IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Local\Temp\1000053001\9963a8aba7.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\1000051000\86cd2764f3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\1000052000\ada2950f18.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\067a40cd-71e9-45b5-8a3c-53c01e0b551a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\0a38c131-ec8e-488e-8796-1497aa787baf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\0d0a1489-0d60-488a-978d-9c3a75cca4dc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\11ecbbbc-1f76-45d3-91ba-eab36cc99a37.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\14e2742e-e51b-4a3d-a7ae-10070001b294.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\17d35daa-f9e3-4c81-a11d-eccfce680849.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\1c171f57-0211-46c1-bd45-6023a6979c39.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\3188aa6a-41b0-45b5-bd3c-e9f32c6b4583.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\4088f7b1-4fb3-4201-871f-2b1c541c4f5e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\46f6a3f7-c35b-4ee1-bb67-d8085721e724.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\4e98e6bf-a3b6-4a4a-b916-577627f66283.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\4ee48009-52bc-48fb-99e1-6a5ce4ad288c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\61e3b796-b431-4ffd-bcac-6fd35b888ac8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\6ea534fb-4fc1-4b7a-acef-43b1b74b2652.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\7faa1e16-1870-4fe1-aa9f-8363b5b4788a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\81f54283-fcc2-4ae5-a620-9c2015531aef.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\97a27ead-7af2-4a74-b2aa-1bfc0bbe4353.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Ad Blocking\83065797-1141-4e72-8e4c-a8ed253e6cc0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics\BrowserMetrics-66D3B9CB-1FF4.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\BrowserMetrics\BrowserMetrics-66D3B9CC-1CDC.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\02c17093-acde-4195-a8aa-efcdb24612b7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\0c3d83a6-ac3b-4363-81af-5fad4253c270.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\0cfc5a20-2588-47e2-9a49-298e68721690.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\1884762f-d011-4e28-9568-6837def7a143.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\1e3792c1-d766-41c4-b3ec-8d13df2240ba.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\28d3068d-d0ec-4b54-bc4c-3a80a4829ec9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\3967302c-1832-4836-b14d-f14cf92779b4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\420ff533-0457-48df-b21a-1c5cbe48e345.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\42cfd1ff-e7b7-4686-a81e-6c432548fb8b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\7546046b-0793-4614-896d-44f26fb57748.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\797068c4-ca1d-4d37-be1a-9cd36e2693a4.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\7ea703e0-987c-40b2-881e-b3c8898a5174.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\813fbeb9-5973-4507-8810-c7460ef2d293.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\94365ccc-be8a-4102-9a97-1ee85b5e747f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Asset Store\assets.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\AssistanceHome\AssistanceHomeSQLite
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\data_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\f_000001
gzip compressed data, was "asset", last modified: Fri Aug 2 18:10:34 2024, max compression, original size modulo 2^32 374872
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\f_000002
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\Cache_Data\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\wasm\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\wasm\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\wasm\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\DawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeCoupons\coupons_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeCoupons\coupons_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeEDrop\EdgeEDropSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Rules\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension Scripts\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Extension State\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\ExtensionActivityComp
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\ExtensionActivityEdge
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Favicons
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\GPUCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Login Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Action Predictor
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\23605f74-e9c9-4826-b949-0ed455ba44e3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\5dfdc42b-5ab0-4219-995e-633bba0a07cf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State~RF348d2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State~RF40636.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Network Persistent State~RF5ba6e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\SCT Auditing Pending Reports~RF2d4ea.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\cabce6c5-57dc-496c-8a32-e29907aa5119.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\e5d88557-e1cd-4d9d-ba7b-d4fbfd7410aa.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\f338dd11-e0c0-40d7-a8d7-14a56183acc9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\f3c02c3c-15b7-4e84-98c1-4e88ada89eb8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network\f7bd3c61-915b-4ceb-a699-cc066615cc5c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF32bc4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF35fd4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF38f7f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF3be7f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF3ef24.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF41ecf.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF44e7a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF47ea2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF4adc1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF4de66.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF50ad5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF53928.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF566fe.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF595a0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF5c25d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF5f237.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RF621e2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\PreferredApps
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\README
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RF331a0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Session Storage\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3ab6b22b-7426-4ac8-b2f1-5df492718fc6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5574ff0b-a249-4fd7-b3dc-94c3b62edefc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\59f74595-b17e-4165-b1f3-5f655c2783ca.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\94e70bdb-23d9-421e-8c8e-4ad49ed1512f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF348d2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF41d67.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f9074a87-11e9-4fa7-9828-7970807e4878.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Top Sites
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Visited Links
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 4, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\WebAssistDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\a6a0c716-4edd-41d9-a7d6-0d95e3f621a3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\af004796-fe65-495e-ab4b-2ec5108f0d7c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\b2fb4f36-90f0-4244-8e3b-90b5aa92c533.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\b7ad7ad5-bee8-46f5-999e-5a48974304fb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\c9b67eb6-252f-401a-b05e-f3c0c759c60e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\d035f4ee-746a-4460-8fd4-cd448b551d27.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\eae87afa-4469-4216-91fa-9f28491b3730.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\fa39ee7b-cdb9-4ffe-af79-41bd0e2de2c0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\heavy_ad_intervention_opt_out.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\load_statistics.db
SQLite 3.x database, last written using SQLite version 3042000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\load_statistics.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\shared_proto_db\metadata\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\uu_host_config
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\GraphiteDawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF2c4fc.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF2c50b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF2c75d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF2c77c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF2ee9c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF31b88.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF348d2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF377d1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF3a72e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF3d756.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF401c1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF428c2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF455ec.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF47ea2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF4add0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF4deb4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF50ae4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF53957.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF566fe.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF595a0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF5c25d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF5f237.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RF621e2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ShaderCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\customSynchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\customSynchronousLookupUris_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\edgeSettings_2.0-0
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\aa035928-a104-4445-87e3-a219cdf38204.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\c7fad62f-a751-4592-a613-e473e0ba8fea.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\c856e3bb-85c2-4fe1-97c6-440be1c56de6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\ccc1e4a0-52e7-4fc9-bcb2-ec9376860048.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\e1413837-647e-4177-bc0d-7f0c47906757.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\e9fc9751-17b9-40f5-a48d-895f7393fd6c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data Kiosk\f636c6ab-8594-4652-b934-33963b2efb72.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\14ca3783-5c6e-41d1-bc42-01b4c549e9a6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1585d8e5-0279-485d-8654-09e227755f75.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b96d871-bd2c-4542-a9f5-70958db7cb8a.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\43422bd2-4a78-4acb-b07c-16f9e1ba2c60.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\68ebcd5c-012b-4b7d-8e8d-59e073439991.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\837ee30e-ff6a-47ba-81b1-f4f6bf03f5e8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8ffd8a24-ca70-4ba5-9f2e-fba01234ccb2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\e4b60841-fe52-4f7b-9ca1-c2939a151854.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D3B9DD-1F0C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D3B9E5-1B30.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D3B9ED-26B4.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D3B9FA-2200.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3a41e786-858c-47f9-8359-47dc9e219b3c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\814af4ac-9d25-4e47-9863-6c3da79efb33.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8351d626-f439-4b67-8502-27361ed22416.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8c190208-c49d-4f0a-9fd0-461b5e3473c1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1ea9378d-1cdb-4afa-ae1a-3ed69299f285.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2e4572e2-2368-4afd-8a46-4095d1682d71.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3c220696-9c77-41e9-8614-91bced6916ed.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3d997851-5f4e-4c2c-a4b6-88fbb6478d60.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\40d68cff-b04e-4ac4-b59e-005288c2643f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4f7d213b-ca7a-4c40-afc0-7d46a9c34f03.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9e16c2bf-a646-46ad-852f-1b2507e34a37.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF33356.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF43de0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF30c07.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF31b59.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF33356.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF38bc6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF418a5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF36c96.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\215e5c89-fbea-43df-a1df-69114cc1b932.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF44717.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF31b59.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\cc849e75-10a8-4ea1-8c2c-47576612edfb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d911a429-a563-46b7-9ccc-d69d0e0c375b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ea39aa7b-7b8e-4277-9a7d-78bc1ae48e16.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 4, database pages 87, cookie 0x66, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e5dd3daf-fae8-4c8f-88a2-bc30fde81d35.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f3716715-cca5-43d0-9b09-9642c5a8d184.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f3f91a12-b0e0-42ba-9385-d5839c73a6c9.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30754.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30764.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF326d2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32701.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32721.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3468f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3469f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37a23.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37a32.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41857.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41d87.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF444a6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF47a4d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF52f06.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF55e06.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c641bd9e-c56d-49d6-8e5e-92813a258559.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d080744a-2314-42ff-b68a-76c7d82a73d6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d79eff26-56e7-4c59-85bb-4f3a433f94a2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dc4935e0-a2be-42a6-9e38-bf96ded92054.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e8b6f666-11f1-49f9-bd25-4009514e2024.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ec2f577b-f0fe-428d-b2d0-d38e0793c71f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f0d89526-6a3a-435f-9358-0c2406640fa3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Temp\744931f4-93c9-45be-a95c-a7d654cd7add.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\8f0ffd80-caae-46e8-89bf-5622c36289f0.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\a3425ad5-3289-484d-a875-bdcb19dc1d20.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\a9247b1a-7afd-4674-a96e-9a0638cdc416.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2056053137\744931f4-93c9-45be-a95c-a7d654cd7add.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2056053137\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2056053137\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2056053137\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2056053137\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\8f0ffd80-caae-46e8-89bf-5622c36289f0.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (4369)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7948_2069013887\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (4369)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1FKQ9HLY1C2ENJ3JHINX.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\875a60a09683c344.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MUTXFGSFJET8BXEAMLWP.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms (copy)
data
dropped
C:\Windows\Tasks\explorti.job
data
dropped
There are 592 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
malicious
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
 malicious
C:\Users\user\AppData\Roaming\1000051000\86cd2764f3.exe
"C:\Users\user\AppData\Roaming\1000051000\86cd2764f3.exe"
malicious
C:\Users\user\AppData\Roaming\1000052000\ada2950f18.exe
"C:\Users\user\AppData\Roaming\1000052000\ada2950f18.exe"
malicious
C:\Users\user\AppData\Local\Temp\1000053001\9963a8aba7.exe
"C:\Users\user\AppData\Local\Temp\1000053001\9963a8aba7.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=2016,i,16176918105418221585,11467192420078464089,262144 --disable-features=TranslateUI /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2548 --field-trial-handle=2020,i,14198895408306512889,17473706492312331998,262144 --disable-features=TranslateUI /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7820 --field-trial-handle=2020,i,14198895408306512889,17473706492312331998,262144 --disable-features=TranslateUI /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7756 --field-trial-handle=2020,i,14198895408306512889,17473706492312331998,262144 --disable-features=TranslateUI /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=2020,i,14198895408306512889,17473706492312331998,262144 --disable-features=TranslateUI /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=2020,i,14198895408306512889,17473706492312331998,262144 --disable-features=TranslateUI /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2060,i,129414383190200186,15968565095771846432,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4436 --field-trial-handle=2060,i,129414383190200186,15968565095771846432,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=2060,i,129414383190200186,15968565095771846432,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=2060,i,129414383190200186,15968565095771846432,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2104,i,2662021225016214237,15127601978370179281,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2068,i,13529609438476124602,4873144029971825180,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2124,i,3282595102075103265,12610826402939548734,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=8132 --field-trial-handle=2020,i,14198895408306512889,17473706492312331998,262144 --disable-features=TranslateUI /prefetch:8
malicious
There are 16 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.100/
185.215.113.100
 malicious
http://185.215.113.19/Vi9leo/index.php
185.215.113.19
 malicious
http://185.215.113.100/e2b1563c6670f193.php
185.215.113.100
 malicious
http://185.215.113.100/e2b1563c6670f193.phpO
unknown
 malicious
http://185.215.113.100
unknown
 malicious
http://185.215.113.100/F
unknown
 malicious
http://185.215.113.100/ws
unknown
 malicious
http://185.215.113.100/T
unknown
 malicious
http://185.215.113.100/e2b1563c6670f193.phpC
unknown
 malicious
http://185.215.113.100/e2b1563c6670f193.php)
unknown
 malicious
http://185.215.113.100/e2b1563c6670f193.php/
unknown
 malicious
http://185.215.113.19/
unknown
 malicious
http://185.215.113.100/e2b1563c6670f193.phpNA
unknown
 malicious
http://185.215.113.100/w
unknown
 malicious
http://185.215.113.100%D
unknown
 malicious
http://185.215.113.100/e2b1563c6670f193.phpML
unknown
 malicious
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
https://msn.com
unknown
http://185.215.113.16/steam/random.exe:aB
unknown
http://185.215.113.16/well/random.exel
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.19/Vi9leo/index.phpJ
unknown
http://185.215.113.19/Vi9leo/index.phptch
unknown
https://docs.google.com/
unknown
http://185.215.113.19/fae1daa8e9eb0eefeb8846d934f48b15eaa495c49#2
unknown
http://185.215.113.19/Vi9leo/index.phpq
unknown
http://185.215.113.19/d5f9dd0246b5cb4f6522427fae1daa8e9eb0eefeb8846d934f48b15eaa495c49##o
unknown
http://185.215.113.19/Local
unknown
https://drive-staging.corp.google.com/
unknown
https://drive.google.com/
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.19/Vi9leo/index.phpd
unknown
http://185.215.113.19/Vi9leo/index.phpc
unknown
https://myaccount.google.com/signinoptions/passwordC:
unknown
https://www.office.com/
unknown
https://chrome.cloudflare-dns.com
unknown
http://185.215.113.16/well/random.exe
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://drive-daily-2.corp.google.com/
unknown
https://drive-autopush.corp.google.com/
unknown
https://drive-daily-4.corp.google.com/
unknown
http://185.215.113.16/steam/random.exe
185.215.113.16
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.office.com/Office
unknown
http://185.215.113.19/Vi9leo/index.phpcd
unknown
https://drive-daily-1.corp.google.com/
unknown
http://185.215.113.19/D
unknown
https://drive-daily-5.corp.google.com/
unknown
https://www.google.com/favicon.ico
142.251.40.196
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://chrome.cloudflare-dns.com/dns-query
162.159.61.3
https://www.google.com/chrome
unknown
https://drive-daily-6.corp.google.com/
unknown
https://drive-daily-0.corp.google.com/
unknown
http://185.215.113.19/Vi9leo/index.php53001
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
http://185.215.113.19/Vi9leo/index.phpls
unknown
https://clients2.googleusercontent.com
unknown
http://185.215.113.19/Vi9leo/index.php#
unknown
http://185.215.113.19/Vi9leo/index.php&
unknown
https://chrome.google.com/webstore/
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx
142.250.185.129
https://drive-daily-3.corp.google.com/
unknown
There are 55 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
s-part-0045.t-0009.t-msedge.net
13.107.246.73
googlehosted.l.googleusercontent.com
142.250.185.129
sni1gl.wpc.nucdn.net
152.199.21.175
s-part-0029.t-0009.t-msedge.net
13.107.246.57
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown

IPs

IP
Domain
Country
Malicious
185.215.113.100
unknown
Portugal
malicious
192.168.2.4
unknown
unknown
malicious
185.215.113.19
unknown
Portugal
malicious
142.250.185.129
googlehosted.l.googleusercontent.com
United States
13.107.246.40
unknown
United States
142.250.80.110
unknown
United States
152.195.19.97
unknown
United States
162.159.61.3
unknown
United States
142.251.41.14
unknown
United States
142.251.40.196
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
23.43.85.136
unknown
United States
13.107.246.73
s-part-0045.t-0009.t-msedge.net
United States
142.250.65.174
unknown
United States
13.107.246.57
s-part-0029.t-0009.t-msedge.net
United States
185.215.113.16
unknown
Portugal
239.255.255.250
unknown
Reserved
There are 7 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MicrosoftEdgeAutoLaunch_5736606B9E4AF5D84DA5A728AAAD52EB
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
metricsid
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
metricsid_installdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
metricsid_enableddate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PrefsLightweight
lw_a5d6a53e96afdef13bf25bb88d9341c7
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Enabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
ProfileErrorState
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles
EnhancedLinkOpeningDefault
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PrefsLightweight
lw_13bbe73648289fe96dfa1aa1bf23b3da
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
ShortcutName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
There are 100 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
50F0000
direct allocation
page read and write
 malicious
901000
unkown
page execute and read and write
 malicious
50F0000
direct allocation
page read and write
 malicious
101000
unkown
page execute and read and write
 malicious
113E000
heap
page read and write
 malicious
161E000
heap
page read and write
 malicious
49B0000
direct allocation
page read and write
 malicious
901000
unkown
page execute and read and write
 malicious
53E0000
direct allocation
page execute and read and write
50E0000
direct allocation
page read and write
4C51000
heap
page read and write
2E6F000
stack
page read and write
DC4000
heap
page read and write
30DF000
stack
page read and write
4511000
heap
page read and write
4C51000
heap
page read and write
6300000
heap
page read and write
1214000
heap
page read and write
4C51000
heap
page read and write
4C51000
heap
page read and write
C1C000
unkown
page execute and write copy
4DF1000
heap
page read and write
30EF000
stack
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
4BD0000
direct allocation
page execute and read and write
4511000
heap
page read and write
2750000
direct allocation
page read and write
41AE000
stack
page read and write
4B41000
heap
page read and write
2FFF000
stack
page read and write
5230000
trusted library allocation
page read and write
2F30000
direct allocation
page read and write
4511000
heap
page read and write
3ADF000
stack
page read and write
656B000
stack
page read and write
4511000
heap
page read and write
4C51000
heap
page read and write
DF0000
direct allocation
page read and write
4A2F000
stack
page read and write
AAA000
unkown
page execute and read and write
969000
unkown
page write copy
4511000
heap
page read and write
4DF1000
heap
page read and write
4511000
heap
page read and write
1590000
heap
page read and write
141F000
heap
page read and write
384F000
stack
page read and write
1384000
heap
page read and write
4B41000
heap
page read and write
4511000
heap
page read and write
32A000
stack
page read and write
50E0000
direct allocation
page read and write
4B41000
heap
page read and write
4B41000
heap
page read and write
4511000
heap
page read and write
6434000
heap
page read and write
2750000
direct allocation
page read and write
B8E000
heap
page read and write
B73000
heap
page read and write
4511000
heap
page read and write
A60000
heap
page read and write
4B70000
direct allocation
page execute and read and write
DC4000
heap
page read and write
2740000
heap
page read and write
3B1E000
stack
page read and write
CDE000
stack
page read and write
3AFF000
stack
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
2750000
direct allocation
page read and write
4511000
heap
page read and write
4C51000
heap
page read and write
386F000
stack
page read and write
DC4000
heap
page read and write
390000
heap
page read and write
464E000
stack
page read and write
4511000
heap
page read and write
2750000
direct allocation
page read and write
4DF1000
heap
page read and write
2F30000
direct allocation
page read and write
370F000
stack
page read and write
3B2F000
stack
page read and write
4C51000
heap
page read and write
1D30F000
stack
page read and write
12E2000
unkown
page execute and write copy
C52000
heap
page read and write
148E000
stack
page read and write
4C50000
heap
page read and write
1384000
heap
page read and write
375E000
stack
page read and write
B9D000
heap
page read and write
1CE0E000
stack
page read and write
50E0000
direct allocation
page read and write
DC4000
heap
page read and write
31E0000
heap
page read and write
4C51000
heap
page read and write
2F30000
direct allocation
page read and write
DC4000
heap
page read and write
DF0000
direct allocation
page read and write
1370000
heap
page read and write
4C51000
heap
page read and write
18C0000
heap
page read and write
4B30000
direct allocation
page execute and read and write
360E000
stack
page read and write
1D04F000
stack
page read and write
4C51000
heap
page read and write
2F4B000
heap
page read and write
402E000
stack
page read and write
4511000
heap
page read and write
48BF000
stack
page read and write
1570000
heap
page read and write
C1B000
unkown
page execute and read and write
DC4000
heap
page read and write
4C51000
heap
page read and write
4511000
heap
page read and write
53D0000
direct allocation
page execute and read and write
4C51000
heap
page read and write
348F000
stack
page read and write
33AE000
stack
page read and write
4DF1000
heap
page read and write
11AC000
heap
page read and write
13E5000
stack
page read and write
4C51000
heap
page read and write
4DF1000
heap
page read and write
115D000
stack
page read and write
969000
unkown
page read and write
604E000
stack
page read and write
9EF000
stack
page read and write
B5B000
heap
page read and write
2750000
direct allocation
page read and write
371F000
stack
page read and write
4511000
heap
page read and write
DF0000
direct allocation
page read and write
4C51000
heap
page read and write
3FEF000
stack
page read and write
1D2DF000
stack
page read and write
3EEF000
stack
page read and write
4C51000
heap
page read and write
3E9F000
stack
page read and write
3CAE000
stack
page read and write
26FE000
stack
page read and write
37AE000
stack
page read and write
5300000
direct allocation
page execute and read and write
4C60000
heap
page read and write
52B0000
direct allocation
page execute and read and write
4511000
heap
page read and write
3B3E000
stack
page read and write
1384000
heap
page read and write
417D000
stack
page read and write
1214000
heap
page read and write
4DF1000
heap
page read and write
4C51000
heap
page read and write
33EE000
stack
page read and write
4B41000
heap
page read and write
ADE000
heap
page read and write
4B41000
heap
page read and write
2F30000
direct allocation
page read and write
1214000
heap
page read and write
5270000
direct allocation
page execute and read and write
3DAE000
stack
page read and write
413F000
stack
page read and write
304F000
stack
page read and write
3C7E000
stack
page read and write
4511000
heap
page read and write
321F000
stack
page read and write
DC4000
heap
page read and write
49A0000
direct allocation
page read and write
53D0000
direct allocation
page execute and read and write
362E000
stack
page read and write
3D9E000
stack
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
4B41000
heap
page read and write
E1E000
stack
page read and write
1386000
heap
page read and write
1384000
heap
page read and write
52E0000
direct allocation
page execute and read and write
DC1000
unkown
page execute and write copy
3B2D000
stack
page read and write
DC4000
heap
page read and write
47EE000
stack
page read and write
66AE000
stack
page read and write
A80000
heap
page read and write
C1C000
unkown
page execute and write copy
4B5E000
stack
page read and write
52D0000
direct allocation
page execute and read and write
C60000
unkown
page read and write
4DF1000
heap
page read and write
C60000
unkown
page readonly
DC4000
heap
page read and write
1520000
heap
page read and write
4511000
heap
page read and write
5280000
direct allocation
page execute and read and write
4C51000
heap
page read and write
3C4E000
stack
page read and write
34AF000
stack
page read and write
4DF1000
heap
page read and write
4DF1000
heap
page read and write
452F000
stack
page read and write
4610000
trusted library allocation
page read and write
C61000
unkown
page execute and write copy
DF0000
direct allocation
page read and write
4B41000
heap
page read and write
4B41000
heap
page read and write
1214000
heap
page read and write
4C51000
heap
page read and write
4DF1000
heap
page read and write
1510000
direct allocation
page read and write
DBF000
unkown
page execute and read and write
1D0CE000
stack
page read and write
460F000
stack
page read and write
134E000
stack
page read and write
4B60000
direct allocation
page execute and read and write
467E000
stack
page read and write
4B41000
heap
page read and write
DC4000
heap
page read and write
62F0000
heap
page read and write
403E000
stack
page read and write
1D70E000
stack
page read and write
C28000
heap
page read and write
4511000
heap
page read and write
52AE000
stack
page read and write
4B41000
heap
page read and write
5270000
direct allocation
page execute and read and write
2750000
direct allocation
page read and write
52A0000
direct allocation
page execute and read and write
1D6D3000
heap
page read and write
9CE000
stack
page read and write
D80000
heap
page read and write
453E000
stack
page read and write
416E000
stack
page read and write
DC4000
heap
page read and write
39BF000
stack
page read and write
DF0000
direct allocation
page read and write
463F000
stack
page read and write
426F000
stack
page read and write
4B30000
direct allocation
page execute and read and write
49FF000
stack
page read and write
D70000
heap
page read and write
4B41000
heap
page read and write
4B3F000
stack
page read and write
4C51000
heap
page read and write
C04000
unkown
page execute and read and write
2750000
direct allocation
page read and write
DC4000
heap
page read and write
190E000
stack
page read and write
4DF1000
heap
page read and write
42AE000
stack
page read and write
4C51000
heap
page read and write
4C51000
heap
page read and write
112D000
unkown
page execute and read and write
1D80E000
stack
page read and write
4B41000
heap
page read and write
5250000
direct allocation
page execute and read and write
4DF1000
heap
page read and write
4C51000
heap
page read and write
4B41000
heap
page read and write
4DF1000
heap
page read and write
646B000
heap
page read and write
4DF1000
heap
page read and write
1D48E000
stack
page read and write
4B41000
heap
page read and write
1384000
heap
page read and write
1384000
heap
page read and write
13D9000
heap
page read and write
2FB0000
direct allocation
page read and write
47BE000
stack
page read and write
4C51000
heap
page read and write
4C51000
heap
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
4B41000
heap
page read and write
DC4000
heap
page read and write
4C51000
heap
page read and write
4B41000
heap
page read and write
DC4000
heap
page read and write
4B10000
direct allocation
page execute and read and write
4DF1000
heap
page read and write
4F80000
trusted library allocation
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
5270000
direct allocation
page execute and read and write
3D4F000
stack
page read and write
C20000
heap
page read and write
4511000
heap
page read and write
4DF2000
heap
page read and write
4520000
heap
page read and write
2AAF000
stack
page read and write
4DF1000
heap
page read and write
4E00000
heap
page read and write
326E000
stack
page read and write
3EBF000
stack
page read and write
376E000
stack
page read and write
3EFE000
stack
page read and write
13EE000
stack
page read and write
1214000
heap
page read and write
1384000
heap
page read and write
376F000
stack
page read and write
DC4000
heap
page read and write
601000
unkown
page execute and read and write
5110000
direct allocation
page execute and read and write
4D40000
heap
page read and write
1382000
heap
page read and write
1214000
heap
page read and write
4C51000
heap
page read and write
B4F000
heap
page read and write
33BE000
stack
page read and write
4511000
heap
page read and write
29AE000
stack
page read and write
C0B000
unkown
page execute and read and write
BB4000
unkown
page readonly
2F30000
direct allocation
page read and write
DC0000
heap
page read and write
52B0000
direct allocation
page execute and read and write
349F000
stack
page read and write
4DF1000
heap
page read and write
2DF7000
heap
page read and write
1214000
heap
page read and write
2FB0000
direct allocation
page read and write
162000
unkown
page execute and read and write
DC4000
heap
page read and write
4511000
heap
page read and write
B91000
heap
page read and write
53AF000
stack
page read and write
4C51000
heap
page read and write
4B30000
direct allocation
page execute and read and write
4511000
heap
page read and write
1510000
direct allocation
page read and write
15F0000
direct allocation
page read and write
BA4000
heap
page read and write
147E000
stack
page read and write
1214000
heap
page read and write
4DF1000
heap
page read and write
5D3E000
stack
page read and write
4C51000
heap
page read and write
2F4D000
heap
page read and write
3E8F000
stack
page read and write
4B41000
heap
page read and write
4511000
heap
page read and write
1D44F000
stack
page read and write
1D6D0000
heap
page read and write
49A0000
direct allocation
page read and write
4C51000
heap
page read and write
541B000
stack
page read and write
373F000
stack
page read and write
5290000
direct allocation
page execute and read and write
1214000
heap
page read and write
4B40000
direct allocation
page execute and read and write
336F000
stack
page read and write
4511000
heap
page read and write
2FB0000
direct allocation
page read and write
400E000
stack
page read and write
4DF1000
heap
page read and write
4511000
heap
page read and write
48DE000
stack
page read and write
1214000
heap
page read and write
362F000
stack
page read and write
387F000
stack
page read and write
1D1CF000
stack
page read and write
52C0000
direct allocation
page execute and read and write
BB4000
unkown
page readonly
4511000
heap
page read and write
4510000
heap
page read and write
5C1000
unkown
page execute and write copy
438E000
stack
page read and write
4511000
heap
page read and write
4A0E000
stack
page read and write
4C5F000
stack
page read and write
92C000
stack
page read and write
43EE000
stack
page read and write
4AEF000
stack
page read and write
4A11000
direct allocation
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
628F000
stack
page read and write
4DF1000
heap
page read and write
962000
unkown
page execute and read and write
1510000
direct allocation
page read and write
3D8E000
stack
page read and write
2767000
heap
page read and write
1214000
heap
page read and write
2FB0000
direct allocation
page read and write
377E000
stack
page read and write
AE1000
unkown
page execute read
4DF1000
heap
page read and write
4511000
heap
page read and write
4C51000
heap
page read and write
312E000
stack
page read and write
2FB0000
direct allocation
page read and write
512E000
stack
page read and write
4DF1000
heap
page read and write
4C51000
heap
page read and write
901000
unkown
page execute and write copy
BA6000
heap
page read and write
11F0000
heap
page read and write
4DEF000
stack
page read and write
5250000
direct allocation
page execute and read and write
361E000
stack
page read and write
34EF000
stack
page read and write
4B00000
direct allocation
page execute and read and write
512C000
stack
page read and write
119F000
heap
page read and write
4511000
heap
page read and write
3FCF000
stack
page read and write
BB0000
unkown
page write copy
1510000
direct allocation
page read and write
4511000
heap
page read and write
4B41000
heap
page read and write
1214000
heap
page read and write
DC4000
heap
page read and write
DE0000
heap
page read and write
1130000
heap
page read and write
133E000
stack
page read and write
4511000
heap
page read and write
3D5F000
stack
page read and write
1214000
heap
page read and write
1214000
heap
page read and write
161A000
heap
page read and write
DC4000
heap
page read and write
1D6CC000
stack
page read and write
2F30000
direct allocation
page read and write
1D18E000
stack
page read and write
DBF000
unkown
page execute and read and write
34BF000
stack
page read and write
96B000
unkown
page execute and read and write
2FB0000
direct allocation
page read and write
5130000
direct allocation
page execute and read and write
35DF000
stack
page read and write
DC4000
heap
page read and write
4DF1000
heap
page read and write
4C51000
heap
page read and write
4511000
heap
page read and write
3FFF000
stack
page read and write
DC1000
unkown
page execute and write copy
488F000
stack
page read and write
466F000
stack
page read and write
1D5CE000
stack
page read and write
1214000
heap
page read and write
56DE000
stack
page read and write
10F5000
stack
page read and write
1384000
heap
page read and write
352E000
stack
page read and write
62F1000
heap
page read and write
4B41000
heap
page read and write
159B000
heap
page read and write
4DF1000
heap
page read and write
2FD7000
heap
page read and write
4D44000
heap
page read and write
366E000
stack
page read and write
901000
unkown
page execute and write copy
4511000
heap
page read and write
ACD000
unkown
page execute and read and write
4511000
heap
page read and write
5310000
direct allocation
page execute and read and write
4511000
heap
page read and write
4C51000
heap
page read and write
102E000
unkown
page execute and read and write
4511000
heap
page read and write
1214000
heap
page read and write
DC4000
heap
page read and write
38AE000
stack
page read and write
6430000
heap
page read and write
4DF1000
heap
page read and write
D1C000
stack
page read and write
169000
unkown
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
CF3000
unkown
page execute and read and write
4511000
heap
page read and write
49A0000
direct allocation
page read and write
4B41000
heap
page read and write
4511000
heap
page read and write
1110000
direct allocation
page read and write
113A000
heap
page read and write
130E000
stack
page read and write
1214000
heap
page read and write
1214000
heap
page read and write
44F0000
heap
page read and write
5240000
direct allocation
page execute and read and write
4DF1000
heap
page read and write
618E000
stack
page read and write
1D08D000
stack
page read and write
4511000
heap
page read and write
B16000
heap
page read and write
157F000
stack
page read and write
2F30000
direct allocation
page read and write
41C000
unkown
page execute and write copy
1D5CD000
stack
page read and write
4DF1000
heap
page read and write
4511000
heap
page read and write
4B41000
heap
page read and write
1510000
direct allocation
page read and write
4511000
heap
page read and write
50FF000
stack
page read and write
2FB0000
direct allocation
page read and write
4B41000
heap
page read and write
DC4000
heap
page read and write
4511000
heap
page read and write
4C51000
heap
page read and write
4C51000
heap
page read and write
324F000
stack
page read and write
4B41000
heap
page read and write
600F000
stack
page read and write
B2F000
heap
page read and write
3FDF000
stack
page read and write
11C0000
heap
page read and write
4511000
heap
page read and write
B55000
heap
page read and write
180F000
stack
page read and write
1214000
heap
page read and write
BB5000
heap
page read and write
401E000
stack
page read and write
740C000
stack
page read and write
A70000
heap
page read and write
4C51000
heap
page read and write
44FF000
stack
page read and write
4C51000
heap
page read and write
BA2000
unkown
page readonly
1214000
heap
page read and write
1214000
heap
page read and write
4511000
heap
page read and write
2750000
direct allocation
page read and write
4511000
heap
page read and write
4B0F000
stack
page read and write
4511000
heap
page read and write
B22000
heap
page read and write
335F000
stack
page read and write
4511000
heap
page read and write
412F000
stack
page read and write
4DF1000
heap
page read and write
411F000
stack
page read and write
4C51000
heap
page read and write
5270000
direct allocation
page execute and read and write
840000
unkown
page execute and read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
52D0000
direct allocation
page execute and read and write
4B41000
heap
page read and write
273E000
stack
page read and write
C04000
unkown
page execute and read and write
4DF1000
heap
page read and write
4A3E000
stack
page read and write
4C51000
heap
page read and write
50E0000
direct allocation
page read and write
4511000
heap
page read and write
1214000
heap
page read and write
3DEE000
stack
page read and write
38EE000
stack
page read and write
4511000
heap
page read and write
980000
heap
page read and write
1D46D000
stack
page read and write
33AF000
stack
page read and write
B8F000
heap
page read and write
1510000
direct allocation
page read and write
3EAF000
stack
page read and write
427F000
stack
page read and write
4BAE000
stack
page read and write
474F000
stack
page read and write
1214000
heap
page read and write
101000
unkown
page execute and write copy
4C61000
heap
page read and write
4C51000
heap
page read and write
4A1E000
stack
page read and write
5E00000
heap
page read and write
4FFC000
stack
page read and write
2EAB000
stack
page read and write
BA5000
heap
page read and write
4511000
heap
page read and write
1679000
heap
page read and write
B06000
heap
page read and write
BA5000
heap
page read and write
16B000
unkown
page execute and read and write
3A0000
heap
page read and write
9FE000
stack
page read and write
4C4F000
stack
page read and write
B73000
heap
page read and write
5270000
direct allocation
page execute and read and write
5E06000
heap
page read and write
4C51000
heap
page read and write
2F30000
direct allocation
page read and write
5280000
direct allocation
page execute and read and write
4511000
heap
page read and write
156B000
stack
page read and write
4511000
heap
page read and write
4B40000
heap
page read and write
39EF000
stack
page read and write
4DF1000
heap
page read and write
4C51000
heap
page read and write
53C0000
direct allocation
page execute and read and write
1214000
heap
page read and write
B73000
heap
page read and write
4DF1000
heap
page read and write
AD0000
heap
page read and write
1185000
heap
page read and write
3AEF000
stack
page read and write
4C51000
heap
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
1214000
heap
page read and write
B8E000
heap
page read and write
1214000
heap
page read and write
42AF000
stack
page read and write
4C51000
heap
page read and write
1D42D000
stack
page read and write
4D60000
trusted library allocation
page read and write
B31000
heap
page read and write
4511000
heap
page read and write
43BF000
stack
page read and write
1384000
heap
page read and write
43AF000
stack
page read and write
4DF1000
heap
page read and write
461F000
stack
page read and write
4511000
heap
page read and write
4B41000
heap
page read and write
5270000
direct allocation
page execute and read and write
404000
unkown
page execute and read and write
2D9B000
stack
page read and write
2F30000
direct allocation
page read and write
48CE000
stack
page read and write
3ACF000
stack
page read and write
5300000
direct allocation
page execute and read and write
4511000
heap
page read and write
4511000
heap
page read and write
4B30000
direct allocation
page execute and read and write
4511000
heap
page read and write
416F000
stack
page read and write
4A6E000
stack
page read and write
4511000
heap
page read and write
2F30000
direct allocation
page read and write
EA0000
unkown
page execute and read and write
7FA000
stack
page read and write
4511000
heap
page read and write
4B41000
heap
page read and write
35FF000
stack
page read and write
4DF1000
heap
page read and write
4C51000
heap
page read and write
42BE000
stack
page read and write
4DF1000
heap
page read and write
1510000
direct allocation
page read and write
2EEE000
stack
page read and write
4B41000
heap
page read and write
4B41000
heap
page read and write
DC4000
heap
page read and write
4511000
heap
page read and write
1384000
heap
page read and write
325E000
stack
page read and write
3C3F000
stack
page read and write
5090000
heap
page read and write
374E000
stack
page read and write
4C61000
heap
page read and write
4CAF000
stack
page read and write
1510000
direct allocation
page read and write
DC4000
heap
page read and write
41B000
unkown
page execute and write copy
337F000
stack
page read and write
105C000
stack
page read and write
388E000
stack
page read and write
456E000
stack
page read and write
4B41000
heap
page read and write
1214000
heap
page read and write
B7C000
unkown
page readonly
DF0000
direct allocation
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
2750000
direct allocation
page read and write
2D2F000
stack
page read and write
4C55000
heap
page read and write
4C51000
heap
page read and write
1214000
heap
page read and write
4511000
heap
page read and write
C55000
heap
page read and write
2FD0000
heap
page read and write
4B41000
heap
page read and write
11BC000
heap
page read and write
962000
unkown
page execute and read and write
2FB0000
direct allocation
page read and write
2750000
direct allocation
page read and write
4DF1000
heap
page read and write
DF0000
direct allocation
page read and write
1510000
direct allocation
page read and write
3C2F000
stack
page read and write
4C51000
heap
page read and write
4C51000
heap
page read and write
4DF1000
heap
page read and write
C61000
unkown
page execute and read and write
4511000
heap
page read and write
451E000
stack
page read and write
50E0000
direct allocation
page read and write
43CE000
stack
page read and write
4C51000
heap
page read and write
4B41000
heap
page read and write
666C000
stack
page read and write
489F000
stack
page read and write
4B90000
direct allocation
page execute and read and write
E8C000
unkown
page execute and read and write
41B000
unkown
page execute and read and write
DC4000
heap
page read and write
1136000
unkown
page execute and read and write
4DF1000
heap
page read and write
4DF0000
heap
page read and write
4511000
heap
page read and write
B97000
heap
page read and write
900000
unkown
page read and write
43EF000
stack
page read and write
1144000
unkown
page execute and write copy
4511000
heap
page read and write
48FE000
stack
page read and write
35EF000
stack
page read and write
442E000
stack
page read and write
1181000
heap
page read and write
151A000
heap
page read and write
5A9E000
stack
page read and write
4B41000
heap
page read and write
1510000
direct allocation
page read and write
4B80000
direct allocation
page execute and read and write
1214000
heap
page read and write
372F000
stack
page read and write
3F0000
heap
page read and write
4B41000
heap
page read and write
1214000
heap
page read and write
4DF1000
heap
page read and write
50E0000
direct allocation
page read and write
4511000
heap
page read and write
415E000
stack
page read and write
1510000
direct allocation
page read and write
5270000
direct allocation
page execute and read and write
4B41000
heap
page read and write
4C51000
heap
page read and write
3C6F000
stack
page read and write
4511000
heap
page read and write
6300000
heap
page read and write
338E000
stack
page read and write
BAC000
unkown
page write copy
C53000
heap
page read and write
2F0000
unkown
page execute and read and write
BD8000
unkown
page execute and read and write
1358000
heap
page read and write
414E000
stack
page read and write
53F0000
direct allocation
page execute and read and write
4B41000
heap
page read and write
4C51000
heap
page read and write
DC4000
heap
page read and write
31E4000
heap
page read and write
363E000
stack
page read and write
DF0000
direct allocation
page read and write
4B41000
heap
page read and write
5ADD000
stack
page read and write
4D50000
trusted library allocation
page read and write
4511000
heap
page read and write
1143000
unkown
page execute and read and write
11B3000
heap
page read and write
479E000
stack
page read and write
5151000
direct allocation
page read and write
2FB0000
direct allocation
page read and write
132E000
stack
page read and write
32AF000
stack
page read and write
52E0000
direct allocation
page execute and read and write
4C61000
heap
page read and write
2D5E000
stack
page read and write
1143000
unkown
page execute and write copy
4B41000
heap
page read and write
110A000
unkown
page execute and read and write
4511000
heap
page read and write
1214000
heap
page read and write
12E1000
unkown
page execute and read and write
4511000
heap
page read and write
9BF000
stack
page read and write
2750000
direct allocation
page read and write
4511000
heap
page read and write
601000
unkown
page execute and write copy
900000
unkown
page readonly
5100000
heap
page read and write
141B000
heap
page read and write
1214000
heap
page read and write
398F000
stack
page read and write
2760000
heap
page read and write
4DF1000
heap
page read and write
730B000
stack
page read and write
4B30000
direct allocation
page execute and read and write
5FE0000
heap
page read and write
4DF1000
heap
page read and write
7050000
heap
page read and write
4C51000
heap
page read and write
4DF1000
heap
page read and write
1CF0F000
stack
page read and write
142C000
heap
page read and write
450E000
stack
page read and write
115D000
stack
page read and write
4C51000
heap
page read and write
4DF1000
heap
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
2FB0000
direct allocation
page read and write
1697000
heap
page read and write
969000
unkown
page write copy
969000
unkown
page read and write
169000
unkown
page write copy
1340000
heap
page read and write
5270000
direct allocation
page read and write
3C5E000
stack
page read and write
4DF1000
heap
page read and write
5C3D000
stack
page read and write
DDE000
stack
page read and write
4511000
heap
page read and write
DF0000
direct allocation
page read and write
3EDE000
stack
page read and write
3B0E000
stack
page read and write
4B6F000
stack
page read and write
389E000
stack
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
52A0000
direct allocation
page execute and read and write
BB9000
heap
page read and write
4C51000
heap
page read and write
2F40000
heap
page read and write
4CEE000
stack
page read and write
52C0000
direct allocation
page execute and read and write
4C51000
heap
page read and write
5BF000
unkown
page execute and read and write
2AEE000
stack
page read and write
4511000
heap
page read and write
4C51000
heap
page read and write
1214000
heap
page read and write
4C51000
heap
page read and write
4511000
heap
page read and write
2D6E000
stack
page read and write
4B1F000
stack
page read and write
11BE000
heap
page read and write
4521000
heap
page read and write
39CE000
stack
page read and write
286F000
stack
page read and write
31AF000
stack
page read and write
C1B000
unkown
page execute and write copy
BD8000
unkown
page execute and read and write
406E000
stack
page read and write
1D80E000
stack
page read and write
1214000
heap
page read and write
1350000
heap
page read and write
900000
unkown
page read and write
151E000
heap
page read and write
B4C000
heap
page read and write
4C51000
heap
page read and write
4511000
heap
page read and write
1510000
direct allocation
page read and write
2DF0000
heap
page read and write
2FB0000
direct allocation
page read and write
399F000
stack
page read and write
5120000
direct allocation
page execute and read and write
4B41000
heap
page read and write
BB9000
heap
page read and write
3180000
heap
page read and write
3B6E000
stack
page read and write
296F000
stack
page read and write
599D000
stack
page read and write
AE1000
unkown
page execute read
44DF000
stack
page read and write
1214000
heap
page read and write
3D7F000
stack
page read and write
1120000
direct allocation
page execute and read and write
9FF000
stack
page read and write
4DF1000
heap
page read and write
9CE000
unkown
page execute and read and write
4B4E000
stack
page read and write
429E000
stack
page read and write
5110000
direct allocation
page execute and read and write
4C51000
heap
page read and write
4511000
heap
page read and write
1525000
heap
page read and write
4B41000
heap
page read and write
334F000
stack
page read and write
4C51000
heap
page read and write
4DF1000
heap
page read and write
4DF1000
heap
page read and write
C82000
unkown
page execute and write copy
C81000
unkown
page execute and read and write
6C4000
unkown
page execute and read and write
B8E000
heap
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
3C0F000
stack
page read and write
4C51000
heap
page read and write
DC4000
heap
page read and write
52F0000
direct allocation
page execute and read and write
522F000
stack
page read and write
4C51000
heap
page read and write
614F000
stack
page read and write
1214000
heap
page read and write
30FF000
stack
page read and write
62FE000
heap
page read and write
4C51000
heap
page read and write
1CF4E000
stack
page read and write
5270000
direct allocation
page execute and read and write
646D000
heap
page read and write
5270000
direct allocation
page execute and read and write
900000
unkown
page readonly
4B41000
heap
page read and write
14CE000
stack
page read and write
BB5000
heap
page read and write
4C51000
heap
page read and write
4BA0000
direct allocation
page execute and read and write
14FE000
stack
page read and write
4B41000
heap
page read and write
1510000
heap
page read and write
2C2E000
stack
page read and write
600000
unkown
page read and write
34FE000
stack
page read and write
1500000
heap
page read and write
1214000
heap
page read and write
4DF1000
heap
page read and write
150E000
stack
page read and write
4DF1000
heap
page read and write
5270000
direct allocation
page execute and read and write
2FAF000
stack
page read and write
3C6E000
stack
page read and write
4DF1000
heap
page read and write
1D6CF000
stack
page read and write
2750000
direct allocation
page read and write
52F0000
direct allocation
page execute and read and write
1610000
heap
page read and write
DC4000
heap
page read and write
100000
unkown
page read and write
1D34E000
stack
page read and write
3F2E000
stack
page read and write
DC4000
heap
page read and write
4FC0000
direct allocation
page read and write
4C51000
heap
page read and write
4C51000
heap
page read and write
492E000
stack
page read and write
100000
unkown
page readonly
B73000
heap
page read and write
428E000
stack
page read and write
478E000
stack
page read and write
43FE000
stack
page read and write
5151000
direct allocation
page read and write
DF0000
direct allocation
page read and write
4DF1000
heap
page read and write
4511000
heap
page read and write
AD6000
unkown
page execute and read and write
311E000
stack
page read and write
B59000
heap
page read and write
4C51000
heap
page read and write
1214000
heap
page read and write
1682000
heap
page read and write
DC4000
heap
page read and write
1384000
heap
page read and write
C53000
heap
page read and write
4511000
heap
page read and write
4C51000
heap
page read and write
4B41000
heap
page read and write
4DF1000
heap
page read and write
43DE000
stack
page read and write
385F000
stack
page read and write
F1E000
stack
page read and write
2F30000
direct allocation
page read and write
4DF1000
heap
page read and write
AE4000
unkown
page execute and write copy
4B41000
heap
page read and write
2FB0000
direct allocation
page read and write
1110000
direct allocation
page read and write
82C000
unkown
page execute and read and write
4511000
heap
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
39AF000
stack
page read and write
CFF000
unkown
page execute and read and write
DC4000
heap
page read and write
4B20000
direct allocation
page execute and read and write
DC4000
heap
page read and write
4511000
heap
page read and write
2BEF000
stack
page read and write
1214000
heap
page read and write
6850000
trusted library allocation
page read and write
C0B000
unkown
page execute and read and write
4DF1000
heap
page read and write
4511000
heap
page read and write
47AF000
stack
page read and write
AF0000
unkown
page execute and read and write
1384000
heap
page read and write
6438000
heap
page read and write
15F0000
direct allocation
page read and write
ADA000
heap
page read and write
594F000
stack
page read and write
4B41000
heap
page read and write
9DB000
stack
page read and write
1214000
heap
page read and write
4B50000
heap
page read and write
322F000
stack
page read and write
425F000
stack
page read and write
154F000
stack
page read and write
1384000
heap
page read and write
1214000
heap
page read and write
4C51000
heap
page read and write
4DF1000
heap
page read and write
57DF000
stack
page read and write
1214000
heap
page read and write
313E000
stack
page read and write
DF0000
direct allocation
page read and write
DC4000
heap
page read and write
105C000
stack
page read and write
4B41000
heap
page read and write
BA2000
unkown
page readonly
4B41000
heap
page read and write
AE0000
unkown
page readonly
4511000
heap
page read and write
4DF1000
heap
page read and write
38BE000
stack
page read and write
2EFF000
stack
page read and write
DF0000
direct allocation
page read and write
BA5000
heap
page read and write
4511000
heap
page read and write
4C51000
heap
page read and write
2F30000
direct allocation
page read and write
465E000
stack
page read and write
1380000
heap
page read and write
4511000
heap
page read and write
1597000
heap
page read and write
B50000
heap
page read and write
5270000
direct allocation
page execute and read and write
4511000
heap
page read and write
4511000
heap
page read and write
48EF000
stack
page read and write
49DF000
stack
page read and write
143F000
stack
page read and write
1214000
heap
page read and write
C3E000
stack
page read and write
693000
unkown
page execute and read and write
4511000
heap
page read and write
B98000
heap
page read and write
2E6E000
stack
page read and write
4DF1000
heap
page read and write
39EE000
stack
page read and write
6FB000
stack
page read and write
522F000
stack
page read and write
4B41000
heap
page read and write
2F2E000
stack
page read and write
4B50000
direct allocation
page execute and read and write
11C0000
heap
page read and write
46AE000
stack
page read and write
BA4000
heap
page read and write
13B0000
heap
page read and write
1197000
heap
page read and write
4511000
heap
page read and write
314F000
stack
page read and write
4DF1000
heap
page read and write
4C51000
heap
page read and write
1D56C000
stack
page read and write
3D6F000
stack
page read and write
4DF1000
heap
page read and write
170F000
stack
page read and write
1214000
heap
page read and write
69F000
unkown
page execute and read and write
4B41000
heap
page read and write
38AF000
stack
page read and write
4BB0000
direct allocation
page execute and read and write
584E000
stack
page read and write
600000
unkown
page readonly
424F000
stack
page read and write
1388000
heap
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
475F000
stack
page read and write
4BC0000
direct allocation
page execute and read and write
DC4000
heap
page read and write
1384000
heap
page read and write
2F30000
direct allocation
page read and write
4511000
heap
page read and write
1D1DE000
stack
page read and write
402F000
stack
page read and write
4C60000
heap
page read and write
477F000
stack
page read and write
2750000
direct allocation
page read and write
2EAE000
stack
page read and write
96B000
unkown
page execute and read and write
5290000
direct allocation
page execute and read and write
2F30000
direct allocation
page read and write
4511000
heap
page read and write
1D20E000
stack
page read and write
1214000
heap
page read and write
4B41000
heap
page read and write
5240000
direct allocation
page execute and read and write
DC4000
heap
page read and write
4B41000
heap
page read and write
2FB0000
direct allocation
page read and write
3EEE000
stack
page read and write
2FEE000
stack
page read and write
AE3000
unkown
page execute and write copy
5260000
direct allocation
page execute and read and write
DC4000
heap
page read and write
1600000
direct allocation
page execute and read and write
4511000
heap
page read and write
BAC000
unkown
page read and write
39DE000
stack
page read and write
1214000
heap
page read and write
15DE000
stack
page read and write
10FE000
stack
page read and write
3D8000
unkown
page execute and read and write
4B41000
heap
page read and write
1214000
heap
page read and write
323F000
stack
page read and write
1510000
direct allocation
page read and write
4511000
heap
page read and write
1D32E000
stack
page read and write
DF0000
direct allocation
page read and write
4B41000
heap
page read and write
49CF000
stack
page read and write
4C61000
heap
page read and write
4C51000
heap
page read and write
4511000
heap
page read and write
13C7000
heap
page read and write
4511000
heap
page read and write
4511000
heap
page read and write
1D58F000
stack
page read and write
12A0000
heap
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
5DFE000
stack
page read and write
276E000
heap
page read and write
B73000
heap
page read and write
42EE000
stack
page read and write
B7C000
unkown
page readonly
DF0000
direct allocation
page read and write
44EF000
stack
page read and write
4DF1000
heap
page read and write
6431000
heap
page read and write
D24000
unkown
page execute and read and write
2FB0000
direct allocation
page read and write
2F47000
heap
page read and write
5E05000
heap
page read and write
39FE000
stack
page read and write
AF0000
unkown
page execute and read and write
410F000
stack
page read and write
3ECE000
stack
page read and write
4C51000
heap
page read and write
5BDC000
stack
page read and write
1664000
heap
page read and write
4C51000
heap
page read and write
34CE000
stack
page read and write
B31000
heap
page read and write
44CF000
stack
page read and write
4511000
heap
page read and write
4DF1000
heap
page read and write
3C1F000
stack
page read and write
327E000
stack
page read and write
2FAF000
stack
page read and write
4C70000
heap
page read and write
4B41000
heap
page read and write
3A2E000
stack
page read and write
2750000
direct allocation
page read and write
527C000
stack
page read and write
DC4000
heap
page read and write
1210000
heap
page read and write
990000
heap
page read and write
C1B000
unkown
page execute and write copy
34EE000
stack
page read and write
4B30000
direct allocation
page execute and read and write
1510000
direct allocation
page read and write
62C0000
heap
page read and write
DC4000
heap
page read and write
4C51000
heap
page read and write
4E10000
heap
page read and write
1D90F000
stack
page read and write
C1B000
unkown
page execute and read and write
1384000
heap
page read and write
1661000
heap
page read and write
DC4000
heap
page read and write
A65000
heap
page read and write
4511000
heap
page read and write
AE0000
unkown
page readonly
AE3000
unkown
page execute and read and write
5100000
direct allocation
page execute and read and write
4C51000
heap
page read and write
2DDE000
stack
page read and write
67AE000
stack
page read and write
5260000
direct allocation
page execute and read and write
439F000
stack
page read and write
3DBE000
stack
page read and write
1214000
heap
page read and write
49EE000
stack
page read and write
40B000
unkown
page execute and read and write
3DAF000
stack
page read and write
5270000
direct allocation
page execute and read and write
35CF000
stack
page read and write
BB5000
heap
page read and write
34DE000
stack
page read and write
339E000
stack
page read and write
There are 1181 hidden memdumps, click here to show them.