IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFCFHDHI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\BAEBGHCFCAAFIECAFIII
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\BAKJKFHCAEGDHIDGDHDA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\CBAFIDAECBGCBFHJEBGDHDBKFI
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\FBGHIIJDGHCBFIECBKEGHDHDBA
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\GDAECAEC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\HIIEBAFCBKFIDGCAKKKF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\chrome.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\12b1310a-bed5-4e60-8e19-94d2d012fec4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\13d5101c-ebd1-4663-9dfe-9b183c9acaa3.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\191f1581-3551-4f98-831e-4e0326a579fa.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\26d4bcd6-2f4b-479e-b460-e5af6467e16b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5c39bf79-d9d3-47b9-9587-e6b5d463d111.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\66039270-05b5-43f9-bd40-d836c4be1d13.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\3bced8c0-e3be-4497-a73e-9627ca348498.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67220E46-1FD0.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0023bb89-1a58-4d21-8998-0bc0a88afbdd.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1330ec80-e107-465a-8ffd-9b48bac3235b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\58099cdf-48b5-4f55-be9e-bf6bcd856110.tmp
Unicode text, UTF-8 text, with very long lines (17433), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6f7588a8-4b30-47bd-816f-ddf186206d5a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\760f37a3-034d-42d2-abd5-8c20b266b777.tmp
Unicode text, UTF-8 text, with very long lines (17598), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\89d6ebfe-521e-45ad-9bc6-3f6c6271d7ae.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\918cd193-21f9-4c38-acf6-5dcb66ca0e40.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2ca82c9d-ad29-4d55-97b1-40343b24eaff.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\481ff446-66db-424e-9d26-9a31a4557937.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\58981797-5e81-478f-b9c0-268c50044e0b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6e80825a-daf4-4c20-aadd-aa240d903618.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\913bee0a-0a73-4bed-a023-3800a60495bc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4ba24.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3b0e2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ba68.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\de9b85df-da1c-4e5d-9dd1-08ea9ecef0f1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ec55.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF428e1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF450bc.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4adc1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3ec84.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4242e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF423d0.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374758729595368
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\046f1c20-0c43-47a0-8b2c-ecd3ef955edd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1595a65e-15f5-4040-83ad-e9cd12e86f63.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\313accbc-50a5-4915-9ecd-3a53ccc2954e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3ba68.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ab667af1-2591-49bc-8472-f1ba657adcf1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b9e535ca-0104-41ac-91c1-a99c33445c83.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cd7b44ea-18c0-488c-9ae0-69a709a0b50d.tmp
Unicode text, UTF-8 text, with very long lines (16840), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d4588bd3-4d80-4e48-8111-07b79920da7e.tmp
Unicode text, UTF-8 text, with very long lines (17598), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fa4b8b62-8bf9-4510-94cf-ef2b7c0e59b7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39b18.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39b76.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39cdd.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c3ce.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4023e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ad92.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50910.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c429dc99-1cbc-4662-8e02-8e2ff2cefe32.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e704ff09-28c4-4519-973d-5fca45667c0f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\382f8ddd-423f-45ce-ab87-15b7fa1a0c0f.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\53918c58-9b4f-4927-a6b1-108d1056cc78.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\5c40ae8a-d814-4a96-8dc1-10df3571665f.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\a07e5239-0001-4370-93ff-f878b4dd7537.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\b4e6b7f5-e049-47b4-a523-e66504073b5c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\b9a19dcb-9e53-496e-bc0b-4dc82eee35cc.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\dc4edc26-28cb-4d74-bf4b-eea7229996a1.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\53918c58-9b4f-4927-a6b1-108d1056cc78.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3700)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1136156612\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3705)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1474073023\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1474073023\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1474073023\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1474073023\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8144_1474073023\b4e6b7f5-e049-47b4-a523-e66504073b5c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
Chrome Cache Entry: 457
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 458
ASCII text, with very long lines (2287)
downloaded
Chrome Cache Entry: 459
ASCII text, with very long lines (815)
downloaded
Chrome Cache Entry: 460
ASCII text
downloaded
Chrome Cache Entry: 461
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 462
ASCII text, with very long lines (1302)
downloaded
Chrome Cache Entry: 463
SVG Scalable Vector Graphics image
downloaded
There are 281 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2308,i,13248434027509961714,6387315998208005900,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=2600,i,4098161083112385091,5340634980591339184,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6776 --field-trial-handle=2600,i,4098161083112385091,5340634980591339184,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6840 --field-trial-handle=2600,i,4098161083112385091,5340634980591339184,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6784 --field-trial-handle=2600,i,4098161083112385091,5340634980591339184,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6784 --field-trial-handle=2600,i,4098161083112385091,5340634980591339184,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6968 --field-trial-handle=2600,i,4098161083112385091,5340634980591339184,262144 /prefetch:8
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2276,i,10947752675193604870,8748139334359778798,262144 /prefetch:8
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/
185.215.113.206
 malicious
http://185.215.113.206/6c4adf523b719729.php
185.215.113.206
 malicious
http://185.215.113.206/746f34465cf17784/softokn3.dll
185.215.113.206
 malicious
http://185.215.113.206/6c4adf523b719729.phpodus.wallet
unknown
 malicious
http://185.215.113.206/746f34465cf17784/freebl3.dll
185.215.113.206
 malicious
http://185.215.113.206/746f34465cf17784/mozglue.dll
185.215.113.206
 malicious
http://185.215.113.206/746f34465cf17784/nss3.dll
185.215.113.206
 malicious
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
https://permanently-removed.invalid/oauth2/v2/tokeninfo
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
http://anglebug.com/4633
unknown
https://anglebug.com/7382
unknown
https://issuetracker.google.com/284462263
unknown
https://sb.scorecardresearch.com/b2?rn=1730285140541&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=046B7A813FEA6CE42F656FA93E1B6DA8&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.238.171.114
https://ntp.msn.cn/edge/ntp
unknown
https://publickeyservice.gcp.privacysandboxservices.com
unknown
https://google-ohttp-relay-join.fastly-edge.com/G
unknown
http://polymer.github.io/AUTHORS.txt
unknown
https://docs.google.com/
unknown
https://google-ohttp-relay-join.fastly-edge.com/Iw
unknown
https://google-ohttp-relay-join.fastly-edge.com/jx
unknown
https://publickeyservice.pa.aws.privacysandboxservices.com
unknown
https://google-ohttp-relay-join.fastly-edge.com/Ix
unknown
https://google-ohttp-relay-join.fastly-edge.com/J
unknown
https://photos.google.com/settings?referrer=CHROME_NTP
unknown
https://anglebug.com/7714
unknown
https://www.instagram.com
unknown
http://185.215.113.206/746f34465cf17784/freebl3.dllY
unknown
https://photos.google.com?referrer=CHROME_NTP
unknown
http://anglebug.com/6248
unknown
https://google-ohttp-relay-join.fastly-edge.com/T
unknown
https://ogs.google.com/widget/callout?eom=1
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
http://anglebug.com/6929
unknown
http://anglebug.com/5281
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://issuetracker.google.com/255411748
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730285141639&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.28
https://web.telegram.org/
unknown
https://permanently-removed.invalid/oauth2/v4/token
unknown
https://anglebug.com/7246
unknown
https://anglebug.com/7369
unknown
https://anglebug.com/7489
unknown
http://185.215.113.206/6c4adf523b719729.phpata
unknown
https://chrome.google.com/webstore
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
http://polymer.github.io/PATENTS.txt
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.ico
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://issuetracker.google.com/161903006
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://drive-daily-5.corp.google.com/
unknown
https://plus.google.com
unknown
http://185.215.113.206/746f34465cf17784/nss3.dll.
unknown
https://permanently-removed.invalid/chrome/blank.html
unknown
http://anglebug.com/3078
unknown
http://anglebug.com/7553
unknown
http://anglebug.com/5375
unknown
https://permanently-removed.invalid/v1/issuetoken
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0
142.250.186.174
http://anglebug.com/5371
unknown
http://anglebug.com/4722
unknown
https://m.google.com/devicemanagement/data/api
unknown
https://permanently-removed.invalid/reauth/v1beta/users/
unknown
http://anglebug.com/7556
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://chrome.google.com/webstore/
unknown
https://assets.msn.cn/resolver/
unknown
https://publickeyservice.pa.gcp.privacysandboxservices.com
unknown
http://185.215.113.206/6c4adf523b719729.phpSb
unknown
https://browser.events.data.msn.com/
unknown
https://permanently-removed.invalid/RotateBoundCookies
unknown
http://anglebug.com/6692
unknown
https://issuetracker.google.com/258207403
unknown
http://anglebug.com/3502
unknown
http://anglebug.com/3623
unknown
https://www.office.com
unknown
http://anglebug.com/3625
unknown
https://outlook.live.com/mail/0/
unknown
http://anglebug.com/3624
unknown
http://anglebug.com/5007
unknown
http://anglebug.com/3862
unknown
https://docs.rs/getrandom#nodejs-es-module-support
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
https://chrome.google.com/webstoreLDDiscover
unknown
https://www.ecosia.org/search?q=&addon=opensearch
unknown
http://anglebug.com/4836
unknown
https://issuetracker.google.com/issues/166475273
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.186.174
play.google.com
142.250.186.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.154.84.16
www.google.com
142.250.184.228
googlehosted.l.googleusercontent.com
142.250.186.33
sni1gl.wpc.nucdn.net
152.199.21.175
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
142.250.186.174
plus.l.google.com
United States
152.195.19.97
unknown
United States
192.168.2.16
unknown
unknown
23.198.7.180
unknown
United States
18.154.84.16
sb.scorecardresearch.com
United States
20.125.209.212
unknown
United States
23.47.194.99
unknown
United States
142.250.184.228
www.google.com
United States
204.79.197.219
unknown
United States
142.250.186.33
googlehosted.l.googleusercontent.com
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
142.250.186.78
play.google.com
United States
18.238.171.114
unknown
United States
13.107.246.57
unknown
United States
23.198.7.174
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
20.189.173.28
unknown
United States
239.255.255.250
unknown
Reserved
20.75.60.91
unknown
United States
23.221.22.215
unknown
United States
127.0.0.1
unknown
unknown
There are 13 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197670
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197670
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197670
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197670
WindowTabManagerFileMappingId
There are 145 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
124E000
heap
page read and write
 malicious
4E80000
direct allocation
page read and write
 malicious
451000
unkown
page execute and read and write
 malicious
24AFBB22000
heap
page read and write
25000418000
trusted library allocation
page read and write
362E000
stack
page read and write
590801D18000
trusted library allocation
page read and write
5FA000
unkown
page execute and read and write
590801678000
trusted library allocation
page read and write
5908015CC000
trusted library allocation
page read and write
1D503000
heap
page read and write
590801458000
trusted library allocation
page read and write
25000308000
trusted library allocation
page read and write
78C800390000
trusted library allocation
page read and write
49F1000
heap
page read and write
590800F44000
trusted library allocation
page read and write
236CE000
stack
page read and write
590800EE0000
trusted library allocation
page read and write
590801D4C000
trusted library allocation
page read and write
10D4000
heap
page read and write
ADA27FE000
stack
page read and write
AD8E7F4000
stack
page read and write
724C002AC000
direct allocation
page read and write
1CF4F000
stack
page read and write
24AF9BF0000
heap
page read and write
5908017F0000
trusted library allocation
page read and write
78C8002F4000
trusted library allocation
page read and write
23650000
trusted library allocation
page read and write
1D21E000
stack
page read and write
590801908000
trusted library allocation
page read and write
590800D0C000
trusted library allocation
page read and write
5908017E0000
trusted library allocation
page read and write
1EEB5B9C000
heap
page read and write
ADACFFE000
unkown
page readonly
590801AEC000
trusted library allocation
page read and write
DB80060C000
trusted library allocation
page read and write
59080033C000
trusted library allocation
page read and write
78C800324000
trusted library allocation
page read and write
590801838000
trusted library allocation
page read and write
6CAA2000
unkown
page readonly
C58002A4000
trusted library allocation
page read and write
10D4000
heap
page read and write
59080036C000
trusted library allocation
page read and write
33AE000
stack
page read and write
5908003EC000
trusted library allocation
page read and write
419400250000
trusted library allocation
page read and write
78C800334000
trusted library allocation
page read and write
59080107C000
trusted library allocation
page read and write
590801D28000
trusted library allocation
page read and write
25000284000
trusted library allocation
page read and write
78C80021C000
trusted library allocation
page read and write
1D4F0000
heap
page read and write
590801BF0000
trusted library allocation
page read and write
E3C000
stack
page read and write
C58002B0000
trusted library allocation
page read and write
250003AC000
trusted library allocation
page read and write
78C800124000
trusted library allocation
page read and write
78C8001C0000
trusted library allocation
page read and write
1D4E6000
heap
page read and write
5908013C4000
trusted library allocation
page read and write
78C8001B4000
trusted library allocation
page read and write
1D507000
heap
page read and write
5908001C8000
trusted library allocation
page read and write
590801924000
trusted library allocation
page read and write
590801D28000
trusted library allocation
page read and write
590801758000
trusted library allocation
page read and write
724C00220000
direct allocation
page read and write
AD9F7FD000
stack
page read and write
ADAA7FE000
stack
page read and write
590801874000
trusted library allocation
page read and write
25000250000
trusted library allocation
page read and write
590801634000
trusted library allocation
page read and write
DB800330000
trusted library allocation
page read and write
25000390000
trusted library allocation
page read and write
5908018DC000
trusted library allocation
page read and write
590801C60000
trusted library allocation
page read and write
590801B10000
trusted library allocation
page read and write
590800FC4000
trusted library allocation
page read and write
590801720000
trusted library allocation
page read and write
590801C20000
trusted library allocation
page read and write
10D4000
heap
page read and write
78C800484000
trusted library allocation
page read and write
4A00000
heap
page read and write
24AFBB28000
heap
page read and write
590800210000
trusted library allocation
page read and write
590800F44000
trusted library allocation
page read and write
590801D00000
trusted library allocation
page read and write
1EEB6154000
heap
page read and write
24AF9D13000
heap
page read and write
590801B00000
trusted library allocation
page read and write
10D4000
heap
page read and write
5908003A4000
trusted library allocation
page read and write
590801844000
trusted library allocation
page read and write
DB8006E4000
trusted library allocation
page read and write
5030000
direct allocation
page execute and read and write
419400294000
trusted library allocation
page read and write
590800C20000
trusted library allocation
page read and write
5908013C4000
trusted library allocation
page read and write
24AF9CBC000
heap
page read and write
590800328000
trusted library allocation
page read and write
4194002B8000
trusted library allocation
page read and write
49F1000
heap
page read and write
AD94FFE000
unkown
page readonly
10D4000
heap
page read and write
25000238000
trusted library allocation
page read and write
590801D28000
trusted library allocation
page read and write
78C80025C000
trusted library allocation
page read and write
39EE000
stack
page read and write
4194002B4000
trusted library allocation
page read and write
590800E84000
trusted library allocation
page read and write
6CD11000
unkown
page readonly
78C800278000
trusted library allocation
page read and write
1D4F0000
heap
page read and write
10D4000
heap
page read and write
78C8001EC000
trusted library allocation
page read and write
78C8002DC000
trusted library allocation
page read and write
78C800001000
trusted library allocation
page read and write
590801C80000
trusted library allocation
page read and write
1D4D5000
heap
page read and write
590801D58000
trusted library allocation
page read and write
590800294000
trusted library allocation
page read and write
49F1000
heap
page read and write
25000220000
trusted library allocation
page read and write
25CC00244000
direct allocation
page read and write
1D4F0000
heap
page read and write
F38000
stack
page read and write
2CE7000
heap
page read and write
59080190C000
trusted library allocation
page read and write
9C2000
unkown
page execute and read and write
24AFBBCF000
heap
page read and write
25000424000
trusted library allocation
page read and write
78C800020000
trusted library allocation
page read and write
1D4FD000
heap
page read and write
10D4000
heap
page read and write
49F1000
heap
page read and write
F3D000
stack
page read and write
24AF9CAC000
heap
page read and write
724C00217000
direct allocation
page read and write
590800FBC000
trusted library allocation
page read and write
ADA8FFE000
unkown
page readonly
724C00294000
direct allocation
page read and write
590800FC4000
trusted library allocation
page read and write
6B8000
unkown
page execute and read and write
590801BC0000
trusted library allocation
page read and write
419400230000
trusted library allocation
page read and write
1D4F3000
heap
page read and write
590801058000
trusted library allocation
page read and write
ADAB7FE000
stack
page read and write
1EEB6166000
heap
page read and write
590801684000
trusted library allocation
page read and write
49F1000
heap
page read and write
5908014B4000
trusted library allocation
page read and write
24AF9C96000
heap
page read and write
10D4000
heap
page read and write
78C8002E8000
trusted library allocation
page read and write
1EEB5BA0000
heap
page read and write
24AFBB0D000
heap
page read and write
59080107C000
trusted library allocation
page read and write
590801900000
trusted library allocation
page read and write
1D4FD000
heap
page read and write
590801518000
trusted library allocation
page read and write
590800214000
trusted library allocation
page read and write
24AFBBCF000
heap
page read and write
5908016B8000
trusted library allocation
page read and write
590801780000
trusted library allocation
page read and write
590801CB0000
trusted library allocation
page read and write
426F000
stack
page read and write
1CE4E000
stack
page read and write
49F1000
heap
page read and write
49F1000
heap
page read and write
590801BAC000
trusted library allocation
page read and write
ADB7FFE000
unkown
page readonly
1EEB5B96000
heap
page read and write
78C8002F4000
trusted library allocation
page read and write
24AF9CBB000
heap
page read and write
1EEB6169000
heap
page read and write
10D4000
heap
page read and write
1EEB263C000
heap
page read and write
DB800678000
trusted library allocation
page read and write
250002F1000
trusted library allocation
page read and write
59080036C000
trusted library allocation
page read and write
1EEB6156000
heap
page read and write
698000
unkown
page execute and read and write
1EEB6166000
heap
page read and write
24AFBBC9000
heap
page read and write
590800F84000
trusted library allocation
page read and write
5908003EC000
trusted library allocation
page read and write
ADAAFFE000
unkown
page readonly
590800EE0000
trusted library allocation
page read and write
590800328000
trusted library allocation
page read and write
5EB000
unkown
page execute and read and write
59080149C000
trusted library allocation
page read and write
590801399000
trusted library allocation
page read and write
590801318000
trusted library allocation
page read and write
590801734000
trusted library allocation
page read and write
590801824000
trusted library allocation
page read and write
590801880000
trusted library allocation
page read and write
AD9C7FC000
stack
page read and write
24AFBB8D000
heap
page read and write
61ED3000
direct allocation
page read and write
C58002D8000
trusted library allocation
page read and write
10D4000
heap
page read and write
590800298000
trusted library allocation
page read and write
590800234000
trusted library allocation
page read and write
9DB000
unkown
page execute and write copy
ADA87FD000
stack
page read and write
590800FAC000
trusted library allocation
page read and write
2C5C000
stack
page read and write
12A8000
heap
page read and write
590801C40000
trusted library allocation
page read and write
1EEB6154000
heap
page read and write
49F1000
heap
page read and write
590801664000
trusted library allocation
page read and write
4EBC000
stack
page read and write
AD9E7FE000
stack
page read and write
10D4000
heap
page read and write
59080021C000
trusted library allocation
page read and write
590801C74000
trusted library allocation
page read and write
590801C98000
trusted library allocation
page read and write
10D4000
heap
page read and write
ADB37FE000
stack
page read and write
78C800280000
trusted library allocation
page read and write
49F1000
heap
page read and write
78C8001D0000
trusted library allocation
page read and write
C58002A4000
trusted library allocation
page read and write
1EEB614E000
heap
page read and write
59080033C000
trusted library allocation
page read and write
250002D8000
trusted library allocation
page read and write
590801070000
trusted library allocation
page read and write
1D4F0000
heap
page read and write
24A82FD0000
trusted library section
page readonly
ADB17FE000
stack
page read and write
590801D4C000
trusted library allocation
page read and write
9CB000
unkown
page execute and read and write
78C800064000
trusted library allocation
page read and write
2500027C000
trusted library allocation
page read and write
24AF9D61000
heap
page read and write
78C800258000
trusted library allocation
page read and write
24AFBB96000
heap
page read and write
59080191C000
trusted library allocation
page read and write
5908012BC000
trusted library allocation
page read and write
59080022C000
trusted library allocation
page read and write
24AF9CC9000
heap
page read and write
590801D18000
trusted library allocation
page read and write
61ECD000
direct allocation
page readonly
590800FE8000
trusted library allocation
page read and write
724C00230000
direct allocation
page read and write
24A80BD0000
unkown
page read and write
24AFBB54000
heap
page read and write
34AF000
stack
page read and write
590801478000
trusted library allocation
page read and write
724C0021C000
direct allocation
page read and write
590800F84000
trusted library allocation
page read and write
724C00210000
direct allocation
page read and write
590800484000
trusted library allocation
page read and write
590800298000
trusted library allocation
page read and write
590800FE8000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
DB800320000
trusted library allocation
page read and write
4194002C8000
trusted library allocation
page read and write
5908016B4000
trusted library allocation
page read and write
590801444000
trusted library allocation
page read and write
590801AEC000
trusted library allocation
page read and write
590800F44000
trusted library allocation
page read and write
1EEB61BB000
heap
page read and write
1EEB5BA1000
heap
page read and write
322F000
stack
page read and write
419400294000
trusted library allocation
page read and write
590800294000
trusted library allocation
page read and write
5908014C4000
trusted library allocation
page read and write
1D50C000
heap
page read and write
590801B88000
trusted library allocation
page read and write
1D4F3000
heap
page read and write
235B1000
heap
page read and write
ADB57FE000
stack
page read and write
1230000
direct allocation
page read and write
1D4E6000
heap
page read and write
DB800760000
trusted library allocation
page read and write
49F1000
heap
page read and write
24AFBB11000
heap
page read and write
24A83360000
trusted library allocation
page read and write
78C80005B000
trusted library allocation
page read and write
DB80040C000
trusted library allocation
page read and write
49F1000
heap
page read and write
78C800210000
trusted library allocation
page read and write
DB800688000
trusted library allocation
page read and write
DB800734000
trusted library allocation
page read and write
AD9CFFE000
unkown
page readonly
2387C000
heap
page read and write
5908001AC000
trusted library allocation
page read and write
78C8002B4000
trusted library allocation
page read and write
1D4EF000
heap
page read and write
1D4FF000
heap
page read and write
10D4000
heap
page read and write
1240000
heap
page read and write
49F1000
heap
page read and write
1D5E0000
trusted library allocation
page read and write
C58002A0000
trusted library allocation
page read and write
5908002A8000
trusted library allocation
page read and write
1D4FD000
heap
page read and write
1D4FD000
heap
page read and write
1D50C000
heap
page read and write
5908016E8000
trusted library allocation
page read and write
78C800240000
trusted library allocation
page read and write
24AF9C13000
heap
page read and write
590800314000
trusted library allocation
page read and write
1D4E4000
heap
page read and write
5908017EC000
trusted library allocation
page read and write
C58002C0000
trusted library allocation
page read and write
59080148C000
trusted library allocation
page read and write
78C800178000
trusted library allocation
page read and write
4194002A8000
trusted library allocation
page read and write
25000304000
trusted library allocation
page read and write
AD977FE000
stack
page read and write
590801768000
trusted library allocation
page read and write
1D4C0000
heap
page read and write
5908018F8000
trusted library allocation
page read and write
24AFB9F0000
heap
page read and write
5908001B4000
trusted library allocation
page read and write
49F1000
heap
page read and write
590800F44000
trusted library allocation
page read and write
25000284000
trusted library allocation
page read and write
250003C0000
trusted library allocation
page read and write
1D4E5000
heap
page read and write
590800328000
trusted library allocation
page read and write
61ECC000
direct allocation
page read and write
4194002FC000
trusted library allocation
page read and write
590800330000
trusted library allocation
page read and write
5908015E0000
trusted library allocation
page read and write
5908006CC000
trusted library allocation
page read and write
590801644000
trusted library allocation
page read and write
1D4E6000
heap
page read and write
590800FE8000
trusted library allocation
page read and write
25000248000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
590800C7C000
trusted library allocation
page read and write
590801638000
trusted library allocation
page read and write
DB8006C8000
trusted library allocation
page read and write
5908018F4000
trusted library allocation
page read and write
250003C4000
trusted library allocation
page read and write
5908013E9000
trusted library allocation
page read and write
312E000
stack
page read and write
5908001EC000
trusted library allocation
page read and write
590800328000
trusted library allocation
page read and write
5908018B4000
trusted library allocation
page read and write
590801338000
trusted library allocation
page read and write
12C5000
heap
page read and write
24AF9ED0000
heap
page readonly
5908015F8000
trusted library allocation
page read and write
24AFBBB1000
heap
page read and write
78C8000F8000
trusted library allocation
page read and write
78C800250000
trusted library allocation
page read and write
DB800248000
trusted library allocation
page read and write
4194002B8000
trusted library allocation
page read and write
590801D00000
trusted library allocation
page read and write
724C00311000
direct allocation
page read and write
49F1000
heap
page read and write
49F1000
heap
page read and write
590800DBC000
trusted library allocation
page read and write
590801724000
trusted library allocation
page read and write
724C00280000
direct allocation
page read and write
590800294000
trusted library allocation
page read and write
5908017DC000
trusted library allocation
page read and write
1230000
direct allocation
page read and write
DB80033C000
trusted library allocation
page read and write
39AF000
stack
page read and write
23591000
heap
page read and write
2500025C000
trusted library allocation
page read and write
DB800418000
trusted library allocation
page read and write
590801358000
trusted library allocation
page read and write
590801BA0000
trusted library allocation
page read and write
590801ABC000
trusted library allocation
page read and write
78C8000B4000
trusted library allocation
page read and write
4FF0000
direct allocation
page execute and read and write
2500031C000
trusted library allocation
page read and write
5908003EC000
trusted library allocation
page read and write
49F1000
heap
page read and write
59080033C000
trusted library allocation
page read and write
78C80014C000
trusted library allocation
page read and write
DB800614000
trusted library allocation
page read and write
1040000
heap
page read and write
24AF9CBE000
heap
page read and write
590801BEC000
trusted library allocation
page read and write
590800DA8000
trusted library allocation
page read and write
10D4000
heap
page read and write
724C00212000
direct allocation
page read and write
590800C90000
trusted library allocation
page read and write
1D4F0000
heap
page read and write
DB800368000
trusted library allocation
page read and write
78C800224000
trusted library allocation
page read and write
3B2E000
stack
page read and write
24AF9CA5000
heap
page read and write
5908018AC000
trusted library allocation
page read and write
6CC4F000
unkown
page readonly
590801854000
trusted library allocation
page read and write
590800B6C000
trusted library allocation
page read and write
590801850000
trusted library allocation
page read and write
724C0024C000
direct allocation
page read and write
24AFBBC9000
heap
page read and write
49F1000
heap
page read and write
1D503000
heap
page read and write
590800D84000
trusted library allocation
page read and write
1D4EA000
heap
page read and write
1D509000
heap
page read and write
724C00270000
direct allocation
page read and write
590800F44000
trusted library allocation
page read and write
5908017B4000
trusted library allocation
page read and write
10D0000
heap
page read and write
5908001B4000
trusted library allocation
page read and write
724C00244000
direct allocation
page read and write
78C8000EC000
trusted library allocation
page read and write
ADA0FFE000
unkown
page readonly
23874000
heap
page read and write
78C800218000
trusted library allocation
page read and write
47C000
unkown
page execute and read and write
24AFBB94000
heap
page read and write
1D4EB000
heap
page read and write
10D4000
heap
page read and write
78C8001F4000
trusted library allocation
page read and write
590800E28000
trusted library allocation
page read and write
AD967FE000
stack
page read and write
59080100C000
trusted library allocation
page read and write
5908012D4000
trusted library allocation
page read and write
AD957FE000
stack
page read and write
5908001E4000
trusted library allocation
page read and write
78C80026C000
trusted library allocation
page read and write
10D4000
heap
page read and write
DB800644000
trusted library allocation
page read and write
24AF9CD8000
heap
page read and write
419400264000
trusted library allocation
page read and write
24AFBB00000
heap
page read and write
DB8006B4000
trusted library allocation
page read and write
1D4E3000
heap
page read and write
C58002A0000
trusted library allocation
page read and write
78C800270000
trusted library allocation
page read and write
2CEE000
heap
page read and write
4194002E4000
trusted library allocation
page read and write
5908017E4000
trusted library allocation
page read and write
ADA77FE000
stack
page read and write
3DAE000
stack
page read and write
590801D28000
trusted library allocation
page read and write
5908004B0000
trusted library allocation
page read and write
590801620000
trusted library allocation
page read and write
DB800354000
trusted library allocation
page read and write
452E000
stack
page read and write
590801AFC000
trusted library allocation
page read and write
24AF9C7A000
heap
page read and write
724C00318000
direct allocation
page read and write
38AE000
stack
page read and write
78C80023C000
trusted library allocation
page read and write
5908001DC000
trusted library allocation
page read and write
5908013E8000
trusted library allocation
page read and write
5908018D8000
trusted library allocation
page read and write
59080108C000
trusted library allocation
page read and write
590800E28000
trusted library allocation
page read and write
5908016C0000
trusted library allocation
page read and write
6CC8E000
unkown
page read and write
10D4000
heap
page read and write
78C8001DC000
trusted library allocation
page read and write
724C002E0000
direct allocation
page read and write
590800C1C000
trusted library allocation
page read and write
1D4D6000
heap
page read and write
DB800788000
trusted library allocation
page read and write
8C5000
unkown
page execute and read and write
78C800298000
trusted library allocation
page read and write
590800C1C000
trusted library allocation
page read and write
590801CA8000
trusted library allocation
page read and write
5908017F4000
trusted library allocation
page read and write
450000
unkown
page read and write
2C1E000
stack
page read and write
1D50C000
heap
page read and write
590801AEC000
trusted library allocation
page read and write
590800484000
trusted library allocation
page read and write
419400210000
trusted library allocation
page read and write
DB800610000
trusted library allocation
page read and write
24AF9CA1000
heap
page read and write
34EE000
stack
page read and write
ADB77FE000
stack
page read and write
C58002A0000
trusted library allocation
page read and write
78C800194000
trusted library allocation
page read and write
590800228000
trusted library allocation
page read and write
DB800758000
trusted library allocation
page read and write
ADABFFE000
unkown
page readonly
5CB000
unkown
page execute and read and write
590800484000
trusted library allocation
page read and write
590801D0C000
trusted library allocation
page read and write
ADB3FFE000
unkown
page readonly
590801904000
trusted library allocation
page read and write
419400238000
trusted library allocation
page read and write
1EEB613C000
heap
page read and write
1D506000
heap
page read and write
4194002F0000
trusted library allocation
page read and write
59080118C000
trusted library allocation
page read and write
1EEB61CD000
heap
page read and write
5908003A4000
trusted library allocation
page read and write
49F1000
heap
page read and write
6CAB1000
unkown
page execute read
DB8006D0000
trusted library allocation
page read and write
1D4ED000
heap
page read and write
2DEF000
stack
page read and write
23550000
heap
page read and write
24AFBB20000
heap
page read and write
24AF9C1D000
heap
page read and write
10D4000
heap
page read and write
250002F4000
trusted library allocation
page read and write
5908001D8000
trusted library allocation
page read and write
724C00303000
direct allocation
page read and write
590801510000
trusted library allocation
page read and write
5908014A4000
trusted library allocation
page read and write
78C8002A4000
trusted library allocation
page read and write
25000364000
trusted library allocation
page read and write
DB800624000
trusted library allocation
page read and write
78C8002BC000
trusted library allocation
page read and write
6CD57000
unkown
page read and write
1D4EF000
heap
page read and write
1230000
direct allocation
page read and write
1230000
direct allocation
page read and write
24AFBB0B000
heap
page read and write
3EEE000
stack
page read and write
590800E28000
trusted library allocation
page read and write
590800328000
trusted library allocation
page read and write
1D4D0000
heap
page read and write
49F1000
heap
page read and write
78C8002E8000
trusted library allocation
page read and write
590800F44000
trusted library allocation
page read and write
1D50C000
heap
page read and write
78C8003E0000
trusted library allocation
page read and write
419400260000
trusted library allocation
page read and write
5908016E4000
trusted library allocation
page read and write
78C8004A1000
trusted library allocation
page read and write
24AF9C00000
heap
page read and write
590801394000
trusted library allocation
page read and write
1230000
direct allocation
page read and write
49F1000
heap
page read and write
6CA11000
unkown
page execute read
724C00201000
direct allocation
page read and write
1D4EF000
heap
page read and write
59080173C000
trusted library allocation
page read and write
24AFBB04000
heap
page read and write
78C8003A4000
trusted library allocation
page read and write
ADAC7FC000
stack
page read and write
590800F44000
trusted library allocation
page read and write
78C800230000
trusted library allocation
page read and write
10D4000
heap
page read and write
DB8006EC000
trusted library allocation
page read and write
78C8003D0000
trusted library allocation
page read and write
1D4D5000
heap
page read and write
49F1000
heap
page read and write
590801D4C000
trusted library allocation
page read and write
590800DEC000
trusted library allocation
page read and write
10D4000
heap
page read and write
4194002F8000
trusted library allocation
page read and write
590801B38000
trusted library allocation
page read and write
6CD59000
unkown
page readonly
5908006CC000
trusted library allocation
page read and write
5908015CC000
trusted library allocation
page read and write
450000
unkown
page readonly
124A000
heap
page read and write
5F7000
unkown
page execute and read and write
1D4CE000
heap
page read and write
1EEB61B1000
heap
page read and write
590801618000
trusted library allocation
page read and write
78C8001E8000
trusted library allocation
page read and write
4194002B4000
trusted library allocation
page read and write
590800294000
trusted library allocation
page read and write
5908016BC000
trusted library allocation
page read and write
78C8002B8000
trusted library allocation
page read and write
590800E28000
trusted library allocation
page read and write
ADA07FD000
stack
page read and write
590801C70000
trusted library allocation
page read and write
5908001D4000
trusted library allocation
page read and write
5908018FC000
trusted library allocation
page read and write
5908016CC000
trusted library allocation
page read and write
5908018C8000
trusted library allocation
page read and write
250002A0000
trusted library allocation
page read and write
724C002A8000
direct allocation
page read and write
78C8001F8000
trusted library allocation
page read and write
78C800168000
trusted library allocation
page read and write
78C80000C000
trusted library allocation
page read and write
5908016D0000
trusted library allocation
page read and write
24A88402000
heap
page read and write
1D4C2000
heap
page read and write
419400270000
trusted library allocation
page read and write
590801D4C000
trusted library allocation
page read and write
590801C1C000
trusted library allocation
page read and write
590800FBC000
trusted library allocation
page read and write
78C8002C0000
trusted library allocation
page read and write
5908010F4000
trusted library allocation
page read and write
590800484000
trusted library allocation
page read and write
590800484000
trusted library allocation
page read and write
78C8002E8000
trusted library allocation
page read and write
590800383000
trusted library allocation
page read and write
1D4FF000
heap
page read and write
49F1000
heap
page read and write
1D4EC000
heap
page read and write
ADB97FE000
stack
page read and write
ADB47FE000
stack
page read and write
ADB8FFE000
unkown
page readonly
78C800320000
trusted library allocation
page read and write
1D4FD000
heap
page read and write
24AF9CC9000
heap
page read and write
590801AF8000
trusted library allocation
page read and write
5908014D4000
trusted library allocation
page read and write
25000300000
trusted library allocation
page read and write
590801518000
trusted library allocation
page read and write
AD92FFE000
unkown
page readonly
49F1000
heap
page read and write
590800294000
trusted library allocation
page read and write
78C800228000
trusted library allocation
page read and write
590801AEC000
trusted library allocation
page read and write
24AFBB24000
heap
page read and write
24AF9C2F000
heap
page read and write
11DE000
stack
page read and write
24AFBA02000
heap
page read and write
1EEB616B000
heap
page read and write
5908014D4000
trusted library allocation
page read and write
590801428000
trusted library allocation
page read and write
1EEB5B8A000
heap
page read and write
590801D28000
trusted library allocation
page read and write
10D4000
heap
page read and write
78C8002E8000
trusted library allocation
page read and write
ADA2FFE000
unkown
page readonly
1D50C000
heap
page read and write
1EEB5B93000
heap
page read and write
590801B24000
trusted library allocation
page read and write
ADA97FC000
stack
page read and write
ADB0FFE000
unkown
page readonly
590800220000
trusted library allocation
page read and write
1EEB6158000
heap
page read and write
AD9BFFE000
unkown
page readonly
1D4EF000
heap
page read and write
590801C3C000
trusted library allocation
page read and write
590801C44000
trusted library allocation
page read and write
25000338000
trusted library allocation
page read and write
DB800354000
trusted library allocation
page read and write
4194002B4000
trusted library allocation
page read and write
1CF8E000
stack
page read and write
4FD0000
direct allocation
page execute and read and write
49F1000
heap
page read and write
DB800310000
trusted library allocation
page read and write
590801790000
trusted library allocation
page read and write
590800C3C000
trusted library allocation
page read and write
1EEB2630000
heap
page read and write
416E000
stack
page read and write
1D4D6000
heap
page read and write
590800C20000
trusted library allocation
page read and write
25000230000
trusted library allocation
page read and write
5908017E8000
trusted library allocation
page read and write
590801D4C000
trusted library allocation
page read and write
724C00328000
direct allocation
page read and write
25000374000
trusted library allocation
page read and write
5908014F0000
trusted library allocation
page read and write
5908018E0000
trusted library allocation
page read and write
59080160C000
trusted library allocation
page read and write
24AF9CF2000
heap
page read and write
78C80038C000
trusted library allocation
page read and write
3C2F000
stack
page read and write
78C8000CC000
trusted library allocation
page read and write
590800330000
trusted library allocation
page read and write
DB800320000
trusted library allocation
page read and write
6CA8D000
unkown
page readonly
590801B8C000
trusted library allocation
page read and write
5908010DC000
trusted library allocation
page read and write
49F1000
heap
page read and write
78C8003A0000
trusted library allocation
page read and write
5908013E9000
trusted library allocation
page read and write
599000
unkown
page execute and read and write
78C800254000
trusted library allocation
page read and write
49F1000
heap
page read and write
78C8001A8000
trusted library allocation
page read and write
1EEB5B94000
heap
page read and write
590801858000
trusted library allocation
page read and write
4194002B8000
trusted library allocation
page read and write
590800FC4000
trusted library allocation
page read and write
ADA37FE000
stack
page read and write
24AF9C82000
heap
page read and write
5908010F4000
trusted library allocation
page read and write
1D08F000
stack
page read and write
ADB27FE000
stack
page read and write
590800380000
trusted library allocation
page read and write
AD96FFE000
unkown
page readonly
590801D4C000
trusted library allocation
page read and write
4194002A8000
trusted library allocation
page read and write
49F1000
heap
page read and write
4194002A8000
trusted library allocation
page read and write
1EEB615A000
heap
page read and write
5908013A0000
trusted library allocation
page read and write
3C6E000
stack
page read and write
49F1000
heap
page read and write
5908018B8000
trusted library allocation
page read and write
B76000
unkown
page execute and read and write
78C800054000
trusted library allocation
page read and write
49F1000
heap
page read and write
49F1000
heap
page read and write
5908011D8000
trusted library allocation
page read and write
49F1000
heap
page read and write
78C800250000
trusted library allocation
page read and write
590801B4C000
trusted library allocation
page read and write
ADA7FFE000
unkown
page readonly
DB800704000
trusted library allocation
page read and write
24AF9D2B000
heap
page read and write
DB800320000
trusted library allocation
page read and write
DB800700000
trusted library allocation
page read and write
5908014D4000
trusted library allocation
page read and write
1230000
direct allocation
page read and write
5908001F4000
trusted library allocation
page read and write
24AF9CA5000
heap
page read and write
5908002B4000
trusted library allocation
page read and write
78C8002AC000
trusted library allocation
page read and write
59080033C000
trusted library allocation
page read and write
AD947FE000
stack
page read and write
590801ABC000
trusted library allocation
page read and write
ADB07FE000
stack
page read and write
78C80026C000
trusted library allocation
page read and write
59080033C000
trusted library allocation
page read and write
59080181C000
trusted library allocation
page read and write
5908013A0000
trusted library allocation
page read and write
42AE000
stack
page read and write
10D4000
heap
page read and write
250003A8000
trusted library allocation
page read and write
590800328000
trusted library allocation
page read and write
78C800350000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
DB8002FC000
trusted library allocation
page read and write
23875000
heap
page read and write
1D4FF000
heap
page read and write
DB800368000
trusted library allocation
page read and write
590801698000
trusted library allocation
page read and write
5908017B0000
trusted library allocation
page read and write
5908018B0000
trusted library allocation
page read and write
590801B28000
trusted library allocation
page read and write
590800E28000
trusted library allocation
page read and write
78C800490000
trusted library allocation
page read and write
590801C84000
trusted library allocation
page read and write
25000430000
trusted library allocation
page read and write
4194002A8000
trusted library allocation
page read and write
1D50C000
heap
page read and write
C58002A0000
trusted library allocation
page read and write
78C800364000
trusted library allocation
page read and write
78C80049C000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
590800294000
trusted library allocation
page read and write
DB800750000
trusted library allocation
page read and write
78C8003CC000
trusted library allocation
page read and write
419400278000
trusted library allocation
page read and write
59080036C000
trusted library allocation
page read and write
1D4F2000
heap
page read and write
6CCB1000
unkown
page execute read
5908017D4000
trusted library allocation
page read and write
23550000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
1D45C000
stack
page read and write
590800C1C000
trusted library allocation
page read and write
2CE0000
heap
page read and write
24AF9D2C000
heap
page read and write
49F1000
heap
page read and write
590801B80000
trusted library allocation
page read and write
1D507000
heap
page read and write
24AF9C95000
heap
page read and write
5908016D4000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
49F1000
heap
page read and write
590801708000
trusted library allocation
page read and write
5908006CC000
trusted library allocation
page read and write
10D4000
heap
page read and write
24AFBB0E000
heap
page read and write
590800020000
trusted library allocation
page read and write
5908013E8000
trusted library allocation
page read and write
590800FC4000
trusted library allocation
page read and write
78C80030C000
trusted library allocation
page read and write
590801728000
trusted library allocation
page read and write
386F000
stack
page read and write
78C800238000
trusted library allocation
page read and write
C58002A0000
trusted library allocation
page read and write
24AF9C8E000
heap
page read and write
590800484000
trusted library allocation
page read and write
590801770000
trusted library allocation
page read and write
ADA67FE000
stack
page read and write
5908017D8000
trusted library allocation
page read and write
419400248000
trusted library allocation
page read and write
DB800720000
trusted library allocation
page read and write
78C800184000
trusted library allocation
page read and write
78C800248000
trusted library allocation
page read and write
49F1000
heap
page read and write
1D0DE000
stack
page read and write
590800C1C000
trusted library allocation
page read and write
590801B34000
trusted library allocation
page read and write
49F1000
heap
page read and write
1EEB61A6000
heap
page read and write
24AF9CA1000
heap
page read and write
1230000
direct allocation
page read and write
1EEB5B9C000
heap
page read and write
24AF9CA5000
heap
page read and write
24AFBBC4000
heap
page read and write
9DA000
unkown
page execute and read and write
78C800244000
trusted library allocation
page read and write
DB800684000
trusted library allocation
page read and write
DB8003EC000
trusted library allocation
page read and write
590801884000
trusted library allocation
page read and write
49F1000
heap
page read and write
590801D48000
trusted library allocation
page read and write
59080033C000
trusted library allocation
page read and write
590801C54000
trusted library allocation
page read and write
49F1000
heap
page read and write
250002AC000
trusted library allocation
page read and write
1D4D6000
heap
page read and write
590801648000
trusted library allocation
page read and write
590801674000
trusted library allocation
page read and write
10D4000
heap
page read and write
24AF9C2C000
heap
page read and write
590801C5C000
trusted library allocation
page read and write
590801BCC000
trusted library allocation
page read and write
C58002A0000
trusted library allocation
page read and write
5908006CC000
trusted library allocation
page read and write
4FBF000
stack
page read and write
590801820000
trusted library allocation
page read and write
2386F000
heap
page read and write
5908016A4000
trusted library allocation
page read and write
59080167C000
trusted library allocation
page read and write
4194002D8000
trusted library allocation
page read and write
DB800730000
trusted library allocation
page read and write
590801D64000
trusted library allocation
page read and write
590800330000
trusted library allocation
page read and write
5908013C4000
trusted library allocation
page read and write
ADB87FE000
stack
page read and write
49F1000
heap
page read and write
AD9EFFE000
unkown
page readonly
59080178C000
trusted library allocation
page read and write
59080033C000
trusted library allocation
page read and write
590800CE4000
trusted library allocation
page read and write
590800FE8000
trusted library allocation
page read and write
5908014E0000
trusted library allocation
page read and write
78C800130000
trusted library allocation
page read and write
590800FE8000
trusted library allocation
page read and write
6CC8F000
unkown
page write copy
AD97FFE000
unkown
page readonly
590800C1C000
trusted library allocation
page read and write
250003A0000
trusted library allocation
page read and write
6CA9E000
unkown
page read and write
2500032C000
trusted library allocation
page read and write
78C800344000
trusted library allocation
page read and write
590800CE8000
trusted library allocation
page read and write
419400288000
trusted library allocation
page read and write
1D4FD000
heap
page read and write
DB8006F0000
trusted library allocation
page read and write
1230000
direct allocation
page read and write
ADA17FE000
stack
page read and write
1D4CB000
heap
page read and write
724C0025C000
direct allocation
page read and write
590800DBC000
trusted library allocation
page read and write
C58002A0000
trusted library allocation
page read and write
24AF9CE7000
heap
page read and write
1D4EC000
heap
page read and write
78C80038C000
trusted library allocation
page read and write
4FE0000
direct allocation
page execute and read and write
590800C90000
trusted library allocation
page read and write
1D50C000
heap
page read and write
24AF9D02000
heap
page read and write
3D6F000
stack
page read and write
24AF9CA1000
heap
page read and write
1EEB6169000
heap
page read and write
590801C18000
trusted library allocation
page read and write
61ED4000
direct allocation
page readonly
24AFBA13000
heap
page read and write
25000404000
trusted library allocation
page read and write
43AF000
stack
page read and write
724C0026C000
direct allocation
page read and write
5908003EC000
trusted library allocation
page read and write
451000
unkown
page execute and write copy
1EEB2631000
heap
page read and write
24AF9CA5000
heap
page read and write
590801318000
trusted library allocation
page read and write
78C800424000
trusted library allocation
page read and write
590801D4C000
trusted library allocation
page read and write
1230000
direct allocation
page read and write
724C00284000
direct allocation
page read and write
724C002D8000
direct allocation
page read and write
DB800668000
trusted library allocation
page read and write
DB800698000
trusted library allocation
page read and write
ADB5FFE000
unkown
page readonly
1220000
heap
page read and write
61EB4000
direct allocation
page read and write
78C800214000
trusted library allocation
page read and write
2FEF000
stack
page read and write
59080161C000
trusted library allocation
page read and write
590800D84000
trusted library allocation
page read and write
5000000
direct allocation
page execute and read and write
DB8006B0000
trusted library allocation
page read and write
590800E28000
trusted library allocation
page read and write
DB800630000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
C58002C0000
trusted library allocation
page read and write
4E60000
heap
page read and write
59080164C000
trusted library allocation
page read and write
1D4EB000
heap
page read and write
590800308000
trusted library allocation
page read and write
590801484000
trusted library allocation
page read and write
5908001F8000
trusted library allocation
page read and write
61EB7000
direct allocation
page readonly
5908014C4000
trusted library allocation
page read and write
49F1000
heap
page read and write
DB80035C000
trusted library allocation
page read and write
590801070000
trusted library allocation
page read and write
1EEB5B93000
heap
page read and write
1D4EA000
heap
page read and write
1D50C000
heap
page read and write
59080180C000
trusted library allocation
page read and write
DB800754000
trusted library allocation
page read and write
590801070000
trusted library allocation
page read and write
1D50C000
heap
page read and write
49F1000
heap
page read and write
ADA6FFE000
unkown
page readonly
24AF9D30000
heap
page read and write
59080020C000
trusted library allocation
page read and write
5908013A0000
trusted library allocation
page read and write
F32000
stack
page read and write
6BE000
unkown
page execute and read and write
24A88400000
heap
page read and write
25000290000
trusted library allocation
page read and write
4194002B4000
trusted library allocation
page read and write
5908001B4000
trusted library allocation
page read and write
1D4E6000
heap
page read and write
24AFBB28000
heap
page read and write
AD987FE000
stack
page read and write
590800FE8000
trusted library allocation
page read and write
5908001AC000
trusted library allocation
page read and write
78C8002DC000
trusted library allocation
page read and write
49F1000
heap
page read and write
2500040C000
trusted library allocation
page read and write
724C002D0000
direct allocation
page read and write
1EEB6156000
heap
page read and write
590800294000
trusted library allocation
page read and write
590800328000
trusted library allocation
page read and write
78C800260000
trusted library allocation
page read and write
9A1000
unkown
page execute and read and write
1D50C000
heap
page read and write
24AFBC10000
trusted library allocation
page read and write
10D4000
heap
page read and write
590801B84000
trusted library allocation
page read and write
10D4000
heap
page read and write
724C00316000
direct allocation
page read and write
59080120C000
trusted library allocation
page read and write
49F1000
heap
page read and write
78C800284000
trusted library allocation
page read and write
590800EE0000
trusted library allocation
page read and write
1D4EB000
heap
page read and write
59080176C000
trusted library allocation
page read and write
590800294000
trusted library allocation
page read and write
564000
unkown
page execute and read and write
590801BC4000
trusted library allocation
page read and write
4194002B8000
trusted library allocation
page read and write
59080108C000
trusted library allocation
page read and write
1294000
heap
page read and write
DB8006B8000
trusted library allocation
page read and write
5908012EC000
trusted library allocation
page read and write
5908018C4000
trusted library allocation
page read and write
590800328000
trusted library allocation
page read and write
590801BE0000
trusted library allocation
page read and write
466E000
stack
page read and write
DB800620000
trusted library allocation
page read and write
724C002EC000
direct allocation
page read and write
49F1000
heap
page read and write
590801A0C000
trusted library allocation
page read and write
3AEF000
stack
page read and write
2CDE000
stack
page read and write
5908001E8000
trusted library allocation
page read and write
419400235000
trusted library allocation
page read and write
1D4EF000
heap
page read and write
25000310000
trusted library allocation
page read and write
78C800040000
trusted library allocation
page read and write
1D35D000
stack
page read and write
78C80040C000
trusted library allocation
page read and write
590800FBC000
trusted library allocation
page read and write
78C800401000
trusted library allocation
page read and write
5908001AC000
trusted library allocation
page read and write
590800464000
trusted library allocation
page read and write
59080118C000
trusted library allocation
page read and write
24AFBBD7000
heap
page read and write
25000344000
trusted library allocation
page read and write
DB80075C000
trusted library allocation
page read and write
10D4000
heap
page read and write
25000288000
trusted library allocation
page read and write
590801AD0000
trusted library allocation
page read and write
48EE000
stack
page read and write
78C80022C000
trusted library allocation
page read and write
1CE0F000
stack
page read and write
4EAB000
direct allocation
page read and write
590801794000
trusted library allocation
page read and write
2C9E000
stack
page read and write
C58002C0000
trusted library allocation
page read and write
590800484000
trusted library allocation
page read and write
78C8002B0000
trusted library allocation
page read and write
24AF9CAE000
heap
page read and write
1EEB614C000
heap
page read and write
1EEB614C000
heap
page read and write
78C8002D0000
trusted library allocation
page read and write
25000201000
trusted library allocation
page read and write
24AFBB11000
heap
page read and write
590801AEC000
trusted library allocation
page read and write
24A83360000
trusted library allocation
page read and write
24AFBB9E000
heap
page read and write
1EEB6142000
heap
page read and write
ADAD7FD000
stack
page read and write
4194002A8000
trusted library allocation
page read and write
1EEB6164000
heap
page read and write
4194002B4000
trusted library allocation
page read and write
61ED0000
direct allocation
page read and write
1D503000
heap
page read and write
DB800658000
trusted library allocation
page read and write
590801518000
trusted library allocation
page read and write
78C800378000
trusted library allocation
page read and write
250003BC000
trusted library allocation
page read and write
1D4EF000
heap
page read and write
5908015D0000
trusted library allocation
page read and write
3FEF000
stack
page read and write
49F1000
heap
page read and write
590801B9C000
trusted library allocation
page read and write
2500031C000
trusted library allocation
page read and write
59080170C000
trusted library allocation
page read and write
1EEB6198000
heap
page read and write
ADB9FFE000
unkown
page readonly
24AFBB13000
heap
page read and write
1EEB6158000
heap
page read and write
73A000
unkown
page execute and read and write
78C800110000
trusted library allocation
page read and write
412E000
stack
page read and write
4194002B8000
trusted library allocation
page read and write
23570000
heap
page read and write
24AFBBA4000
heap
page read and write
590801754000
trusted library allocation
page read and write
ADA1FFE000
unkown
page readonly
590800DEC000
trusted library allocation
page read and write
590800C20000
trusted library allocation
page read and write
25000380000
trusted library allocation
page read and write
590801888000
trusted library allocation
page read and write
724C002D8000
direct allocation
page read and write
78C800120000
trusted library allocation
page read and write
24AFBBB5000
heap
page read and write
C58002C0000
trusted library allocation
page read and write
1230000
direct allocation
page read and write
78C800427000
trusted library allocation
page read and write
590801BE8000
trusted library allocation
page read and write
4194002B4000
trusted library allocation
page read and write
78C80015C000
trusted library allocation
page read and write
AD98FFE000
unkown
page readonly
6CAB0000
unkown
page readonly
49F1000
heap
page read and write
24AFBBA1000
heap
page read and write
237CF000
stack
page read and write
59080120C000
trusted library allocation
page read and write
724C00308000
direct allocation
page read and write
5908001F0000
trusted library allocation
page read and write
49F1000
heap
page read and write
1D50C000
heap
page read and write
F60000
heap
page read and write
1D50C000
heap
page read and write
724C0031C000
direct allocation
page read and write
536000
unkown
page execute and read and write
DB800648000
trusted library allocation
page read and write
49F1000
heap
page read and write
5908003EC000
trusted library allocation
page read and write
590801B5C000
trusted library allocation
page read and write
590801630000
trusted library allocation
page read and write
61E00000
direct allocation
page execute and read and write
30EF000
stack
page read and write
DB8006FC000
trusted library allocation
page read and write
78C8004AC000
trusted library allocation
page read and write
49F1000
heap
page read and write
49F1000
heap
page read and write
590801BE4000
trusted library allocation
page read and write
DB800664000
trusted library allocation
page read and write
590800F44000
trusted library allocation
page read and write
5908001E0000
trusted library allocation
page read and write
1D500000
heap
page read and write
24AF9CBE000
heap
page read and write
237D0000
trusted library allocation
page read and write
78C8002C0000
trusted library allocation
page read and write
25000320000
trusted library allocation
page read and write
43EE000
stack
page read and write
1D4FD000
heap
page read and write
4194002B4000
trusted library allocation
page read and write
59080129C000
trusted library allocation
page read and write
ADB4FFE000
unkown
page readonly
5020000
direct allocation
page execute and read and write
590801AEC000
trusted library allocation
page read and write
25000360000
trusted library allocation
page read and write
78C8000C0000
trusted library allocation
page read and write
4AF0000
trusted library allocation
page read and write
24AFBB77000
heap
page read and write
590801C7C000
trusted library allocation
page read and write
590801784000
trusted library allocation
page read and write
590801328000
trusted library allocation
page read and write
DB800424000
trusted library allocation
page read and write
462F000
stack
page read and write
ADB2FFE000
unkown
page readonly
49F1000
heap
page read and write
590801B58000
trusted library allocation
page read and write
49F1000
heap
page read and write
78C8000DC000
trusted library allocation
page read and write
10D4000
heap
page read and write
49F0000
heap
page read and write
10D4000
heap
page read and write
59080129C000
trusted library allocation
page read and write
61E01000
direct allocation
page execute read
5000000
direct allocation
page execute and read and write
4194002A8000
trusted library allocation
page read and write
590801C94000
trusted library allocation
page read and write
78C800288000
trusted library allocation
page read and write
590800484000
trusted library allocation
page read and write
1230000
direct allocation
page read and write
78C80038C000
trusted library allocation
page read and write
C5800248000
trusted library allocation
page read and write
10D4000
heap
page read and write
590801D28000
trusted library allocation
page read and write
6CC95000
unkown
page readonly
1230000
direct allocation
page read and write
6CCB0000
unkown
page readonly
23660000
trusted library allocation
page read and write
590800328000
trusted library allocation
page read and write
44EF000
stack
page read and write
78C800078000
trusted library allocation
page read and write
1D4D6000
heap
page read and write
590800FC4000
trusted library allocation
page read and write
78C800300000
trusted library allocation
page read and write
24AFBB05000
heap
page read and write
78C8002A8000
trusted library allocation
page read and write
590801AEC000
trusted library allocation
page read and write
4194002B4000
trusted library allocation
page read and write
B77000
unkown
page execute and write copy
5908002F0000
trusted library allocation
page read and write
590800218000
trusted library allocation
page read and write
25000408000
trusted library allocation
page read and write
590800E28000
trusted library allocation
page read and write
24AF9C76000
heap
page read and write
24AF9D27000
heap
page read and write
49F1000
heap
page read and write
724C002D0000
direct allocation
page read and write
590801654000
trusted library allocation
page read and write
402D000
stack
page read and write
10D4000
heap
page read and write
590801B60000
trusted library allocation
page read and write
1EEB5B8F000
heap
page read and write
DB80039C000
trusted library allocation
page read and write
1D4EF000
heap
page read and write
1D5E2000
heap
page read and write
590801D28000
trusted library allocation
page read and write
724C00234000
direct allocation
page read and write
1EEB615A000
heap
page read and write
78C80020C000
trusted library allocation
page read and write
590801BA4000
trusted library allocation
page read and write
6CA10000
unkown
page readonly
419400294000
trusted library allocation
page read and write
59080036C000
trusted library allocation
page read and write
1D509000
heap
page read and write
10D4000
heap
page read and write
590801BC8000
trusted library allocation
page read and write
1D4E3000
heap
page read and write
590801D38000
trusted library allocation
page read and write
23867000
heap
page read and write
5908006CC000
trusted library allocation
page read and write
78C8000A4000
trusted library allocation
page read and write
24AF9C59000
heap
page read and write
DB80069C000
trusted library allocation
page read and write
24AF9CD7000
heap
page read and write
C58002A0000
trusted library allocation
page read and write
4194002A8000
trusted library allocation
page read and write
590800330000
trusted library allocation
page read and write
5908018E4000
trusted library allocation
page read and write
24AF9CE1000
heap
page read and write
78C8003B4000
trusted library allocation
page read and write
24AF9EF0000
heap
page read and write
1D4D6000
heap
page read and write
78C800268000
trusted library allocation
page read and write
49F1000
heap
page read and write
2EEF000
stack
page read and write
10D4000
heap
page read and write
47AE000
stack
page read and write
5908002B4000
trusted library allocation
page read and write
724C0030A000
direct allocation
page read and write
590800C90000
trusted library allocation
page read and write
590801740000
trusted library allocation
page read and write
78C800274000
trusted library allocation
page read and write
10D4000
heap
page read and write
78C8002D0000
trusted library allocation
page read and write
590801C58000
trusted library allocation
page read and write
143E000
stack
page read and write
476F000
stack
page read and write
AD907FF000
stack
page read and write
78C8003C0000
trusted library allocation
page read and write
724C002C0000
direct allocation
page read and write
590800C1C000
trusted library allocation
page read and write
78C80029C000
trusted library allocation
page read and write
DB8006CC000
trusted library allocation
page read and write
5908003EC000
trusted library allocation
page read and write
1D4D5000
heap
page read and write
78C8002A0000
trusted library allocation
page read and write
49F1000
heap
page read and write
12FF000
heap
page read and write
590801710000
trusted library allocation
page read and write
DB800694000
trusted library allocation
page read and write
6CC90000
unkown
page read and write
DB80033C000
trusted library allocation
page read and write
59080140C000
trusted library allocation
page read and write
10D4000
heap
page read and write
59080031C000
trusted library allocation
page read and write
DB800640000
trusted library allocation
page read and write
590800328000
trusted library allocation
page read and write
2500020C000
trusted library allocation
page read and write
24AFBB0D000
heap
page read and write
78C8003F0000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
250002C4000
trusted library allocation
page read and write
1D503000
heap
page read and write
590801B3C000
trusted library allocation
page read and write
1EEB61B9000
heap
page read and write
9DA000
unkown
page execute and write copy
49F1000
heap
page read and write
49EF000
stack
page read and write
5908016F8000
trusted library allocation
page read and write
24AF9C61000
heap
page read and write
59080033C000
trusted library allocation
page read and write
590801B20000
trusted library allocation
page read and write
2CEB000
heap
page read and write
5908002F0000
trusted library allocation
page read and write
590801BB0000
trusted library allocation
page read and write
419400201000
trusted library allocation
page read and write
24AFBB68000
heap
page read and write
590801680000
trusted library allocation
page read and write
78C8000D9000
trusted library allocation
page read and write
724C00215000
direct allocation
page read and write
DB800330000
trusted library allocation
page read and write
590801738000
trusted library allocation
page read and write
ADA3FFE000
unkown
page readonly
1EEB614E000
heap
page read and write
5908003EC000
trusted library allocation
page read and write
25000210000
trusted library allocation
page read and write
1D50C000
heap
page read and write
78C8002F4000
trusted library allocation
page read and write
590800D84000
trusted library allocation
page read and write
DB800320000
trusted library allocation
page read and write
590801898000
trusted library allocation
page read and write
25000350000
trusted library allocation
page read and write
590801D4C000
trusted library allocation
page read and write
590800330000
trusted library allocation
page read and write
78C800220000
trusted library allocation
page read and write
590800B2C000
trusted library allocation
page read and write
24AFBB54000
heap
page read and write
419400210000
trusted library allocation
page read and write
AD95FFE000
unkown
page readonly
1EEB6164000
heap
page read and write
25000358000
trusted library allocation
page read and write
78C80013C000
trusted library allocation
page read and write
1EEB61B2000
heap
page read and write
5908002FC000
trusted library allocation
page read and write
ADA9FFE000
unkown
page readonly
48AF000
stack
page read and write
49F1000
heap
page read and write
24AF9D2B000
heap
page read and write
4194002A0000
trusted library allocation
page read and write
336F000
stack
page read and write
DB8006D4000
trusted library allocation
page read and write
1D4F0000
heap
page read and write
1CD0E000
stack
page read and write
1D31D000
stack
page read and write
C58002C8000
trusted library allocation
page read and write
AD9B7FD000
stack
page read and write
1EEB5B8F000
heap
page read and write
5908016FC000
trusted library allocation
page read and write
C58002E4000
trusted library allocation
page read and write
1230000
direct allocation
page read and write
ADADFFE000
unkown
page readonly
590801BF4000
trusted library allocation
page read and write
121E000
stack
page read and write
590801788000
trusted library allocation
page read and write
590801ABC000
trusted library allocation
page read and write
590800D84000
trusted library allocation
page read and write
590801C30000
trusted library allocation
page read and write
24AF9CCB000
heap
page read and write
4E80000
direct allocation
page read and write
724C00250000
direct allocation
page read and write
590801BBC000
trusted library allocation
page read and write
326E000
stack
page read and write
49F1000
heap
page read and write
1D50C000
heap
page read and write
1D4F5000
heap
page read and write
2500032C000
trusted library allocation
page read and write
1D4E3000
heap
page read and write
590800E28000
trusted library allocation
page read and write
372F000
stack
page read and write
10D4000
heap
page read and write
49F1000
heap
page read and write
590800C88000
trusted library allocation
page read and write
78C80047C000
trusted library allocation
page read and write
376E000
stack
page read and write
1D4F0000
heap
page read and write
1D1DF000
stack
page read and write
59080151C000
trusted library allocation
page read and write
78C8001F0000
trusted library allocation
page read and write
1D4E8000
heap
page read and write
24AF9C40000
heap
page read and write
1230000
direct allocation
page read and write
DB800408000
trusted library allocation
page read and write
5908015F0000
trusted library allocation
page read and write
DB80080C000
trusted library allocation
page read and write
DB800390000
trusted library allocation
page read and write
590801B0C000
trusted library allocation
page read and write
24AF9BD0000
heap
page read and write
78C800300000
trusted library allocation
page read and write
5908014BC000
trusted library allocation
page read and write
49F1000
heap
page read and write
AD9FFFE000
unkown
page readonly
590800DEC000
trusted library allocation
page read and write
DB800380000
trusted library allocation
page read and write
1D4F0000
heap
page read and write
78C800100000
trusted library allocation
page read and write
78C80027C000
trusted library allocation
page read and write
AD8F7FE000
unkown
page read and write
590801D28000
trusted library allocation
page read and write
250002D0000
trusted library allocation
page read and write
78C8002DC000
trusted library allocation
page read and write
419400274000
trusted library allocation
page read and write
590801878000
trusted library allocation
page read and write
3EAF000
stack
page read and write
78C800264000
trusted library allocation
page read and write
5BE000
unkown
page execute and read and write
35EF000
stack
page read and write
5908002A8000
trusted library allocation
page read and write
5908006CC000
trusted library allocation
page read and write
590800224000
trusted library allocation
page read and write
24AFBB83000
heap
page read and write
5908015DC000
trusted library allocation
page read and write
78C800424000
trusted library allocation
page read and write
24AFBB0D000
heap
page read and write
590801AEC000
trusted library allocation
page read and write
5010000
direct allocation
page execute and read and write
590800294000
trusted library allocation
page read and write
590801B64000
trusted library allocation
page read and write
23550000
trusted library allocation
page read and write
590801AEC000
trusted library allocation
page read and write
4E80000
direct allocation
page read and write
419400220000
trusted library allocation
page read and write
F34000
stack
page read and write
1D4E6000
heap
page read and write
590800F44000
trusted library allocation
page read and write
ADB1FFE000
unkown
page readonly
724C00290000
direct allocation
page read and write
5000000
direct allocation
page execute and read and write
78C800300000
trusted library allocation
page read and write
5908002F0000
trusted library allocation
page read and write
590800484000
trusted library allocation
page read and write
49F1000
heap
page read and write
1D4F1000
heap
page read and write
590800E28000
trusted library allocation
page read and write
78C800201000
trusted library allocation
page read and write
24AF9D58000
heap
page read and write
2500039C000
trusted library allocation
page read and write
78C800418000
trusted library allocation
page read and write
C58002A0000
trusted library allocation
page read and write
78C800234000
trusted library allocation
page read and write
5908013C4000
trusted library allocation
page read and write
49F1000
heap
page read and write
590800230000
trusted library allocation
page read and write
AD927FE000
stack
page read and write
49F1000
heap
page read and write
78C80024C000
trusted library allocation
page read and write
419400294000
trusted library allocation
page read and write
25000401000
trusted library allocation
page read and write
59080175C000
trusted library allocation
page read and write
5908003A4000
trusted library allocation
page read and write
5908018A8000
trusted library allocation
page read and write
5908017A0000
trusted library allocation
page read and write
49F1000
heap
page read and write
590801134000
trusted library allocation
page read and write
4A10000
heap
page read and write
10D4000
heap
page read and write
5908010A8000
trusted library allocation
page read and write
78C800344000
trusted library allocation
page read and write
590800294000
trusted library allocation
page read and write
10AD000
stack
page read and write
78C800088000
trusted library allocation
page read and write
There are 1370 hidden memdumps, click here to show them.