8000
unkown
page execute and write copy
6D130000
unkown
page read and write
23D70000
trusted library allocation
page read and write
23DD1000
heap
page read and write
7FF7A21E1000
unkown
page execute read
CF4000
heap
page read and write
1DD08000
heap
page read and write
7014E000
unkown
page read and write
62C000
unkown
page execute and write copy
C6E000
stack
page read and write
2AD9C000
stack
page read and write
4D2B000
stack
page read and write
1DD30000
heap
page read and write
C9B000
heap
page read and write
B44000
heap
page read and write
CA0000
heap
page read and write
B44000
heap
page read and write
CF4000
heap
page read and write
618F000
heap
page read and write
B44000
heap
page read and write
482F000
stack
page read and write
1540000
heap
page read and write
3A0F000
stack
page read and write
39BF000
stack
page read and write
D7250FF000
stack
page read and write
61F000
heap
page read and write
50F1000
heap
page read and write
5FB000
heap
page read and write
427F000
stack
page read and write
5990000
heap
page read and write
15B4000
heap
page read and write
D20000
heap
page read and write
1DD30000
heap
page read and write
33F0000
direct allocation
page read and write
25788DF0000
heap
page read and write
61E01000
direct allocation
page execute read
32A0000
heap
page read and write
329F000
stack
page read and write
537000
unkown
page execute and read and write
B44000
heap
page read and write
CF4000
heap
page read and write
363E000
stack
page read and write
CF8000
heap
page read and write
DA1000
unkown
page execute and write copy
25788ED0000
heap
page read and write
61ED3000
direct allocation
page read and write
685000
unkown
page execute and read and write
61FA000
heap
page read and write
64D000
unkown
page execute and read and write
C44000
heap
page read and write
F07000
unkown
page execute and read and write
430E000
stack
page read and write
C10000
direct allocation
page read and write
1DD0C000
heap
page read and write
4E6F000
stack
page read and write
408E000
stack
page read and write
1DD13000
heap
page read and write
3F6F000
stack
page read and write
226E000
stack
page read and write
550D000
stack
page read and write
CF8000
heap
page read and write
B44000
heap
page read and write
43C1000
heap
page read and write
49A0000
trusted library allocation
page read and write
37EF000
stack
page read and write
4B30000
direct allocation
page execute and read and write
277D000
heap
page read and write
15B4000
heap
page read and write
5110000
heap
page read and write
536C000
stack
page read and write
4B70000
direct allocation
page execute and read and write
4B60000
direct allocation
page execute and read and write
559000
unkown
page execute and read and write
30FF000
stack
page read and write
1A0E000
stack
page read and write
2320000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
2C8E000
stack
page read and write
559000
unkown
page execute and read and write
4C2C000
stack
page read and write
356F000
stack
page read and write
CC6000
heap
page read and write
608000
heap
page read and write
405000
unkown
page execute and write copy
42BE000
stack
page read and write
50F1000
heap
page read and write
314F000
stack
page read and write
B10000
direct allocation
page read and write
579000
unkown
page execute and read and write
C71000
heap
page read and write
B44000
heap
page read and write
25788F8C000
heap
page read and write
50F1000
heap
page read and write
23E70000
trusted library allocation
page read and write
148D000
heap
page read and write
B30000
direct allocation
page read and write
1DD14000
heap
page read and write
6D12F000
unkown
page write copy
C44000
heap
page read and write
3B3E000
stack
page read and write
B44000
heap
page read and write
C44000
heap
page read and write
50F1000
heap
page read and write
5100000
heap
page read and write
500000
heap
page read and write
2930000
direct allocation
page read and write
CF4000
heap
page read and write
686000
unkown
page execute and write copy
5680000
remote allocation
page read and write
15B4000
heap
page read and write
5EF000
heap
page read and write
D724BFF000
stack
page read and write
2C4F000
stack
page read and write
4B70000
direct allocation
page execute and read and write
64D000
unkown
page execute and read and write
20C0000
heap
page read and write
C44000
heap
page read and write
4B10000
direct allocation
page execute and read and write
CC2000
heap
page read and write
C44000
heap
page read and write
700C0000
unkown
page readonly
19B000
stack
page read and write
50F1000
heap
page read and write
61B000
heap
page read and write
B44000
heap
page read and write
7FF72B5B1000
unkown
page write copy
4B1F000
stack
page read and write
612000
heap
page read and write
61F000
heap
page read and write
61F000
heap
page read and write
1281000
unkown
page execute and write copy
1DD14000
heap
page read and write
4BEF000
stack
page read and write
B44000
heap
page read and write
3DBE000
stack
page read and write
5FE000
unkown
page execute and read and write
41F000
unkown
page read and write
B44000
heap
page read and write
57B000
unkown
page execute and read and write
25788F00000
heap
page read and write
56AF000
stack
page read and write
5FB000
heap
page read and write
50F1000
heap
page read and write
23E4A000
heap
page read and write
1DCF3000
heap
page read and write
57B000
unkown
page execute and read and write
1D66D000
stack
page read and write
2C9E000
stack
page read and write
1D9FD000
stack
page read and write
3CDE000
stack
page read and write
1E875A79000
heap
page read and write
431E000
stack
page read and write
869C000
stack
page read and write
4561000
heap
page read and write
C9E000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
64C000
unkown
page execute and write copy
3F1F000
stack
page read and write
5B9F000
stack
page read and write
3E0E000
stack
page read and write
D0B000
heap
page read and write
1DD11000
heap
page read and write
392000
unkown
page execute and write copy
3D7F000
stack
page read and write
1DD1F000
heap
page read and write
3F9000
unkown
page write copy
1DCFB000
heap
page read and write
3F2000
unkown
page execute and write copy
C44000
heap
page read and write
7FF7A239D000
unkown
page readonly
5BA8000
heap
page read and write
23DB1000
heap
page read and write
602000
unkown
page execute and read and write
351F000
stack
page read and write
2930000
direct allocation
page read and write
561000
unkown
page execute and read and write
1E875A81000
heap
page read and write
602000
unkown
page execute and read and write
59F000
unkown
page execute and write copy
391000
unkown
page execute and write copy
60E000
heap
page read and write
603000
heap
page read and write
B44000
heap
page read and write
4561000
heap
page read and write
15B4000
heap
page read and write
3A1F000
stack
page read and write
1E875A83000
heap
page read and write
608000
heap
page read and write
624000
unkown
page execute and write copy
1DD30000
heap
page read and write
277B000
heap
page read and write
27DF000
stack
page read and write
B44000
heap
page read and write
5FB000
heap
page read and write
68E000
unkown
page execute and read and write
4FA000
unkown
page readonly
4AEE000
stack
page read and write
5EF000
heap
page read and write
61ED0000
direct allocation
page read and write
673000
unkown
page execute and write copy
15B4000
heap
page read and write
50F1000
heap
page read and write
587000
unkown
page execute and read and write
B44000
heap
page read and write
626000
unkown
page execute and write copy
524000
unkown
page execute and write copy
D10000
direct allocation
page read and write
4561000
heap
page read and write
608000
heap
page read and write
15B4000
heap
page read and write
3F0F000
stack
page read and write
15B4000
heap
page read and write
4561000
heap
page read and write
1DD15000
heap
page read and write
50F1000
heap
page read and write
B30000
direct allocation
page read and write
B40000
heap
page read and write
49D0000
direct allocation
page execute and read and write
B44000
heap
page read and write
B30000
direct allocation
page read and write
1DD0A000
heap
page read and write
B44000
heap
page read and write
E03000
heap
page read and write
313E000
stack
page read and write
56D0000
direct allocation
page execute and read and write
369E000
stack
page read and write
4B20000
direct allocation
page execute and read and write
392000
unkown
page execute and read and write
43D1000
heap
page read and write
4B30000
direct allocation
page execute and read and write
49D0000
direct allocation
page execute and read and write
37CE000
stack
page read and write
50F1000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
6CF50000
unkown
page readonly
54AE000
stack
page read and write
37DE000
stack
page read and write
1DD1C000
heap
page read and write
15B4000
heap
page read and write
690000
unkown
page execute and write copy
7FF72B5B2000
unkown
page read and write
327E000
stack
page read and write
4580000
heap
page read and write
1D62F000
stack
page read and write
CF4000
heap
page read and write
1DD09000
heap
page read and write
1DE00000
trusted library allocation
page read and write
3427000
heap
page read and write
1E8773E0000
heap
page read and write
584000
unkown
page execute and write copy
2ADA0000
heap
page read and write
1DD2D000
heap
page read and write
D62000
stack
page read and write
5DC0000
heap
page read and write
1DD10000
heap
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
50F1000
heap
page read and write
23DFC000
heap
page read and write
4B80000
direct allocation
page execute and read and write
4FEE000
stack
page read and write
61B000
heap
page read and write
D67000
stack
page read and write
5FB000
unkown
page execute and write copy
603000
heap
page read and write
1550000
heap
page read and write
5FB000
heap
page read and write
B44000
heap
page read and write
603000
heap
page read and write
61B000
heap
page read and write
7C652FE000
stack
page read and write
3AFF000
stack
page read and write
C44000
heap
page read and write
4FB000
unkown
page execute and write copy
15B4000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
3F9000
unkown
page write copy
27BF000
stack
page read and write
222F000
stack
page read and write
B44000
heap
page read and write
3C3F000
stack
page read and write
B44000
heap
page read and write
CF4000
heap
page read and write
690000
unkown
page execute and write copy
4561000
heap
page read and write
5FE000
unkown
page execute and read and write
1DCFB000
heap
page read and write
B45000
heap
page read and write
15B4000
heap
page read and write
526E000
stack
page read and write
612000
heap
page read and write
1DD09000
heap
page read and write
5C1000
unkown
page execute and read and write
408000
unkown
page readonly
1DCE6000
heap
page read and write
3410000
direct allocation
page read and write
50F1000
heap
page read and write
3410000
direct allocation
page read and write
1DD0A000
heap
page read and write
6CF51000
unkown
page execute read
7C655FD000
stack
page read and write
B44000
heap
page read and write
1DD0F000
heap
page read and write
33F0000
direct allocation
page read and write
50F1000
heap
page read and write
2D3F000
stack
page read and write
15B4000
heap
page read and write
617000
heap
page read and write
5FF000
unkown
page execute and write copy
1D76F000
stack
page read and write
B44000
heap
page read and write
B44000
heap
page read and write
603000
heap
page read and write
1DD15000
heap
page read and write
3F5E000
stack
page read and write
7FF7A2549000
unkown
page readonly
1492000
heap
page read and write
15B4000
heap
page read and write
5710000
direct allocation
page execute and read and write
50F1000
heap
page read and write
CF4000
heap
page read and write
7FF72B5AE000
unkown
page write copy
328F000
stack
page read and write
405000
unkown
page execute and write copy
C1E000
stack
page read and write
C10000
direct allocation
page read and write
D27000
heap
page read and write
32CE000
stack
page read and write
2940000
heap
page read and write
50F5000
heap
page read and write
68B000
unkown
page execute and read and write
D2C000
heap
page read and write
1DD13000
heap
page read and write
496F000
stack
page read and write
15B4000
heap
page read and write
E10000
heap
page read and write
5E7000
unkown
page execute and read and write
D724FFE000
stack
page read and write
1DCFB000
heap
page read and write
B44000
heap
page read and write
4BD0000
direct allocation
page execute and read and write
323F000
stack
page read and write
5D9E000
stack
page read and write
5B7000
unkown
page execute and write copy
488E000
stack
page read and write
4B90000
direct allocation
page execute and read and write
1D52E000
stack
page read and write
6190000
heap
page read and write
7FF7A2546000
unkown
page read and write
C44000
heap
page read and write
3080000
heap
page read and write
C44000
heap
page read and write
4B40000
direct allocation
page execute and read and write
4C2E000
stack
page read and write
49B0000
direct allocation
page execute and read and write
49AE000
stack
page read and write
4A20000
direct allocation
page execute and read and write
23DE0000
heap
page read and write
CF8000
heap
page read and write
5EF000
heap
page read and write
CF4000
heap
page read and write
B45000
heap
page read and write
C44000
heap
page read and write
33F0000
direct allocation
page read and write
There are 1441 hidden memdumps, click here to show them.