IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsGCBKFBFCGI.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFHDAKJKFCFBGCBGDHCBAFCAKE
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EHCFBFBAEBKJKEBGCAEHCFCBAE
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\HCFCAAEBGCAKKFIDBKJJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\HDGDGHCA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\IIEBGIDAAFHIJJJJEGCG
ASCII text, with very long lines (1765), with CRLF line terminators
dropped
C:\ProgramData\JDGIIDHJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JDGIIDHJEBGIDHJJDBKE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\07e4f568-43c0-41ad-ac33-f0c2a7d6c3ba.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1cb98e81-56c5-411a-b621-fd932782379b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\260fb67d-73c4-471a-a1a2-c0a65bdfb4ee.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3b9cf1c6-5067-4ccd-8bbb-cdcb57cc6da2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\332d5c4f-3fb8-4395-9ce3-7e963ada8de0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-674572C3-1F50.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-674572C4-B1C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2e4587c4-0cff-488d-9d46-6073f5868576.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\622007ec-112e-46de-9aef-f7d70818ee5c.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7f6b4314-adb6-47ce-a4ed-f736fcf9e4bc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7a22f2a3-2aec-4726-8cdc-1e337a31a762.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\93f7ac40-6da7-40fe-991a-c787820a962b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9e16ee97-2942-471e-b276-eb0ab7cad98b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9f6c51dc-0b1b-46c6-83be-4605b36fba39.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3ae33.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a0ba.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b23f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b8810e1f-6b0d-42a1-a8d3-3fef7cbdbbab.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ccdb77e2-9f57-44e5-a26f-c41b172208d8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e7b6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF32898.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF39dc8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2e7c6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF320c8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF31dab.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377078214696418
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\12105fad-69a0-455f-b389-9948fb2d378e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1788bbbf-5fa1-4e89-95be-9192587ce4d4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6e932a4a-c2be-4b68-90ea-f72e42c1fa6f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\78b83ddc-812c-48f9-8a56-fbac1460a618.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2b26e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b41a2f19-003e-4c23-8536-d6781e2220a2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b54cb776-8bb9-401b-8fdc-24e9d043f475.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c9d941da-178e-477a-a8b9-c17ce24f870a.tmp
Unicode text, UTF-8 text, with very long lines (16677), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d0b664f7-c749-4cea-ad5a-e95ea9406909.tmp
Unicode text, UTF-8 text, with very long lines (17435), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\eadfcd57-e90e-406d-9865-6a6e93c3ef77.tmp
Unicode text, UTF-8 text, with very long lines (17435), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\eba9424d-48e7-408f-8b16-c8a2cef598e3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ec5772e8-a661-4934-9358-78335a8267fe.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28af0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28b2f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28d23.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b368.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f080.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39d99.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f89a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a6b9c9d6-2d5d-4255-90ce-5f8b726da870.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bca07e44-f260-4e82-91a0-eb0a4e51b20b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\de241286-e0a2-4a40-be94-f44ed7870243.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f341a91e-f0b9-48cf-acf4-41608a554358.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\014579d5-e488-4723-96f5-b1be3076e886.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\1009228001\d59148a0e0.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\3abfa2be-526e-4097-a147-121566e40953.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\4af4e8d0-a35f-4e82-9482-956372ef5806.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\4f9d6f7b-f595-4638-be30-6e0ff22b07bf.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\a7fe0691-8f36-4997-9e70-c72ab74f7809.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\aeb93502-490d-417f-aafc-956a3dfaf1db.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\f00cf63f-bb8a-469f-828b-8c92683bf063.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\014579d5-e488-4723-96f5-b1be3076e886.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1042602302\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1518198574\4af4e8d0-a35f-4e82-9482-956372ef5806.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1518198574\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1518198574\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1518198574\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir2844_1518198574\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 06:03:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 06:03:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 06:03:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 06:03:24 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 06:03:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 469
ASCII text, with very long lines (3326)
downloaded
Chrome Cache Entry: 470
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 471
ASCII text
downloaded
Chrome Cache Entry: 472
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 473
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 474
SVG Scalable Vector Graphics image
downloaded
There are 287 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=1900,i,14079970636101778942,3824482336983158342,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2488 --field-trial-handle=2268,i,2486232455654180400,10786844336549321907,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2056,i,7325249786665411289,8704774257249683025,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6880 --field-trial-handle=2056,i,7325249786665411289,8704774257249683025,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7048 --field-trial-handle=2056,i,7325249786665411289,8704774257249683025,262144 /prefetch:8
malicious
C:\Users\user\DocumentsGCBKFBFCGI.exe
"C:\Users\user\DocumentsGCBKFBFCGI.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7160 --field-trial-handle=2056,i,7325249786665411289,8704774257249683025,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGCBKFBFCGI.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732604626690&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.17
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://sb.scorecardresearch.com/
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://31.41.244.11/
unknown
http://31.41.244.11/files/random.exeem32
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
http://31.41.244.11/files/random.exeft
unknown
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://sb.scorecardresearch.com/b2?rn=1732604626696&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2A1C8E46DA6B6D3B073F9B05DB6A6C89&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
108.139.47.92
http://31.41.244.11/files/random.exe131d
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.100
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
185.215.113.206/c4becf79229cb002.php
https://web.telegram.org/
unknown
http://185.215.113.16/mine/random.exe~
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
http://185.215.113.206/c4becf79229cb002.phpb8E
unknown
https://mozilla.org0/
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true
204.79.197.203
https://drive-daily-2.corp.google.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://msn.comXIDv106a
unknown
https://assets.msn.com
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732604633591&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.17
https://drive-daily-5.corp.google.com/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
http://31.41.244.11/215.113.43/Zu7JuNko/index.php
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
http://31.41.244.11/files/random.exej.
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://sb.scorecardresearch.com/b?rn=1732604626696&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2A1C8E46DA6B6D3B073F9B05DB6A6C89&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.165.220.106
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
http://185.215.113.43/Zu7JuNko/index.phpoST
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732604633477&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.17
https://m.kugou.com/
unknown
http://31.41.244.11/files/random.exe50623oded
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
http://31.41.244.11/32
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
142.250.181.97
http://185.215.113.206/c4becf79229cb002.phpf
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tidal.com/
unknown
https://ntp.msn.com
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
172.217.17.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.106
www.google.com
142.250.181.100
b-0005.b-dc-msedge.net
13.107.9.158
googlehosted.l.googleusercontent.com
142.250.181.97
sni1gl.wpc.nucdn.net
152.199.21.175
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.8
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.40
unknown
United States
18.165.220.106
sb.scorecardresearch.com
United States
152.195.19.97
unknown
United States
23.200.3.19
unknown
United States
20.189.173.17
unknown
United States
162.159.61.3
unknown
United States
108.139.47.92
unknown
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
104.40.82.182
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
13.107.9.158
b-0005.b-dc-msedge.net
United States
31.41.244.11
unknown
Russian Federation
172.217.17.78
plus.l.google.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
185.215.113.16
unknown
Portugal
142.250.181.100
www.google.com
United States
239.255.255.250
unknown
Reserved
20.96.153.111
unknown
United States
23.44.201.5
unknown
United States
23.44.201.4
unknown
United States
23.209.72.21
unknown
United States
142.250.181.97
googlehosted.l.googleusercontent.com
United States
127.0.0.1
unknown
unknown
204.79.197.203
unknown
United States
There are 18 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197748
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197748
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197748
WindowTabManagerFileMappingId
There are 142 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7D1000
unkown
page execute and read and write
 malicious
661000
unkown
page execute and read and write
 malicious
4FC0000
direct allocation
page read and write
 malicious
F2E000
heap
page read and write
 malicious
7D1000
unkown
page execute and read and write
 malicious
5640000
direct allocation
page read and write
 malicious
4C80000
direct allocation
page read and write
 malicious
E41000
unkown
page execute and read and write
 malicious
5140000
direct allocation
page read and write
 malicious
1334000
heap
page read and write
3B3F000
stack
page read and write
349F000
stack
page read and write
18D4000
heap
page read and write
1A7D000
heap
page read and write
453F000
stack
page read and write
6AA5000
heap
page read and write
399F000
stack
page read and write
4801000
heap
page read and write
18B0000
direct allocation
page read and write
5340000
direct allocation
page execute and read and write
18D4000
heap
page read and write
5140000
direct allocation
page read and write
2F7F000
stack
page read and write
3F0000
heap
page read and write
E54000
heap
page read and write
6CAF1000
unkown
page execute read
1D2F1000
heap
page read and write
18B0000
direct allocation
page read and write
23556000
heap
page read and write
160E000
stack
page read and write
CD1000
unkown
page execute and write copy
4A7E000
stack
page read and write
3B7E000
stack
page read and write
4B31000
heap
page read and write
52C0000
trusted library allocation
page read and write
23710000
trusted library allocation
page read and write
546E000
stack
page read and write
4810000
heap
page read and write
433E000
stack
page read and write
237A0000
heap
page read and write
18D4000
heap
page read and write
389E000
stack
page read and write
1330000
heap
page read and write
4B31000
heap
page read and write
4B20000
direct allocation
page read and write
1D2FE000
heap
page read and write
4B31000
heap
page read and write
4C80000
direct allocation
page read and write
4B31000
heap
page read and write
23490000
heap
page read and write
37BE000
stack
page read and write
839000
unkown
page write copy
1430000
direct allocation
page read and write
4BBE000
stack
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
FD3000
heap
page read and write
59DB000
stack
page read and write
4E10000
direct allocation
page execute and read and write
E54000
heap
page read and write
48FF000
stack
page read and write
443F000
stack
page read and write
E54000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
38FE000
stack
page read and write
18B0000
direct allocation
page read and write
18D4000
heap
page read and write
18B0000
direct allocation
page read and write
18D4000
heap
page read and write
1334000
heap
page read and write
18D4000
heap
page read and write
4CC1000
heap
page read and write
1D2DF000
heap
page read and write
E54000
heap
page read and write
46BE000
stack
page read and write
1D2F1000
heap
page read and write
2C50000
direct allocation
page read and write
4B31000
heap
page read and write
18B0000
direct allocation
page read and write
1D2E9000
heap
page read and write
4B31000
heap
page read and write
146E000
heap
page read and write
4801000
heap
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
23533000
heap
page read and write
5300000
direct allocation
page execute and read and write
4B31000
heap
page read and write
3E0000
heap
page read and write
5310000
direct allocation
page execute and read and write
C7F000
unkown
page execute and read and write
1D30C000
heap
page read and write
1AD2000
heap
page read and write
1430000
direct allocation
page read and write
4CC1000
heap
page read and write
1D2E7000
heap
page read and write
AD4000
unkown
page execute and read and write
3E3E000
stack
page read and write
363F000
stack
page read and write
4801000
heap
page read and write
13BE000
stack
page read and write
E54000
heap
page read and write
1430000
direct allocation
page read and write
1455000
heap
page read and write
18D4000
heap
page read and write
1AAE000
heap
page read and write
18D4000
heap
page read and write
5790000
direct allocation
page execute and read and write
8AA000
unkown
page write copy
39FF000
stack
page read and write
141E000
stack
page read and write
18D4000
heap
page read and write
45BE000
stack
page read and write
4801000
heap
page read and write
832000
unkown
page execute and read and write
39DE000
stack
page read and write
1A9E000
heap
page read and write
42FE000
stack
page read and write
18D4000
heap
page read and write
307F000
stack
page read and write
7D0000
unkown
page read and write
4B31000
heap
page read and write
E54000
heap
page read and write
B3F000
unkown
page execute and read and write
4801000
heap
page read and write
18D4000
heap
page read and write
18D0000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
2ED7000
heap
page read and write
4801000
heap
page read and write
1D307000
heap
page read and write
467F000
stack
page read and write
5140000
direct allocation
page execute and read and write
1D2E9000
heap
page read and write
1D2EB000
heap
page read and write
23543000
heap
page read and write
465E000
stack
page read and write
7D1000
unkown
page execute and write copy
4801000
heap
page read and write
1D30C000
heap
page read and write
4E10000
direct allocation
page execute and read and write
E54000
heap
page read and write
7A00000
heap
page read and write
1D30C000
heap
page read and write
357E000
stack
page read and write
4801000
heap
page read and write
18D5000
heap
page read and write
18D4000
heap
page read and write
3EDE000
stack
page read and write
2BCE000
stack
page read and write
18B0000
direct allocation
page read and write
6E2E000
stack
page read and write
18D4000
heap
page read and write
3D5F000
stack
page read and write
18B0000
direct allocation
page read and write
4801000
heap
page read and write
E54000
heap
page read and write
4B20000
direct allocation
page read and write
235FD000
stack
page read and write
1D2E5000
heap
page read and write
F1E000
stack
page read and write
4A1E000
stack
page read and write
4B31000
heap
page read and write
461F000
stack
page read and write
F88000
heap
page read and write
55AE000
stack
page read and write
1D2F0000
heap
page read and write
18D4000
heap
page read and write
F2A000
heap
page read and write
2C50000
direct allocation
page read and write
34DE000
stack
page read and write
2EDD000
heap
page read and write
3E9F000
stack
page read and write
1D2E3000
heap
page read and write
18D5000
heap
page read and write
7A7E000
stack
page read and write
6CCD0000
unkown
page read and write
1D2DD000
heap
page read and write
5B4E000
stack
page read and write
61E00000
direct allocation
page execute and read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
1D2F1000
heap
page read and write
1D2FE000
heap
page read and write
8AA000
unkown
page read and write
4B31000
heap
page read and write
4B20000
direct allocation
page read and write
12EF000
unkown
page execute and read and write
1D2DF000
heap
page read and write
4B20000
direct allocation
page read and write
5A8C000
stack
page read and write
457E000
stack
page read and write
18D4000
heap
page read and write
52C0000
direct allocation
page execute and read and write
1144000
unkown
page execute and read and write
51C1000
heap
page read and write
41BE000
stack
page read and write
363F000
stack
page read and write
1D2DF000
heap
page read and write
1153000
unkown
page execute and write copy
48FF000
stack
page read and write
52D0000
direct allocation
page execute and read and write
493E000
stack
page read and write
FC2000
heap
page read and write
2C50000
direct allocation
page read and write
51C0000
direct allocation
page execute and read and write
5790000
direct allocation
page execute and read and write
18D4000
heap
page read and write
1430000
direct allocation
page read and write
18D4000
heap
page read and write
46BF000
stack
page read and write
4B31000
heap
page read and write
353F000
stack
page read and write
7910000
heap
page read and write
335F000
stack
page read and write
18D4000
heap
page read and write
3C1F000
stack
page read and write
1CC4E000
stack
page read and write
4B31000
heap
page read and write
1400000
heap
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
4B31000
heap
page read and write
542F000
stack
page read and write
567E000
stack
page read and write
467F000
stack
page read and write
1D11C000
stack
page read and write
48DE000
stack
page read and write
1D2F1000
heap
page read and write
898000
unkown
page execute and read and write
5780000
direct allocation
page execute and read and write
2C50000
direct allocation
page read and write
AE2000
unkown
page execute and read and write
407E000
stack
page read and write
377F000
stack
page read and write
33DE000
stack
page read and write
61ED4000
direct allocation
page readonly
51BF000
stack
page read and write
517E000
stack
page read and write
4B31000
heap
page read and write
4801000
heap
page read and write
32FE000
stack
page read and write
457F000
stack
page read and write
EAB000
unkown
page execute and read and write
1D2D7000
heap
page read and write
2C4E000
stack
page read and write
137E000
stack
page read and write
4CC1000
heap
page read and write
4801000
heap
page read and write
E54000
heap
page read and write
18D4000
heap
page read and write
1A5F000
heap
page read and write
1ABE000
heap
page read and write
B40000
unkown
page execute and write copy
96F0000
heap
page read and write
E54000
heap
page read and write
137E000
stack
page read and write
4B31000
heap
page read and write
4CBF000
stack
page read and write
61EB4000
direct allocation
page read and write
403F000
stack
page read and write
E54000
heap
page read and write
4B31000
heap
page read and write
4B20000
direct allocation
page read and write
18D4000
heap
page read and write
8AC000
unkown
page execute and read and write
1300000
heap
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
4801000
heap
page read and write
4801000
heap
page read and write
4801000
heap
page read and write
4CB6000
direct allocation
page read and write
52A0000
direct allocation
page execute and read and write
3CBE000
stack
page read and write
C81000
unkown
page execute and write copy
E54000
heap
page read and write
33FF000
stack
page read and write
47BF000
stack
page read and write
1220000
heap
page read and write
4801000
heap
page read and write
E50000
heap
page read and write
23590000
trusted library allocation
page read and write
146A000
heap
page read and write
E54000
heap
page read and write
407E000
stack
page read and write
18D4000
heap
page read and write
141B000
heap
page read and write
1D2D6000
heap
page read and write
E54000
heap
page read and write
1D2E3000
heap
page read and write
42FF000
stack
page read and write
411F000
stack
page read and write
1AED000
heap
page read and write
12F1000
unkown
page execute and write copy
5130000
direct allocation
page execute and read and write
1430000
direct allocation
page read and write
417F000
stack
page read and write
4801000
heap
page read and write
1CC0F000
stack
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
37BE000
stack
page read and write
4801000
heap
page read and write
4FC0000
direct allocation
page read and write
E54000
heap
page read and write
18D4000
heap
page read and write
832000
unkown
page execute and read and write
18D4000
heap
page read and write
FBD000
stack
page read and write
7901000
heap
page read and write
EA9000
unkown
page write copy
4B31000
heap
page read and write
580F000
stack
page read and write
A9E000
unkown
page execute and read and write
970F000
heap
page read and write
51C1000
heap
page read and write
1D25D000
stack
page read and write
32BF000
stack
page read and write
E54000
heap
page read and write
4B31000
heap
page read and write
1D2D5000
heap
page read and write
4801000
heap
page read and write
4801000
heap
page read and write
18D4000
heap
page read and write
375E000
stack
page read and write
18D4000
heap
page read and write
1470000
heap
page read and write
18B0000
direct allocation
page read and write
2ED0000
heap
page read and write
1D305000
heap
page read and write
18D5000
heap
page read and write
4801000
heap
page read and write
18D4000
heap
page read and write
479E000
stack
page read and write
1430000
direct allocation
page read and write
1D30A000
heap
page read and write
1D2D7000
heap
page read and write
570E000
stack
page read and write
3437000
heap
page read and write
18D4000
heap
page read and write
7CBC000
stack
page read and write
4801000
heap
page read and write
1430000
direct allocation
page read and write
E54000
heap
page read and write
18D4000
heap
page read and write
E54000
heap
page read and write
343E000
stack
page read and write
1152000
unkown
page execute and read and write
4801000
heap
page read and write
532E000
stack
page read and write
18B0000
direct allocation
page read and write
4C80000
direct allocation
page read and write
1CD8D000
stack
page read and write
52C0000
direct allocation
page execute and read and write
FC7000
heap
page read and write
1AAF000
heap
page read and write
4B31000
heap
page read and write
4B31000
heap
page read and write
4B31000
heap
page read and write
5790000
direct allocation
page execute and read and write
4E30000
direct allocation
page execute and read and write
4801000
heap
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
61ECD000
direct allocation
page readonly
18D4000
heap
page read and write
4801000
heap
page read and write
96EC000
stack
page read and write
A9E000
unkown
page execute and read and write
5790000
direct allocation
page execute and read and write
50FF000
stack
page read and write
1D2F1000
heap
page read and write
56A1000
direct allocation
page read and write
E54000
heap
page read and write
1D2F0000
heap
page read and write
1D2E7000
heap
page read and write
13BC000
stack
page read and write
1460000
heap
page read and write
4801000
heap
page read and write
18B0000
direct allocation
page read and write
42FE000
stack
page read and write
4B20000
direct allocation
page read and write
52B0000
direct allocation
page execute and read and write
7D0000
unkown
page readonly
236FD000
stack
page read and write
18B0000
direct allocation
page read and write
18D4000
heap
page read and write
E54000
heap
page read and write
18D4000
heap
page read and write
4801000
heap
page read and write
43FF000
stack
page read and write
E54000
heap
page read and write
1D2FE000
heap
page read and write
AE2000
unkown
page execute and write copy
4B31000
heap
page read and write
5140000
direct allocation
page execute and read and write
18D4000
heap
page read and write
C81000
unkown
page execute and write copy
18D4000
heap
page read and write
DEE000
stack
page read and write
4800000
heap
page read and write
47FE000
stack
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
5820000
direct allocation
page execute and read and write
4801000
heap
page read and write
377F000
stack
page read and write
DDE000
stack
page read and write
77BA000
heap
page read and write
4B31000
heap
page read and write
1334000
heap
page read and write
18D4000
heap
page read and write
1A0E000
heap
page read and write
2C50000
direct allocation
page read and write
343E000
heap
page read and write
3FDF000
stack
page read and write
18D4000
heap
page read and write
18B0000
direct allocation
page read and write
49DF000
stack
page read and write
34FF000
stack
page read and write
51C0000
heap
page read and write
ACA000
unkown
page execute and read and write
7D1000
unkown
page execute and write copy
19F0000
direct allocation
page execute and read and write
234B0000
heap
page read and write
18B0000
direct allocation
page read and write
52C0000
direct allocation
page execute and read and write
52C0000
direct allocation
page execute and read and write
EA9000
unkown
page write copy
B00000
unkown
page execute and read and write
839000
unkown
page write copy
4B31000
heap
page read and write
1D305000
heap
page read and write
6CA50000
unkown
page readonly
57E0000
direct allocation
page execute and read and write
489F000
stack
page read and write
18D4000
heap
page read and write
4E00000
direct allocation
page execute and read and write
3CBE000
stack
page read and write
6AA6000
heap
page read and write
1D3E8000
heap
page read and write
A27000
unkown
page execute and read and write
6CAF000
stack
page read and write
4B31000
heap
page read and write
6CADE000
unkown
page read and write
1D30B000
heap
page read and write
6E4000
unkown
page execute and read and write
18D4000
heap
page read and write
4801000
heap
page read and write
4801000
heap
page read and write
37FE000
stack
page read and write
AE2000
unkown
page execute and read and write
2EAF000
stack
page read and write
1CFDF000
stack
page read and write
1D2ED000
heap
page read and write
E54000
heap
page read and write
4801000
heap
page read and write
317E000
stack
page read and write
1D2F0000
heap
page read and write
1D2FE000
heap
page read and write
1430000
direct allocation
page read and write
4801000
heap
page read and write
5170000
direct allocation
page execute and read and write
18D4000
heap
page read and write
E54000
heap
page read and write
1AE8000
heap
page read and write
1D2E6000
heap
page read and write
47BF000
stack
page read and write
1D2F1000
heap
page read and write
3DFE000
stack
page read and write
4B31000
heap
page read and write
493E000
stack
page read and write
46BE000
stack
page read and write
18D4000
heap
page read and write
321F000
stack
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
4801000
heap
page read and write
1D309000
heap
page read and write
1D15D000
stack
page read and write
1334000
heap
page read and write
237B4000
heap
page read and write
4B31000
heap
page read and write
83B000
unkown
page execute and read and write
1ACF000
heap
page read and write
3CFE000
stack
page read and write
18D4000
heap
page read and write
7D0000
unkown
page read and write
EBC000
stack
page read and write
18D4000
heap
page read and write
1D2C2000
heap
page read and write
57A0000
direct allocation
page execute and read and write
1D2D7000
heap
page read and write
4801000
heap
page read and write
4B31000
heap
page read and write
4B40000
heap
page read and write
4B31000
heap
page read and write
16FA000
stack
page read and write
4B31000
heap
page read and write
E54000
heap
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
1334000
heap
page read and write
1D2C0000
heap
page read and write
4801000
heap
page read and write
5C4F000
stack
page read and write
1D313000
heap
page read and write
5140000
direct allocation
page execute and read and write
1D2F0000
heap
page read and write
577F000
stack
page read and write
2C50000
direct allocation
page read and write
18D4000
heap
page read and write
23490000
trusted library allocation
page read and write
4F7E000
stack
page read and write
1D2D7000
heap
page read and write
1410000
heap
page read and write
237AC000
heap
page read and write
3B1E000
stack
page read and write
1AD2000
heap
page read and write
4B20000
direct allocation
page read and write
18D4000
heap
page read and write
1D2F8000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
4801000
heap
page read and write
5160000
direct allocation
page execute and read and write
660000
unkown
page read and write
4DFF000
stack
page read and write
4B1F000
stack
page read and write
1D2E7000
heap
page read and write
3DFE000
stack
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
1D2E8000
heap
page read and write
7D0000
unkown
page readonly
18D4000
heap
page read and write
18A0000
heap
page read and write
18D4000
heap
page read and write
1D2DB000
heap
page read and write
6F2F000
stack
page read and write
AD4000
unkown
page execute and read and write
1430000
direct allocation
page read and write
120E000
stack
page read and write
FD9000
heap
page read and write
38FE000
stack
page read and write
2C70000
heap
page read and write
46FE000
stack
page read and write
4B31000
heap
page read and write
36BE000
stack
page read and write
1D3E0000
trusted library allocation
page read and write
4B31000
heap
page read and write
1D30A000
heap
page read and write
4F3F000
stack
page read and write
4B31000
heap
page read and write
2C7E000
heap
page read and write
18D4000
heap
page read and write
6CAF0000
unkown
page readonly
E40000
unkown
page read and write
1D2F0000
heap
page read and write
1D30C000
heap
page read and write
4FFB000
stack
page read and write
5150000
direct allocation
page execute and read and write
1A9E000
heap
page read and write
4B31000
heap
page read and write
1D2FE000
heap
page read and write
1AC7000
heap
page read and write
4B30000
heap
page read and write
52C0000
direct allocation
page execute and read and write
6A7E000
stack
page read and write
2C50000
direct allocation
page read and write
4B31000
heap
page read and write
4CC1000
heap
page read and write
18D4000
heap
page read and write
6CEE000
stack
page read and write
4B31000
heap
page read and write
4801000
heap
page read and write
18D4000
heap
page read and write
3A3E000
stack
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
385E000
stack
page read and write
B3F000
unkown
page execute and write copy
393E000
stack
page read and write
DF0000
heap
page read and write
1D2FE000
heap
page read and write
1458000
heap
page read and write
1457000
heap
page read and write
3DBF000
stack
page read and write
1CE8E000
stack
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
1430000
direct allocation
page read and write
39FF000
stack
page read and write
3D9E000
stack
page read and write
6CACD000
unkown
page readonly
6CAE2000
unkown
page readonly
5140000
direct allocation
page execute and read and write
4B7F000
stack
page read and write
AE3000
unkown
page execute and write copy
2A40C000
stack
page read and write
30DF000
stack
page read and write
1AED000
heap
page read and write
4801000
heap
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
5120000
direct allocation
page execute and read and write
18D4000
heap
page read and write
353F000
stack
page read and write
65E000
stack
page read and write
367F000
stack
page read and write
1D2E7000
heap
page read and write
35DF000
stack
page read and write
1D30A000
heap
page read and write
18D4000
heap
page read and write
4B20000
direct allocation
page read and write
4801000
heap
page read and write
1A9E000
heap
page read and write
32BE000
stack
page read and write
451E000
stack
page read and write
1D313000
heap
page read and write
311E000
stack
page read and write
7BBC000
stack
page read and write
51C1000
heap
page read and write
1ABE000
heap
page read and write
1A00000
heap
page read and write
47FF000
stack
page read and write
339E000
stack
page read and write
237B2000
heap
page read and write
4801000
heap
page read and write
23351000
heap
page read and write
1D313000
heap
page read and write
407F000
stack
page read and write
52EB000
stack
page read and write
7C7000
unkown
page execute and read and write
41FE000
stack
page read and write
1D2F0000
heap
page read and write
4C30000
trusted library allocation
page read and write
1D01D000
stack
page read and write
1152000
unkown
page execute and write copy
4801000
heap
page read and write
1D306000
heap
page read and write
4853000
heap
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
F71000
heap
page read and write
5021000
direct allocation
page read and write
4A7E000
stack
page read and write
6DEF000
stack
page read and write
2C50000
direct allocation
page read and write
4CFE000
stack
page read and write
4B31000
heap
page read and write
439F000
stack
page read and write
6CC8F000
unkown
page readonly
DD8000
stack
page read and write
1D30C000
heap
page read and write
1D2DF000
heap
page read and write
661000
unkown
page execute and write copy
1450000
heap
page read and write
3F7E000
stack
page read and write
1ABF000
heap
page read and write
5330000
direct allocation
page execute and read and write
E54000
heap
page read and write
1AEA000
heap
page read and write
3C5E000
stack
page read and write
51E0000
direct allocation
page execute and read and write
1D30C000
heap
page read and write
5790000
direct allocation
page execute and read and write
475F000
stack
page read and write
18D4000
heap
page read and write
2C7B000
heap
page read and write
3ADF000
stack
page read and write
F6E000
heap
page read and write
44DF000
stack
page read and write
1ABE000
heap
page read and write
3B3F000
stack
page read and write
2B8F000
stack
page read and write
18D4000
heap
page read and write
5110000
direct allocation
page execute and read and write
18D4000
heap
page read and write
51A1000
direct allocation
page read and write
1A7A000
heap
page read and write
2C50000
direct allocation
page read and write
4B20000
direct allocation
page read and write
7910000
heap
page read and write
18D4000
heap
page read and write
FBE000
heap
page read and write
1D305000
heap
page read and write
18D5000
heap
page read and write
4B7F000
stack
page read and write
1430000
direct allocation
page read and write
4B31000
heap
page read and write
234F3000
heap
page read and write
1D2D9000
heap
page read and write
18D4000
heap
page read and write
52F0000
direct allocation
page execute and read and write
371F000
stack
page read and write
4E20000
direct allocation
page execute and read and write
4CC0000
heap
page read and write
18D4000
heap
page read and write
1AC7000
heap
page read and write
23490000
trusted library allocation
page read and write
2FFF000
stack
page read and write
FA6000
heap
page read and write
1D2F1000
heap
page read and write
4801000
heap
page read and write
3F3E000
stack
page read and write
1D2FE000
heap
page read and write
3B7E000
stack
page read and write
41BF000
stack
page read and write
1D2F1000
heap
page read and write
2D7F000
stack
page read and write
1D30C000
heap
page read and write
D1C000
stack
page read and write
18D4000
heap
page read and write
1D2E7000
heap
page read and write
715000
unkown
page execute and read and write
237BA000
heap
page read and write
11EF000
stack
page read and write
2EB0000
heap
page read and write
61E01000
direct allocation
page execute read
E54000
heap
page read and write
453F000
stack
page read and write
4E3E000
stack
page read and write
2C77000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
1D30C000
heap
page read and write
4A3F000
stack
page read and write
2C50000
direct allocation
page read and write
18D4000
heap
page read and write
457E000
stack
page read and write
4B31000
heap
page read and write
51B0000
direct allocation
page execute and read and write
1D307000
heap
page read and write
1D30C000
heap
page read and write
2E7F000
stack
page read and write
5190000
direct allocation
page execute and read and write
4801000
heap
page read and write
1A85000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
3C7F000
stack
page read and write
EDC000
stack
page read and write
18D4000
heap
page read and write
425F000
stack
page read and write
18D4000
heap
page read and write
9BD000
unkown
page execute and read and write
E54000
heap
page read and write
77B0000
heap
page read and write
18D4000
heap
page read and write
38FF000
stack
page read and write
1D305000
heap
page read and write
187E000
stack
page read and write
56AF000
stack
page read and write
58D4000
heap
page read and write
3430000
heap
page read and write
18D4000
heap
page read and write
4801000
heap
page read and write
B28000
unkown
page execute and read and write
1334000
heap
page read and write
4801000
heap
page read and write
E54000
heap
page read and write
18D4000
heap
page read and write
1D2FC000
heap
page read and write
57F0000
direct allocation
page execute and read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
110E000
unkown
page execute and read and write
1AE8000
heap
page read and write
19E0000
direct allocation
page read and write
18D4000
heap
page read and write
1AC2000
heap
page read and write
4B31000
heap
page read and write
1D305000
heap
page read and write
4B20000
direct allocation
page read and write
18D5000
heap
page read and write
4B31000
heap
page read and write
23535000
heap
page read and write
443E000
stack
page read and write
3CBF000
stack
page read and write
1D2FE000
heap
page read and write
42BF000
stack
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
1D2D8000
heap
page read and write
3C7F000
stack
page read and write
E54000
heap
page read and write
325E000
stack
page read and write
18D4000
heap
page read and write
52E0000
direct allocation
page execute and read and write
C7F000
unkown
page execute and read and write
4B31000
heap
page read and write
4CCB000
stack
page read and write
2C50000
direct allocation
page read and write
4801000
heap
page read and write
18D4000
heap
page read and write
E54000
heap
page read and write
1D2F0000
heap
page read and write
23530000
heap
page read and write
51D0000
direct allocation
page execute and read and write
1D2ED000
heap
page read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
E54000
heap
page read and write
1334000
heap
page read and write
18D4000
heap
page read and write
165F000
stack
page read and write
4801000
heap
page read and write
584D000
stack
page read and write
3F3E000
stack
page read and write
5140000
direct allocation
page read and write
4DF0000
direct allocation
page execute and read and write
4B31000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
183E000
stack
page read and write
6FB0000
trusted library allocation
page read and write
1D2F1000
heap
page read and write
18D4000
heap
page read and write
E54000
heap
page read and write
43DE000
stack
page read and write
1ACF000
heap
page read and write
102D000
unkown
page execute and read and write
CD0000
unkown
page execute and read and write
38BF000
stack
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
E54000
heap
page read and write
4801000
heap
page read and write
1334000
heap
page read and write
2FDF000
stack
page read and write
447E000
stack
page read and write
18D4000
heap
page read and write
4801000
heap
page read and write
3BBE000
stack
page read and write
1334000
heap
page read and write
18D4000
heap
page read and write
4801000
heap
page read and write
556F000
stack
page read and write
4B31000
heap
page read and write
598D000
stack
page read and write
3EFF000
stack
page read and write
EA2000
unkown
page execute and read and write
5180000
direct allocation
page execute and read and write
18D4000
heap
page read and write
429E000
stack
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
367E000
stack
page read and write
5140000
direct allocation
page execute and read and write
4801000
heap
page read and write
4B20000
direct allocation
page read and write
697000
unkown
page execute and read and write
4B31000
heap
page read and write
4B31000
heap
page read and write
4801000
heap
page read and write
401E000
stack
page read and write
313F000
stack
page read and write
237BA000
heap
page read and write
37BF000
stack
page read and write
1430000
direct allocation
page read and write
18D4000
heap
page read and write
1D306000
heap
page read and write
3F3F000
stack
page read and write
7900000
heap
page read and write
1420000
heap
page read and write
38BF000
stack
page read and write
4801000
heap
page read and write
18D4000
heap
page read and write
57C0000
direct allocation
page execute and read and write
5830000
direct allocation
page execute and read and write
527F000
stack
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
42BF000
stack
page read and write
40BE000
stack
page read and write
1488000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
3A7E000
stack
page read and write
1D2DE000
heap
page read and write
23560000
heap
page read and write
353E000
stack
page read and write
4DE0000
direct allocation
page execute and read and write
19E0000
direct allocation
page read and write
5800000
direct allocation
page execute and read and write
4801000
heap
page read and write
4C80000
direct allocation
page read and write
839000
unkown
page write copy
6A90000
heap
page read and write
1CB0E000
stack
page read and write
233FB000
heap
page read and write
E1E000
stack
page read and write
443E000
stack
page read and write
1CEDE000
stack
page read and write
18D4000
heap
page read and write
33BF000
stack
page read and write
1D2F1000
heap
page read and write
43FF000
stack
page read and write
6CA51000
unkown
page execute read
790E000
heap
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
3A3F000
stack
page read and write
F20000
heap
page read and write
327F000
stack
page read and write
18D4000
heap
page read and write
415E000
stack
page read and write
4900000
trusted library allocation
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
4DCF000
stack
page read and write
18D4000
heap
page read and write
57D0000
direct allocation
page execute and read and write
4801000
heap
page read and write
1334000
heap
page read and write
1D307000
heap
page read and write
1D2FE000
heap
page read and write
4B31000
heap
page read and write
4FAC000
stack
page read and write
4DC0000
trusted library allocation
page read and write
E54000
heap
page read and write
5320000
direct allocation
page execute and read and write
4DE0000
heap
page read and write
ACA000
unkown
page execute and read and write
2A411000
heap
page read and write
3DBF000
stack
page read and write
52C0000
direct allocation
page execute and read and write
2C50000
direct allocation
page read and write
72C000
unkown
page execute and read and write
6AA0000
heap
page read and write
594E000
stack
page read and write
31BE000
stack
page read and write
6CCCF000
unkown
page write copy
58D0000
heap
page read and write
7DAC000
stack
page read and write
E40000
heap
page read and write
1D2E3000
heap
page read and write
E54000
heap
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
23513000
heap
page read and write
1D2CB000
heap
page read and write
61ED0000
direct allocation
page read and write
7B7E000
stack
page read and write
12EE000
stack
page read and write
5360000
direct allocation
page execute and read and write
361E000
stack
page read and write
5350000
direct allocation
page execute and read and write
138B000
stack
page read and write
1D2E6000
heap
page read and write
E40000
unkown
page readonly
1A60000
heap
page read and write
18D4000
heap
page read and write
4801000
heap
page read and write
33FE000
stack
page read and write
2C50000
direct allocation
page read and write
E54000
heap
page read and write
4B20000
direct allocation
page read and write
132E000
stack
page read and write
3DFF000
stack
page read and write
1D308000
heap
page read and write
1430000
direct allocation
page read and write
1D318000
heap
page read and write
1D2D8000
heap
page read and write
10FD000
stack
page read and write
4B50000
heap
page read and write
3A3E000
stack
page read and write
61ED3000
direct allocation
page read and write
E54000
heap
page read and write
1D2D5000
heap
page read and write
E54000
heap
page read and write
AE2000
unkown
page execute and write copy
507F000
stack
page read and write
18D4000
heap
page read and write
1334000
heap
page read and write
1BFE000
stack
page read and write
18D4000
heap
page read and write
1334000
heap
page read and write
4B31000
heap
page read and write
4801000
heap
page read and write
4B31000
heap
page read and write
18D5000
heap
page read and write
1459000
heap
page read and write
37C000
stack
page read and write
51DA000
heap
page read and write
4B31000
heap
page read and write
AE3000
unkown
page execute and write copy
4CBF000
stack
page read and write
3420000
direct allocation
page execute and read and write
1D2DF000
heap
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
2A410000
heap
page read and write
5879000
stack
page read and write
47FE000
stack
page read and write
1D2FA000
heap
page read and write
1225000
heap
page read and write
113A000
unkown
page execute and read and write
4A3F000
stack
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
1A7E000
heap
page read and write
E54000
heap
page read and write
18D4000
heap
page read and write
17D0000
heap
page read and write
D80000
heap
page read and write
13FE000
stack
page read and write
1ABE000
heap
page read and write
367E000
stack
page read and write
5790000
direct allocation
page execute and read and write
3EFF000
stack
page read and write
18D4000
heap
page read and write
50BE000
stack
page read and write
4B31000
heap
page read and write
341C000
stack
page read and write
18D4000
heap
page read and write
18D4000
heap
page read and write
1A0A000
heap
page read and write
234D0000
heap
page read and write
839000
unkown
page write copy
4B20000
direct allocation
page read and write
61ECC000
direct allocation
page read and write
1A51000
heap
page read and write
1334000
heap
page read and write
2C50000
direct allocation
page read and write
FCC000
heap
page read and write
E54000
heap
page read and write
18B0000
direct allocation
page read and write
2C0E000
stack
page read and write
4B20000
direct allocation
page read and write
4B31000
heap
page read and write
5140000
direct allocation
page execute and read and write
1D2F0000
heap
page read and write
1D2EB000
heap
page read and write
51A0000
direct allocation
page execute and read and write
317F000
stack
page read and write
4B31000
heap
page read and write
23590000
trusted library allocation
page read and write
2A30B000
stack
page read and write
19DF000
stack
page read and write
3B7F000
stack
page read and write
B31000
unkown
page execute and read and write
57B0000
direct allocation
page execute and read and write
417F000
stack
page read and write
E41000
unkown
page execute and write copy
6CCCE000
unkown
page read and write
18D4000
heap
page read and write
4B31000
heap
page read and write
1334000
heap
page read and write
1ACC000
heap
page read and write
1CD4F000
stack
page read and write
303E000
stack
page read and write
4801000
heap
page read and write
13F0000
heap
page read and write
9BD000
unkown
page execute and read and write
1334000
heap
page read and write
83B000
unkown
page execute and read and write
5810000
direct allocation
page execute and read and write
1ACF000
heap
page read and write
E54000
heap
page read and write
6CCD5000
unkown
page readonly
403F000
stack
page read and write
660000
unkown
page readonly
E54000
heap
page read and write
1430000
direct allocation
page read and write
18D4000
heap
page read and write
1220000
heap
page read and write
41BE000
stack
page read and write
61EB7000
direct allocation
page readonly
51C1000
heap
page read and write
4B31000
heap
page read and write
4FC0000
direct allocation
page read and write
F6C000
heap
page read and write
18D4000
heap
page read and write
1D30C000
heap
page read and write
175F000
stack
page read and write
4BBE000
stack
page read and write
4B31000
heap
page read and write
E9E000
stack
page read and write
E54000
heap
page read and write
DD3000
stack
page read and write
5290000
direct allocation
page execute and read and write
1D2DF000
heap
page read and write
There are 1086 hidden memdumps, click here to show them.