IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HI1BCF07\stealc_main1[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WDKI0JR2\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1007698001\stealc_main1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1007699001\2bb39d7142.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsKKJKFBKKEC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AAKKKEBFCGDBGDGCFHCBGIIIEB
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\AKJDGDGD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\BAECFCAA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\DBKKKEHDHCBFIEBFBGIDGHJJJD
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EGHCAKKEGCAAFHJJJDBK
ASCII text, with very long lines (1765), with CRLF line terminators
dropped
C:\ProgramData\EGIDAAFIEHIEHJKFHCAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\GHJDHDAECBGCAKEBAEBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\13b8e49f-d4ac-40b9-94e5-1e716cca8959.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4bddcbf4-d047-49e7-a220-5e4950851406.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\586b4a07-62b5-49fc-9b07-a8932c19c443.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7e2e15da-46b1-4657-b4de-d4564ebaecc5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8159d591-aab8-4884-8b3b-d07ed79943ea.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\92700e6c-fd28-4b61-bbde-ac926d90880a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9b6a45cd-77e7-4da3-bd5c-d9931140a662.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\0118a6dc-5f29-44be-8ce5-aebd5a07e6eb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673E0551-1F5C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673E0552-1DE0.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\07d04d2c-404b-4f1b-be80-212a6cf5a1d2.tmp
ASCII text, with very long lines (17281), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\115cf8eb-7fad-4293-9585-f053b01f3497.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\268225ea-ef85-43f2-9f7b-5cf6dd56ff26.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\596be6d5-9d9f-4080-8cde-39907a220d00.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\60c071b5-a28d-44f5-bef7-51979fe53de5.tmp
ASCII text, with very long lines (17115), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\76346b5b-8403-44f5-a0b2-57419a59a24c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\010455de-6d6a-465e-afdd-562c4d1fcb8d.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2f71b985-7e8c-4720-bed4-82b15c2f3e47.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3ad10340-c4e6-4af1-888b-da25cc5aafd5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3ecb084a-0f9e-4f4e-ac9a-66a98b815d7c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4ec2f0a6-878c-44f1-88a1-9946fa49a5cb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\78f603ea-f450-4231-88ca-6f2c64013f00.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3b566.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a4c2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2bf2f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2eb8f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF330d5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a605.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2e630.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF325f8.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376591445365942
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3cf4c099-6ac9-4003-8dfc-8242addff838.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3d8f60d8-d453-4aac-b34a-de6d064eb109.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8332e656-6980-40a0-8dc5-461451eeb0cb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2bf2f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e1ef4f9d-4dd4-433d-8cb5-c9e456e2db11.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cf249aec-9085-4f1a-98d8-8fb214287efd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cffa3312-ccda-4dc1-bb93-ec415f37847f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e88fe77d-9dce-43b7-93ce-8fec45fd7f82.tmp
ASCII text, with very long lines (17281), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29197.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF291a7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29512.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2bc32.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f860.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a5c6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF40135.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b3f78dcd-4fb3-4029-97d5-60e7fca23c6b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4UK5I61J\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\0b4486a0-3714-4b55-8c66-ee133a838a5a.tmp
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\551159e0-4cb1-45f4-814c-4c610b5c317a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\6ba84f6a-2dab-43f8-b95b-a8c50a033150.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\79fb0a5a-fe7d-4a03-be13-45559b19b061.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\7abe2a2b-f1bb-42bb-82c4-f88fb04bc6f3.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\bff0b4bb-5e6d-4357-b1e6-94b5f91d7e1d.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cc752846-fe05-4588-a3fe-2c698d7632e8.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_167788646\bff0b4bb-5e6d-4357-b1e6-94b5f91d7e1d.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_1894089678\79fb0a5a-fe7d-4a03-be13-45559b19b061.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_1894089678\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_1894089678\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_1894089678\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7648_1894089678\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 14:50:35 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 14:50:34 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 14:50:34 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 14:50:35 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 14:50:34 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 468
ASCII text, with very long lines (3929)
downloaded
Chrome Cache Entry: 469
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 470
ASCII text
downloaded
Chrome Cache Entry: 471
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 472
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 473
SVG Scalable Vector Graphics image
downloaded
There are 288 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=1964,i,17461991951549720084,17036428689218554913,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2700 --field-trial-handle=2572,i,12105014856402712753,6797310360331818284,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=2084,i,570860231196187627,11256819945542102034,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6524 --field-trial-handle=2084,i,570860231196187627,11256819945542102034,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6844 --field-trial-handle=2084,i,570860231196187627,11256819945542102034,262144 /prefetch:8
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKKJKFBKKEC.exe"
 malicious
C:\Users\user\DocumentsKKJKFBKKEC.exe
"C:\Users\user\DocumentsKKJKFBKKEC.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6948 --field-trial-handle=2084,i,570860231196187627,11256819945542102034,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1007698001\stealc_main1.exe
"C:\Users\user\AppData\Local\Temp\1007698001\stealc_main1.exe"
malicious
C:\Users\user\AppData\Local\Temp\1007699001\2bb39d7142.exe
"C:\Users\user\AppData\Local\Temp\1007699001\2bb39d7142.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://31.177.109.184/
31.177.109.184
 malicious
http://31.177.109.184/8331a12a495c21b2.php
31.177.109.184
 malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
https://ntp.msn.com/_default
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732117864203&w=0&anoncknm=app_anon&NoResponseBody=true
20.44.10.122
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://31.177.109.184/8331a12a495c21b2.php7O
unknown
http://31.41.244.11/files/random.exe6
unknown
https://sb.scorecardresearch.com/
unknown
http://31.41.244.11/files/random.exe1
unknown
https://docs.google.com/
unknown
https://curl.se/docs/hsts.html
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
http://185.215.113.206/c4becf79229cb002.phpation
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GNzbMA16ssY5
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.68
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732117864870&w=0&anoncknm=app_anon&NoResponseBody=true
20.44.10.122
http://31.177.109.184/0XV
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732117863201&w=0&anoncknm=app_anon&NoResponseBody=true
20.44.10.122
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732117857294&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
20.44.10.122
http://31.177.109.184/ws
unknown
http://185.215.113.206/c4becf79229cb002.php2L
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://drive-daily-4.corp.google.com/
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
http://31.41.244.11/files/random.exe6l
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllt
unknown
http://185.215.113.206/c4becf79229cb002.phpX#J
unknown
http://31.177.109.184/NXX
unknown
https://curl.se/docs/alt-svc.html
unknown
https://ace-snapper-privately.ngrok-free.app/test/testFailed
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
unknown
https://drive-daily-5.corp.google.com/
unknown
https://sb.scorecardresearch.com/b2?rn=1732117857297&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0D807BBDD89D650538396E80D9B4640A&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.238.49.99
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732117864319&w=0&anoncknm=app_anon&NoResponseBody=true
20.44.10.122
https://www.google.com/chrome
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllZ
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://drive-preprod.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
http://31.41.244.11/files/random.exe
unknown
http://185.215.113.206/c4becf79229cb002.phpM
unknown
https://chrome.google.com/webstore/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
34.116.198.130
http://185.215.113.206/68b591d6548ec281/nss3.dllY
unknown
https://assets.msn.cn/resolver/
unknown
http://html4/loose.dtd
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpd
unknown
http://31.177.109.184/1
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
http://31.177.109.184/5
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206ocal
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
unknown
http://.css
unknown
http://185.215.113.206/(
unknown
https://ntp.msn.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732117863198&w=0&anoncknm=app_anon&NoResponseBody=true
20.44.10.122
https://browser.events.data.msn.cn/
unknown
http://185.215.113.43/Zu7JuNko/index.phpta
unknown
https://drive-staging.corp.google.com/
unknown
http://31.41.244.11/files/stealc_main1.exe
unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347libgcc_s_dw2-1.dll__register_frame_info__der
unknown
https://sb.scorecardresearch.com/b?rn=1732117857297&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0D807BBDD89D650538396E80D9B4640A&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.165.220.110
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
http://185.215.113.43/Zu7JuNko/index.php&
unknown
http://185.215.113.43/Zu7JuNko/index.php32
unknown
https://ntp.msn.com/
unknown
http://.jpg
unknown
http://www.sqlite.org/copyright.html.
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
162.159.61.3
home.fvtekk5pn.top
34.116.198.130
plus.l.google.com
172.217.17.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.110
www.google.com
142.250.181.68
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
172.217.19.225
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.9
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
31.177.109.184
unknown
Russian Federation
malicious
13.107.246.40
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
23.221.239.203
unknown
United States
20.110.205.119
unknown
United States
13.91.222.61
unknown
United States
184.28.190.187
unknown
United States
185.215.113.16
unknown
Portugal
239.255.255.250
unknown
Reserved
20.96.153.111
unknown
United States
127.0.0.1
unknown
unknown
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
152.195.19.97
unknown
United States
23.219.82.10
unknown
United States
18.238.49.99
unknown
United States
192.168.2.23
unknown
unknown
142.250.181.68
www.google.com
United States
204.79.197.219
unknown
United States
172.64.41.3
unknown
United States
31.41.244.11
unknown
Russian Federation
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
18.165.220.110
sb.scorecardresearch.com
United States
23.44.203.75
unknown
United States
20.44.10.122
unknown
United States
There are 18 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
There are 93 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
47F0000
direct allocation
page read and write
 malicious
79B000
unkown
page readonly
 malicious
4AF0000
direct allocation
page read and write
 malicious
14AE000
heap
page read and write
 malicious
4D70000
direct allocation
page read and write
 malicious
11000
unkown
page execute and read and write
 malicious
8A1000
unkown
page execute and read and write
 malicious
11000
unkown
page execute and read and write
 malicious
65E000
heap
page read and write
 malicious
5290000
direct allocation
page read and write
 malicious
48F0000
direct allocation
page read and write
 malicious
79B000
unkown
page readonly
 malicious
11000
unkown
page execute and read and write
 malicious
3F1000
unkown
page execute and read and write
 malicious
304000
heap
page read and write
39CF000
stack
page read and write
304000
heap
page read and write
1D8ED000
heap
page read and write
4E01000
heap
page read and write
304000
heap
page read and write
4DAC000
stack
page read and write
304000
heap
page read and write
6B00000
trusted library allocation
page read and write
48E1000
heap
page read and write
1D8C0000
heap
page read and write
6ECE000
stack
page read and write
23DBD000
heap
page read and write
1D900000
heap
page read and write
1D8E6000
heap
page read and write
304000
heap
page read and write
5D55000
heap
page read and write
1450000
heap
page read and write
DA3000
unkown
page execute and read and write
4950000
direct allocation
page execute and read and write
59BC000
stack
page read and write
313E000
stack
page read and write
492E000
stack
page read and write
446F000
stack
page read and write
304000
heap
page read and write
9E0000
direct allocation
page read and write
28E0000
direct allocation
page read and write
48D0000
direct allocation
page read and write
315000
unkown
page execute and read and write
48E1000
heap
page read and write
9D0000
heap
page read and write
23AB0000
heap
page read and write
9E0000
direct allocation
page read and write
23D10000
trusted library allocation
page read and write
759B000
direct allocation
page read and write
6A01000
heap
page read and write
56C000
stack
page read and write
323F000
stack
page read and write
4A90000
direct allocation
page execute and read and write
4851000
direct allocation
page read and write
8AFC000
stack
page read and write
70F0000
direct allocation
page execute and read and write
1D8F1000
heap
page read and write
A3E000
stack
page read and write
8C0000
heap
page read and write
683F000
stack
page read and write
34BF000
stack
page read and write
6A01000
heap
page read and write
1D900000
heap
page read and write
4EE0000
direct allocation
page execute and read and write
1D46F000
stack
page read and write
4471000
heap
page read and write
3DDE000
stack
page read and write
57FF000
stack
page read and write
1D8F8000
heap
page read and write
4AF0000
direct allocation
page execute and read and write
403E000
stack
page read and write
4E01000
heap
page read and write
771000
unkown
page execute and write copy
304000
heap
page read and write
12EC000
unkown
page execute and read and write
7110000
direct allocation
page execute and read and write
53F0000
direct allocation
page execute and read and write
304000
heap
page read and write
388F000
stack
page read and write
3140000
direct allocation
page read and write
B1C000
stack
page read and write
522E000
stack
page read and write
710000
unkown
page execute and write copy
4C50000
direct allocation
page execute and read and write
304000
heap
page read and write
4E01000
heap
page read and write
304000
heap
page read and write
A0E000
stack
page read and write
2B8F000
stack
page read and write
315000
unkown
page execute and read and write
355E000
stack
page read and write
509B000
stack
page read and write
5EFE000
stack
page read and write
320E000
stack
page read and write
A30000
heap
page read and write
48E1000
heap
page read and write
10000
unkown
page read and write
304000
heap
page read and write
23B90000
trusted library allocation
page read and write
1004000
heap
page read and write
3F1E000
stack
page read and write
3140000
direct allocation
page read and write
1D8E3000
heap
page read and write
48D0000
direct allocation
page read and write
304000
heap
page read and write
E60000
heap
page read and write
450F000
stack
page read and write
1455000
heap
page read and write
48E1000
heap
page read and write
350E000
stack
page read and write
1D4DE000
stack
page read and write
B5D000
stack
page read and write
48E1000
heap
page read and write
79000
unkown
page write copy
711000
unkown
page execute and write copy
BB0000
heap
page read and write
E0F000
heap
page read and write
1004000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
370E000
stack
page read and write
6A01000
heap
page read and write
304000
heap
page read and write
E09000
heap
page read and write
E33000
heap
page read and write
315B000
heap
page read and write
9FC000
stack
page read and write
1D90E000
heap
page read and write
1D8F1000
heap
page read and write
1004000
heap
page read and write
B10000
direct allocation
page read and write
3FAE000
stack
page read and write
9E0000
direct allocation
page read and write
304000
heap
page read and write
4ED0000
direct allocation
page execute and read and write
48E1000
heap
page read and write
434F000
stack
page read and write
73DE000
stack
page read and write
304000
heap
page read and write
304000
heap
page read and write
48E1000
heap
page read and write
1D900000
heap
page read and write
5D0000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
2AA20000
heap
page read and write
7442000
direct allocation
page read and write
2F8E000
stack
page read and write
6A01000
heap
page read and write
320000
unkown
page execute and read and write
4D70000
direct allocation
page read and write
429F000
stack
page read and write
1A43F000
stack
page read and write
451F000
stack
page read and write
304000
heap
page read and write
1004000
heap
page read and write
7260000
heap
page read and write
304000
heap
page read and write
6A01000
heap
page read and write
1D900000
heap
page read and write
3140000
direct allocation
page read and write
4F50000
direct allocation
page execute and read and write
331000
unkown
page execute and write copy
28E0000
direct allocation
page read and write
48E1000
heap
page read and write
304000
heap
page read and write
1D8F1000
heap
page read and write
4C70000
direct allocation
page execute and read and write
7599000
direct allocation
page read and write
9E0000
direct allocation
page read and write
637E000
stack
page read and write
28E0000
direct allocation
page read and write
48D0000
direct allocation
page read and write
4CB0000
direct allocation
page execute and read and write
479F000
stack
page read and write
1004000
heap
page read and write
633F000
stack
page read and write
771000
unkown
page execute and write copy
1D8F1000
heap
page read and write
31EE000
stack
page read and write
1004000
heap
page read and write
35FF000
stack
page read and write
7150000
direct allocation
page execute and read and write
304000
heap
page read and write
4E01000
heap
page read and write
1661000
unkown
page execute and read and write
E0A000
heap
page read and write
542E000
stack
page read and write
4CFE000
stack
page read and write
48E1000
heap
page read and write
A7E000
stack
page read and write
B60000
heap
page read and write
4E01000
heap
page read and write
38CE000
stack
page read and write
4351000
heap
page read and write
1D8F1000
heap
page read and write
26FE000
stack
page read and write
1D900000
heap
page read and write
4471000
heap
page read and write
6225000
heap
page read and write
1D8D7000
heap
page read and write
1D8F1000
heap
page read and write
48E1000
heap
page read and write
6200000
heap
page read and write
1D90A000
heap
page read and write
1D8D9000
heap
page read and write
3620000
direct allocation
page read and write
BE0000
unkown
page read and write
4E01000
heap
page read and write
3C5F000
stack
page read and write
304000
heap
page read and write
1D8F1000
heap
page read and write
4E01000
heap
page read and write
1D8F1000
heap
page read and write
304000
heap
page read and write
387F000
stack
page read and write
379E000
stack
page read and write
6CD4F000
unkown
page readonly
4970000
direct allocation
page execute and read and write
4E01000
heap
page read and write
3157000
heap
page read and write
4570000
trusted library allocation
page read and write
36CF000
stack
page read and write
4AF0000
direct allocation
page read and write
E16000
heap
page read and write
304000
heap
page read and write
29CD000
heap
page read and write
4C2F000
stack
page read and write
4E01000
heap
page read and write
48E1000
heap
page read and write
4EFC000
stack
page read and write
4E01000
heap
page read and write
33CE000
stack
page read and write
B65000
heap
page read and write
48E1000
heap
page read and write
304000
heap
page read and write
48E1000
heap
page read and write
4E10000
heap
page read and write
1D909000
heap
page read and write
4E01000
heap
page read and write
4EF0000
direct allocation
page execute and read and write
AEC000
stack
page read and write
304000
heap
page read and write
7110000
direct allocation
page execute and read and write
4E01000
heap
page read and write
7110000
direct allocation
page execute and read and write
304000
heap
page read and write
288E000
stack
page read and write
A34000
heap
page read and write
6A01000
heap
page read and write
11000
unkown
page execute and write copy
A34000
heap
page read and write
1D8E5000
heap
page read and write
304000
heap
page read and write
70E0000
direct allocation
page execute and read and write
1004000
heap
page read and write
532F000
stack
page read and write
2FBF000
stack
page read and write
23B6B000
heap
page read and write
48E1000
heap
page read and write
356F000
stack
page read and write
304000
heap
page read and write
2E2E000
stack
page read and write
6A01000
heap
page read and write
320000
unkown
page execute and read and write
55BF000
stack
page read and write
B2A000
heap
page read and write
1004000
heap
page read and write
B10000
direct allocation
page read and write
4DDF000
stack
page read and write
2D0E000
stack
page read and write
328E000
stack
page read and write
4E01000
heap
page read and write
1D8EA000
heap
page read and write
4A70000
direct allocation
page execute and read and write
48D0000
direct allocation
page read and write
6CB000
unkown
page execute and read and write
487E000
stack
page read and write
304000
heap
page read and write
DA0000
heap
page read and write
23BFE000
stack
page read and write
E2B000
heap
page read and write
1D90E000
heap
page read and write
441E000
stack
page read and write
304000
heap
page read and write
1D90E000
heap
page read and write
4661000
heap
page read and write
A34000
heap
page read and write
3C3F000
stack
page read and write
60DE000
stack
page read and write
4A70000
direct allocation
page execute and read and write
BE1000
unkown
page execute and write copy
48E1000
heap
page read and write
4A70000
direct allocation
page execute and read and write
423F000
stack
page read and write
D1F000
stack
page read and write
5F5F000
stack
page read and write
70C8000
heap
page read and write
5450000
direct allocation
page execute and read and write
725E000
heap
page read and write
4ABE000
stack
page read and write
436E000
stack
page read and write
304000
heap
page read and write
1004000
heap
page read and write
1D8E6000
heap
page read and write
49E0000
trusted library allocation
page read and write
482E000
stack
page read and write
48E1000
heap
page read and write
3FCE000
stack
page read and write
4C90000
direct allocation
page execute and read and write
3CEF000
stack
page read and write
346E000
stack
page read and write
A8E000
stack
page read and write
6CBB0000
unkown
page readonly
3BCF000
stack
page read and write
35CE000
stack
page read and write
2FFE000
stack
page read and write
12F3000
stack
page read and write
3F8F000
stack
page read and write
29C0000
heap
page read and write
4EC0000
direct allocation
page execute and read and write
4E01000
heap
page read and write
1D8D7000
heap
page read and write
48E1000
heap
page read and write
308F000
stack
page read and write
F3F000
stack
page read and write
49C000
stack
page read and write
2E0F000
stack
page read and write
1D900000
heap
page read and write
4E01000
heap
page read and write
4940000
direct allocation
page execute and read and write
304000
heap
page read and write
2BFF000
stack
page read and write
281E000
stack
page read and write
28E0000
direct allocation
page read and write
4661000
heap
page read and write
61F0000
heap
page read and write
B10000
direct allocation
page read and write
3D7F000
stack
page read and write
A34000
heap
page read and write
455E000
stack
page read and write
BB0000
heap
page read and write
1D8F4000
heap
page read and write
6A01000
heap
page read and write
48E1000
heap
page read and write
7110000
direct allocation
page execute and read and write
3140000
direct allocation
page read and write
48F0000
direct allocation
page read and write
304000
heap
page read and write
4E01000
heap
page read and write
61EB7000
direct allocation
page readonly
48D0000
direct allocation
page read and write
4A50000
direct allocation
page execute and read and write
546F000
stack
page read and write
4AB0000
direct allocation
page execute and read and write
70C0000
heap
page read and write
1D8CB000
heap
page read and write
806000
unkown
page read and write
101F000
stack
page read and write
6A01000
heap
page read and write
23B90000
trusted library allocation
page read and write
B46000
heap
page read and write
1D85D000
stack
page read and write
4E01000
heap
page read and write
304000
heap
page read and write
4E01000
heap
page read and write
304000
heap
page read and write
3620000
direct allocation
page read and write
304000
heap
page read and write
C90000
heap
page read and write
2ACE000
stack
page read and write
1832000
unkown
page execute and read and write
209000
unkown
page execute and read and write
1A47E000
stack
page read and write
304000
heap
page read and write
6CB11000
unkown
page execute read
304000
heap
page read and write
2FCF000
stack
page read and write
3FFF000
stack
page read and write
23954000
heap
page read and write
4E01000
heap
page read and write
48E1000
heap
page read and write
D3E000
stack
page read and write
304000
heap
page read and write
7110000
direct allocation
page execute and read and write
ACE000
stack
page read and write
6CBA2000
unkown
page readonly
89FB000
stack
page read and write
3E2F000
stack
page read and write
4E01000
heap
page read and write
4960000
direct allocation
page execute and read and write
5290000
direct allocation
page read and write
380F000
stack
page read and write
48E1000
heap
page read and write
B20000
heap
page read and write
6A01000
heap
page read and write
7110000
direct allocation
page execute and read and write
B10000
direct allocation
page read and write
1D903000
heap
page read and write
1509000
heap
page read and write
1D8DC000
heap
page read and write
7110000
direct allocation
page execute and read and write
3EFE000
stack
page read and write
339F000
stack
page read and write
1004000
heap
page read and write
331000
unkown
page execute and write copy
2F2F000
stack
page read and write
4351000
heap
page read and write
14F1000
heap
page read and write
6A01000
heap
page read and write
304000
heap
page read and write
7110000
direct allocation
page execute and read and write
48E1000
heap
page read and write
A34000
heap
page read and write
B10000
direct allocation
page read and write
43CF000
stack
page read and write
72000
unkown
page execute and read and write
7260000
heap
page read and write
304000
heap
page read and write
1D8D5000
heap
page read and write
304000
heap
page read and write
54CE000
stack
page read and write
305000
heap
page read and write
4E01000
heap
page read and write
5290000
direct allocation
page read and write
1D90B000
heap
page read and write
304000
heap
page read and write
48E1000
heap
page read and write
7110000
direct allocation
page execute and read and write
5E9000
unkown
page execute and read and write
37EF000
stack
page read and write
304000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
513F000
stack
page read and write
E3A000
heap
page read and write
364E000
stack
page read and write
23A90000
heap
page read and write
4660000
heap
page read and write
28E0000
direct allocation
page read and write
B10000
direct allocation
page read and write
403F000
stack
page read and write
1D1EF000
stack
page read and write
F6E000
stack
page read and write
48F4000
heap
page read and write
6CB10000
unkown
page readonly
48E1000
heap
page read and write
31CF000
stack
page read and write
47F0000
direct allocation
page read and write
79000
unkown
page write copy
1D90E000
heap
page read and write
4E01000
heap
page read and write
49C0000
direct allocation
page execute and read and write
1D90E000
heap
page read and write
167A000
unkown
page execute and write copy
DA0000
heap
page read and write
324F000
stack
page read and write
48E1000
heap
page read and write
B10000
direct allocation
page read and write
3C8E000
stack
page read and write
2CAF000
stack
page read and write
48E1000
heap
page read and write
55FE000
stack
page read and write
313B000
stack
page read and write
6E90000
direct allocation
page read and write
4A70000
direct allocation
page execute and read and write
5410000
direct allocation
page execute and read and write
310F000
stack
page read and write
4E01000
heap
page read and write
28CE000
stack
page read and write
6A01000
heap
page read and write
351E000
stack
page read and write
1A83E000
stack
page read and write
4F00000
direct allocation
page execute and read and write
1004000
heap
page read and write
304000
heap
page read and write
4EF0000
direct allocation
page execute and read and write
6A01000
heap
page read and write
AEA000
unkown
page write copy
E8F000
heap
page read and write
35DE000
stack
page read and write
5A7E000
stack
page read and write
6A01000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
4E01000
heap
page read and write
329E000
stack
page read and write
4CF0000
direct allocation
page execute and read and write
2F6E000
stack
page read and write
29A000
stack
page read and write
4E20000
heap
page read and write
304000
heap
page read and write
67FE000
stack
page read and write
61DF000
stack
page read and write
2B0E000
stack
page read and write
36EE000
stack
page read and write
3620000
direct allocation
page read and write
48E1000
heap
page read and write
4A00000
direct allocation
page execute and read and write
320000
unkown
page execute and read and write
48E1000
heap
page read and write
1004000
heap
page read and write
1004000
heap
page read and write
147D000
unkown
page execute and read and write
4E01000
heap
page read and write
4E01000
heap
page read and write
4E01000
heap
page read and write
4E01000
heap
page read and write
1D8EA000
heap
page read and write
19DE000
heap
page read and write
C79000
unkown
page execute and read and write
330000
unkown
page execute and write copy
4EF0000
direct allocation
page execute and read and write
1AA7E000
stack
page read and write
3E6E000
stack
page read and write
304000
heap
page read and write
6E90000
direct allocation
page read and write
3620000
direct allocation
page read and write
5BE000
stack
page read and write
2EBE000
stack
page read and write
4C9F000
stack
page read and write
52DC000
stack
page read and write
79000
unkown
page write copy
48E1000
heap
page read and write
DBC000
heap
page read and write
5C7E000
stack
page read and write
4E01000
heap
page read and write
7130000
direct allocation
page execute and read and write
3620000
direct allocation
page read and write
1D8CF000
heap
page read and write
49B0000
direct allocation
page execute and read and write
DA4000
unkown
page execute and write copy
6A01000
heap
page read and write
1D8F1000
heap
page read and write
4E01000
heap
page read and write
8A1000
unkown
page execute and write copy
1D8EF000
heap
page read and write
6A01000
heap
page read and write
1004000
heap
page read and write
6A01000
heap
page read and write
209000
unkown
page execute and read and write
4351000
heap
page read and write
6A01000
heap
page read and write
209000
unkown
page execute and read and write
4D5000
unkown
page execute and read and write
1D90E000
heap
page read and write
1D32F000
stack
page read and write
609F000
stack
page read and write
DC9000
heap
page read and write
11000
unkown
page execute and write copy
7110000
direct allocation
page execute and read and write
1D8CE000
heap
page read and write
48E1000
heap
page read and write
70CF000
stack
page read and write
304000
heap
page read and write
1D8CD000
heap
page read and write
48D0000
direct allocation
page read and write
1D8F5000
heap
page read and write
48F0000
heap
page read and write
4E01000
heap
page read and write
79000
unkown
page write copy
310000
heap
page read and write
469E000
stack
page read and write
4C70000
direct allocation
page execute and read and write
2A8D0000
heap
page read and write
4EF0000
direct allocation
page execute and read and write
6224000
heap
page read and write
4D04000
heap
page read and write
48DF000
stack
page read and write
2AA1C000
stack
page read and write
337F000
stack
page read and write
305000
heap
page read and write
1D8C2000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
4E01000
heap
page read and write
3140000
direct allocation
page read and write
4F10000
direct allocation
page execute and read and write
298F000
stack
page read and write
304000
heap
page read and write
E0C000
heap
page read and write
3620000
direct allocation
page read and write
DB2000
heap
page read and write
4E01000
heap
page read and write
19D0000
heap
page read and write
23DAF000
heap
page read and write
6CD8F000
unkown
page write copy
1000000
heap
page read and write
1D8E9000
heap
page read and write
384E000
stack
page read and write
440E000
stack
page read and write
2787000
heap
page read and write
304000
heap
page read and write
1004000
heap
page read and write
61ED3000
direct allocation
page read and write
1004000
heap
page read and write
464F000
stack
page read and write
6A01000
heap
page read and write
1D904000
heap
page read and write
1004000
heap
page read and write
304000
heap
page read and write
4E01000
heap
page read and write
7170000
direct allocation
page execute and read and write
537F000
stack
page read and write
6A01000
heap
page read and write
8A0000
unkown
page read and write
4460000
trusted library allocation
page read and write
1D900000
heap
page read and write
48D0000
direct allocation
page read and write
374F000
stack
page read and write
4900000
heap
page read and write
304000
heap
page read and write
1D90E000
heap
page read and write
195000
stack
page read and write
48E1000
heap
page read and write
304000
heap
page read and write
3140000
direct allocation
page read and write
7B000
unkown
page execute and read and write
BC0000
heap
page read and write
6E7E000
stack
page read and write
9E0000
direct allocation
page read and write
1004000
heap
page read and write
1834000
unkown
page execute and write copy
382E000
stack
page read and write
1D90E000
heap
page read and write
48E1000
heap
page read and write
876E000
stack
page read and write
4A7F000
stack
page read and write
770000
unkown
page readonly
6A01000
heap
page read and write
10000
unkown
page readonly
304000
heap
page read and write
330000
unkown
page execute and write copy
7190000
direct allocation
page execute and read and write
304000
heap
page read and write
1004000
heap
page read and write
1004000
heap
page read and write
19DA000
heap
page read and write
B10000
direct allocation
page read and write
6A01000
heap
page read and write
4D5000
unkown
page execute and read and write
2CEE000
stack
page read and write
7251000
heap
page read and write
2F4F000
stack
page read and write
4D10000
direct allocation
page execute and read and write
4E01000
heap
page read and write
4661000
heap
page read and write
A34000
heap
page read and write
4661000
heap
page read and write
48E1000
heap
page read and write
6BF000
heap
page read and write
10000
unkown
page read and write
3ECF000
stack
page read and write
3A3F000
stack
page read and write
3A1E000
stack
page read and write
417E000
stack
page read and write
4A70000
direct allocation
page execute and read and write
BBE000
stack
page read and write
483F000
stack
page read and write
1D8EB000
heap
page read and write
61EB4000
direct allocation
page read and write
330000
unkown
page execute and read and write
284E000
stack
page read and write
E30000
heap
page read and write
1004000
heap
page read and write
49E0000
direct allocation
page execute and read and write
6201000
heap
page read and write
4E01000
heap
page read and write
1004000
heap
page read and write
1CCF000
stack
page read and write
1350000
heap
page read and write
B5E000
stack
page read and write
5A3E000
stack
page read and write
48E1000
heap
page read and write
5290000
direct allocation
page read and write
8D7000
unkown
page execute and read and write
28F0000
heap
page read and write
3D0F000
stack
page read and write
400F000
stack
page read and write
5D2C000
stack
page read and write
3DBE000
stack
page read and write
48E1000
heap
page read and write
1A97E000
stack
page read and write
304000
heap
page read and write
7110000
direct allocation
page execute and read and write
419E000
stack
page read and write
401F000
stack
page read and write
6A01000
heap
page read and write
E2F000
stack
page read and write
6A01000
heap
page read and write
1D8DB000
heap
page read and write
28A7000
heap
page read and write
1D8D7000
heap
page read and write
3620000
direct allocation
page read and write
48E1000
heap
page read and write
4A40000
direct allocation
page execute and read and write
29FF000
stack
page read and write
23B6B000
heap
page read and write
478F000
stack
page read and write
ABE000
stack
page read and write
4E00000
heap
page read and write
4C80000
direct allocation
page execute and read and write
9E0000
direct allocation
page read and write
8FD000
stack
page read and write
3B3E000
stack
page read and write
1004000
heap
page read and write
304000
heap
page read and write
48E1000
heap
page read and write
1D8E6000
heap
page read and write
304000
heap
page read and write
2BCE000
stack
page read and write
6CB8D000
unkown
page readonly
48E1000
heap
page read and write
304000
heap
page read and write
48E1000
heap
page read and write
7110000
direct allocation
page execute and read and write
3620000
direct allocation
page read and write
1004000
heap
page read and write
304000
heap
page read and write
32EF000
stack
page read and write
1D8F0000
heap
page read and write
4E01000
heap
page read and write
4661000
heap
page read and write
47DE000
stack
page read and write
E2B000
heap
page read and write
4D7000
unkown
page execute and write copy
1D8F1000
heap
page read and write
3A0E000
stack
page read and write
361E000
stack
page read and write
F4F000
unkown
page execute and write copy
4E01000
heap
page read and write
452000
unkown
page execute and read and write
16DE000
stack
page read and write
BC0000
heap
page read and write
6A01000
heap
page read and write
209000
unkown
page execute and read and write
1D8D7000
heap
page read and write
48E1000
heap
page read and write
5CBE000
stack
page read and write
23DB7000
heap
page read and write
1D90E000
heap
page read and write
48E1000
heap
page read and write
39FE000
stack
page read and write
4E01000
heap
page read and write
1D8E9000
heap
page read and write
4E01000
heap
page read and write
72000
unkown
page execute and read and write
422E000
stack
page read and write
427F000
stack
page read and write
1D71D000
stack
page read and write
28E0000
direct allocation
page read and write
48D0000
direct allocation
page read and write
3A6F000
stack
page read and write
886F000
stack
page read and write
6A01000
heap
page read and write
7110000
direct allocation
page execute and read and write
3F6F000
stack
page read and write
4E01000
heap
page read and write
DE0000
heap
page read and write
48E1000
heap
page read and write
48E1000
heap
page read and write
4A70000
direct allocation
page execute and read and write
4E01000
heap
page read and write
304000
heap
page read and write
92E000
stack
page read and write
9E0000
direct allocation
page read and write
27DF000
stack
page read and write
48E1000
heap
page read and write
48E1000
heap
page read and write
1D22E000
stack
page read and write
4CD0000
direct allocation
page execute and read and write
31AF000
stack
page read and write
6A01000
heap
page read and write
4E01000
heap
page read and write
2E8F000
stack
page read and write
2C0F000
stack
page read and write
43FE000
stack
page read and write
E03000
heap
page read and write
571D000
stack
page read and write
3D9F000
stack
page read and write
14A0000
heap
page read and write
6A2000
heap
page read and write
7110000
direct allocation
page execute and read and write
304000
heap
page read and write
6A01000
heap
page read and write
41EF000
stack
page read and write
42DE000
stack
page read and write
1004000
heap
page read and write
377E000
stack
page read and write
48E1000
heap
page read and write
3140000
direct allocation
page read and write
181F000
stack
page read and write
4AE0000
direct allocation
page execute and read and write
48E1000
heap
page read and write
3C0E000
stack
page read and write
1D8E7000
heap
page read and write
6CD95000
unkown
page readonly
305000
heap
page read and write
9BA000
unkown
page readonly
43BF000
stack
page read and write
DA3000
unkown
page execute and write copy
304000
heap
page read and write
650000
heap
page read and write
3F0E000
stack
page read and write
48E1000
heap
page read and write
5D56000
heap
page read and write
5420000
direct allocation
page execute and read and write
29AF000
stack
page read and write
166C000
unkown
page execute and read and write
415F000
stack
page read and write
4E01000
heap
page read and write
3140000
direct allocation
page read and write
6A01000
heap
page read and write
28F7000
heap
page read and write
4F40000
direct allocation
page execute and read and write
2BAF000
stack
page read and write
3AAE000
stack
page read and write
304000
heap
page read and write
48E1000
heap
page read and write
53BE000
stack
page read and write
E9B000
heap
page read and write
4E01000
heap
page read and write
4D00000
direct allocation
page execute and read and write
38BE000
stack
page read and write
48E1000
heap
page read and write
6A01000
heap
page read and write
314E000
stack
page read and write
48E1000
heap
page read and write
61ED4000
direct allocation
page readonly
1D900000
heap
page read and write
A5C000
stack
page read and write
D8E000
heap
page read and write
2DEF000
stack
page read and write
6A01000
heap
page read and write
1D90E000
heap
page read and write
E0F000
heap
page read and write
6A01000
heap
page read and write
1D8E3000
heap
page read and write
48E1000
heap
page read and write
330F000
stack
page read and write
327E000
stack
page read and write
1D8F1000
heap
page read and write
1004000
heap
page read and write
3140000
direct allocation
page read and write
1004000
heap
page read and write
48D0000
direct allocation
page read and write
4AF0000
direct allocation
page read and write
304000
heap
page read and write
4C70000
direct allocation
page execute and read and write
4E01000
heap
page read and write
28E0000
direct allocation
page read and write
62E000
stack
page read and write
F50000
heap
page read and write
65BE000
stack
page read and write
4970000
direct allocation
page execute and read and write
3620000
direct allocation
page read and write
1588000
heap
page read and write
358F000
stack
page read and write
4CDE000
stack
page read and write
1D8EA000
heap
page read and write
304000
heap
page read and write
36AF000
stack
page read and write
42BE000
stack
page read and write
7A7000
unkown
page write copy
4DD1000
direct allocation
page read and write
1004000
heap
page read and write
1A5BE000
stack
page read and write
2D8E000
stack
page read and write
2C4B000
stack
page read and write
48E1000
heap
page read and write
1D90E000
heap
page read and write
304000
heap
page read and write
1004000
heap
page read and write
304000
heap
page read and write
28E0000
direct allocation
page read and write
710000
unkown
page execute and read and write
23CFE000
stack
page read and write
2EB000
unkown
page execute and read and write
19E000
stack
page read and write
4E01000
heap
page read and write
1A93C000
stack
page read and write
7110000
direct allocation
page execute and read and write
1D8D7000
heap
page read and write
1D36E000
stack
page read and write
338F000
stack
page read and write
700000
unkown
page execute and read and write
1D8EA000
heap
page read and write
536E000
stack
page read and write
383F000
stack
page read and write
A10000
heap
page read and write
B10000
direct allocation
page read and write
71A0000
direct allocation
page execute and read and write
4E01000
heap
page read and write
4471000
heap
page read and write
E30000
heap
page read and write
3620000
direct allocation
page read and write
6A01000
heap
page read and write
B10000
direct allocation
page read and write
33DE000
stack
page read and write
304000
heap
page read and write
4A10000
direct allocation
page execute and read and write
2780000
heap
page read and write
1D90E000
heap
page read and write
48D0000
direct allocation
page read and write
1527000
heap
page read and write
BED000
stack
page read and write
1D8F1000
heap
page read and write
3F0000
unkown
page read and write
4B5F000
stack
page read and write
304000
heap
page read and write
305000
heap
page read and write
23A90000
trusted library allocation
page read and write
239FB000
heap
page read and write
4CC0000
direct allocation
page execute and read and write
ADE000
stack
page read and write
D40000
heap
page read and write
304000
heap
page read and write
28AE000
heap
page read and write
E16000
heap
page read and write
1D900000
heap
page read and write
1D61E000
stack
page read and write
28E0000
direct allocation
page read and write
1004000
heap
page read and write
5D0000
heap
page read and write
5400000
direct allocation
page execute and read and write
361F000
stack
page read and write
3E8E000
stack
page read and write
48E1000
heap
page read and write
48E1000
heap
page read and write
E0F000
heap
page read and write
304000
heap
page read and write
6A01000
heap
page read and write
1A6FE000
stack
page read and write
1004000
heap
page read and write
58BD000
stack
page read and write
61E00000
direct allocation
page execute and read and write
4B2E000
stack
page read and write
4F80000
direct allocation
page execute and read and write
2AA21000
heap
page read and write
359E000
stack
page read and write
51E000
stack
page read and write
304000
heap
page read and write
285E000
stack
page read and write
6A01000
heap
page read and write
A34000
heap
page read and write
3ACE000
stack
page read and write
1D90D000
heap
page read and write
F4E000
unkown
page execute and read and write
304000
heap
page read and write
1D8F5000
heap
page read and write
34DF000
stack
page read and write
1F0000
heap
page read and write
6A01000
heap
page read and write
15DE000
stack
page read and write
E0A000
heap
page read and write
8A0000
unkown
page readonly
96C000
unkown
page execute and read and write
4E01000
heap
page read and write
48E1000
heap
page read and write
304000
heap
page read and write
D25000
heap
page read and write
465F000
stack
page read and write
2AFF000
stack
page read and write
1D90E000
heap
page read and write
304000
heap
page read and write
6A01000
heap
page read and write
4470000
heap
page read and write
4EFF000
stack
page read and write
20CE000
stack
page read and write
405E000
stack
page read and write
1D8CD000
heap
page read and write
81F000
unkown
page read and write
2C3E000
stack
page read and write
A34000
heap
page read and write
4CBF000
stack
page read and write
420F000
stack
page read and write
424E000
stack
page read and write
7350000
heap
page read and write
6F5000
unkown
page execute and read and write
4C70000
direct allocation
page execute and read and write
5420000
direct allocation
page execute and read and write
304000
heap
page read and write
1004000
heap
page read and write
4B00000
direct allocation
page execute and read and write
3BEE000
stack
page read and write
9E0000
direct allocation
page read and write
53DF000
stack
page read and write
7110000
direct allocation
page execute and read and write
304000
heap
page read and write
4E01000
heap
page read and write
48E1000
heap
page read and write
48E1000
heap
page read and write
443F000
stack
page read and write
4EF0000
direct allocation
page execute and read and write
29CB000
heap
page read and write
1D8E8000
heap
page read and write
1490000
heap
page read and write
1D8F1000
heap
page read and write
305000
heap
page read and write
E2B000
heap
page read and write
3620000
direct allocation
page read and write
7B000
unkown
page execute and read and write
413F000
stack
page read and write
8B7000
unkown
page execute and write copy
47CE000
stack
page read and write
7120000
direct allocation
page execute and read and write
5430000
direct allocation
page execute and read and write
49D0000
direct allocation
page execute and read and write
4EF0000
direct allocation
page execute and read and write
4E01000
heap
page read and write
FBE000
stack
page read and write
9E0000
direct allocation
page read and write
D20000
heap
page read and write
E33000
heap
page read and write
2E7F000
stack
page read and write
1004000
heap
page read and write
55CF000
stack
page read and write
3E4F000
stack
page read and write
454E000
stack
page read and write
1004000
heap
page read and write
360F000
stack
page read and write
315000
unkown
page execute and read and write
A07000
unkown
page execute and read and write
68C0000
trusted library allocation
page read and write
1D8D7000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
4EAF000
stack
page read and write
4CA0000
direct allocation
page execute and read and write
1D9EB000
heap
page read and write
2ECE000
stack
page read and write
304000
heap
page read and write
6A01000
heap
page read and write
1D90A000
heap
page read and write
48E1000
heap
page read and write
428F000
stack
page read and write
453E000
stack
page read and write
7110000
direct allocation
page execute and read and write
304000
heap
page read and write
167A000
unkown
page execute and read and write
FC0000
heap
page read and write
4E01000
heap
page read and write
585E000
stack
page read and write
D62000
unkown
page execute and read and write
B10000
direct allocation
page read and write
468E000
stack
page read and write
D93000
unkown
page execute and read and write
459000
unkown
page write copy
23A90000
trusted library allocation
page read and write
4E06000
heap
page read and write
4471000
heap
page read and write
770000
unkown
page readonly
2CCF000
stack
page read and write
1004000
heap
page read and write
304000
heap
page read and write
3E3F000
stack
page read and write
2D3F000
stack
page read and write
1D8CF000
heap
page read and write
365E000
stack
page read and write
1D75D000
stack
page read and write
1004000
heap
page read and write
342F000
stack
page read and write
304000
heap
page read and write
38DE000
stack
page read and write
A34000
heap
page read and write
48E1000
heap
page read and write
48E1000
heap
page read and write
1D8FA000
heap
page read and write
2EB000
unkown
page execute and read and write
45B000
unkown
page execute and read and write
3D4E000
stack
page read and write
48E1000
heap
page read and write
3620000
direct allocation
page read and write
48E1000
heap
page read and write
7110000
direct allocation
page execute and read and write
1D8F1000
heap
page read and write
1D906000
heap
page read and write
11000
unkown
page execute and write copy
315E000
heap
page read and write
48F0000
direct allocation
page read and write
D8C000
unkown
page execute and read and write
6A01000
heap
page read and write
4450000
heap
page read and write
6217000
heap
page read and write
7110000
direct allocation
page execute and read and write
BAE000
stack
page read and write
3C9E000
stack
page read and write
49A0000
direct allocation
page execute and read and write
1D8F1000
heap
page read and write
4E01000
heap
page read and write
5F9E000
stack
page read and write
304000
heap
page read and write
A34000
heap
page read and write
304000
heap
page read and write
463F000
stack
page read and write
304000
heap
page read and write
48E1000
heap
page read and write
171E000
stack
page read and write
4350000
heap
page read and write
6A01000
heap
page read and write
4E01000
heap
page read and write
71B0000
direct allocation
page execute and read and write
1193000
unkown
page execute and read and write
4661000
heap
page read and write
4A80000
direct allocation
page execute and read and write
7180000
direct allocation
page execute and read and write
1D90B000
heap
page read and write
34FE000
stack
page read and write
7B000
unkown
page execute and read and write
4D00000
heap
page read and write
304000
heap
page read and write
432F000
stack
page read and write
363E000
stack
page read and write
4951000
direct allocation
page read and write
3DCE000
stack
page read and write
1430000
heap
page read and write
1D8E7000
heap
page read and write
304000
heap
page read and write
12F8000
stack
page read and write
48E1000
heap
page read and write
924000
unkown
page execute and read and write
2A8F000
stack
page read and write
4D7000
unkown
page execute and write copy
491E000
stack
page read and write
3F1000
unkown
page execute and write copy
1D8D6000
heap
page read and write
A34000
heap
page read and write
3140000
direct allocation
page read and write
5D0000
heap
page read and write
26BF000
stack
page read and write
1D9E0000
trusted library allocation
page read and write
E5F000
heap
page read and write
AD8000
unkown
page execute and read and write
6A01000
heap
page read and write
1D8F1000
heap
page read and write
AEC000
unkown
page execute and read and write
4C70000
direct allocation
page execute and read and write
331000
unkown
page execute and write copy
4A1F000
stack
page read and write
11DF000
stack
page read and write
6A01000
heap
page read and write
71D0000
direct allocation
page execute and read and write
6CBB1000
unkown
page execute read
34CF000
stack
page read and write
304000
heap
page read and write
304000
heap
page read and write
3BAF000
stack
page read and write
1D8CE000
heap
page read and write
1D8F1000
heap
page read and write
3C3F000
stack
page read and write
1D8D7000
heap
page read and write
3AFF000
stack
page read and write
A34000
heap
page read and write
1D8F5000
heap
page read and write
1587000
unkown
page execute and read and write
1D8E3000
heap
page read and write
D4A000
heap
page read and write
4E01000
heap
page read and write
3C4F000
stack
page read and write
E3E000
heap
page read and write
DB2000
heap
page read and write
414F000
stack
page read and write
28E0000
direct allocation
page read and write
3620000
direct allocation
page read and write
561D000
stack
page read and write
305000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
48E1000
heap
page read and write
158B000
unkown
page execute and read and write
35AE000
stack
page read and write
375F000
stack
page read and write
304000
heap
page read and write
304000
heap
page read and write
AEA000
unkown
page read and write
39BF000
stack
page read and write
389F000
stack
page read and write
48E1000
heap
page read and write
492F000
stack
page read and write
4D20000
heap
page read and write
48D0000
direct allocation
page read and write
1D8F1000
heap
page read and write
304000
heap
page read and write
DC1000
heap
page read and write
6E90000
direct allocation
page read and write
6A01000
heap
page read and write
3C7D000
stack
page read and write
48E1000
heap
page read and write
304000
heap
page read and write
106F000
stack
page read and write
304000
heap
page read and write
30FF000
stack
page read and write
48E1000
heap
page read and write
23DB7000
heap
page read and write
61E01000
direct allocation
page execute read
4E01000
heap
page read and write
48D0000
direct allocation
page read and write
332E000
stack
page read and write
6A01000
heap
page read and write
7160000
direct allocation
page execute and read and write
4E01000
heap
page read and write
33BE000
stack
page read and write
517E000
stack
page read and write
40AF000
stack
page read and write
304000
heap
page read and write
9E0000
direct allocation
page read and write
47F0000
direct allocation
page read and write
1D8E6000
heap
page read and write
A34000
heap
page read and write
304000
heap
page read and write
4F90000
direct allocation
page execute and read and write
49F0000
direct allocation
page execute and read and write
4F70000
direct allocation
page execute and read and write
304000
heap
page read and write
4C60000
direct allocation
page execute and read and write
1004000
heap
page read and write
11000
unkown
page execute and write copy
330000
unkown
page execute and write copy
BC4000
heap
page read and write
5C40000
heap
page read and write
351E000
stack
page read and write
3B0F000
stack
page read and write
463F000
stack
page read and write
11000
unkown
page execute and write copy
48E1000
heap
page read and write
96E000
stack
page read and write
304000
heap
page read and write
4760000
trusted library allocation
page read and write
50EE000
stack
page read and write
3F0000
unkown
page readonly
48E1000
heap
page read and write
6AB000
heap
page read and write
1004000
heap
page read and write
4B51000
direct allocation
page read and write
1004000
heap
page read and write
3D8F000
stack
page read and write
1D8D6000
heap
page read and write
273E000
stack
page read and write
3A8F000
stack
page read and write
E0F000
heap
page read and write
4E01000
heap
page read and write
6A01000
heap
page read and write
1D90E000
heap
page read and write
6A01000
heap
page read and write
2FFE000
stack
page read and write
4AD0000
direct allocation
page execute and read and write
4AC0000
direct allocation
page execute and read and write
7B000
unkown
page execute and read and write
CFE000
stack
page read and write
B10000
direct allocation
page read and write
5E2C000
stack
page read and write
D4E000
heap
page read and write
6CD8E000
unkown
page read and write
6A01000
heap
page read and write
DE0000
heap
page read and write
398E000
stack
page read and write
418E000
stack
page read and write
1D8D5000
heap
page read and write
1D8ED000
heap
page read and write
657F000
stack
page read and write
48E1000
heap
page read and write
67BF000
stack
page read and write
14AA000
heap
page read and write
4F3E000
stack
page read and write
28A0000
heap
page read and write
2D7E000
stack
page read and write
4F60000
direct allocation
page execute and read and write
60FF000
stack
page read and write
48E1000
heap
page read and write
1D8D7000
heap
page read and write
4E01000
heap
page read and write
325F000
stack
page read and write
3140000
direct allocation
page read and write
304000
heap
page read and write
4351000
heap
page read and write
61ECD000
direct allocation
page readonly
167B000
unkown
page execute and write copy
4F0000
heap
page read and write
DE0000
heap
page read and write
304000
heap
page read and write
330000
unkown
page execute and read and write
E14000
heap
page read and write
304000
heap
page read and write
69FF000
stack
page read and write
7A7000
unkown
page write copy
6A01000
heap
page read and write
4E01000
heap
page read and write
A34000
heap
page read and write
1D90E000
heap
page read and write
6A01000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
1004000
heap
page read and write
1D906000
heap
page read and write
1D8F1000
heap
page read and write
4C70000
direct allocation
page execute and read and write
19B000
stack
page read and write
348E000
stack
page read and write
277E000
stack
page read and write
10000
unkown
page read and write
334E000
stack
page read and write
12F1000
unkown
page execute and read and write
D9E000
heap
page read and write
4B9E000
stack
page read and write
FEC000
stack
page read and write
48E1000
heap
page read and write
29BE000
stack
page read and write
1004000
heap
page read and write
12FE000
stack
page read and write
D90000
heap
page read and write
6A01000
heap
page read and write
6A01000
heap
page read and write
E33000
heap
page read and write
4F20000
direct allocation
page execute and read and write
4970000
direct allocation
page execute and read and write
404E000
stack
page read and write
4E01000
heap
page read and write
B10000
direct allocation
page read and write
28E0000
direct allocation
page read and write
304000
heap
page read and write
583E000
stack
page read and write
394F000
stack
page read and write
9CE000
stack
page read and write
4A5E000
stack
page read and write
42CE000
stack
page read and write
396E000
stack
page read and write
304000
heap
page read and write
39DF000
stack
page read and write
71C0000
direct allocation
page execute and read and write
1D900000
heap
page read and write
2A91C000
stack
page read and write
12EA000
unkown
page execute and read and write
D86000
heap
page read and write
1D8F1000
heap
page read and write
48E1000
heap
page read and write
79000
unkown
page write copy
9E0000
direct allocation
page read and write
304000
heap
page read and write
304000
heap
page read and write
4E01000
heap
page read and write
3EBF000
stack
page read and write
28E0000
direct allocation
page read and write
4980000
direct allocation
page execute and read and write
4970000
direct allocation
page execute and read and write
304000
heap
page read and write
4D0000
heap
page read and write
7B000
unkown
page execute and read and write
28D0000
heap
page read and write
288F000
stack
page read and write
6A01000
heap
page read and write
4C40000
direct allocation
page execute and read and write
1D5DF000
stack
page read and write
4DE0000
heap
page read and write
CFE000
stack
page read and write
4E01000
heap
page read and write
955000
unkown
page execute and read and write
9E0000
direct allocation
page read and write
330000
unkown
page execute and read and write
1D8F1000
heap
page read and write
4CE0000
direct allocation
page execute and read and write
61ED0000
direct allocation
page read and write
4E01000
heap
page read and write
4E01000
heap
page read and write
862B000
stack
page read and write
30CE000
stack
page read and write
7110000
direct allocation
page execute and read and write
48CF000
stack
page read and write
209000
unkown
page execute and read and write
459000
unkown
page write copy
10000
unkown
page readonly
9E0000
direct allocation
page read and write
3637000
heap
page read and write
4E01000
heap
page read and write
4D70000
direct allocation
page read and write
9C000
stack
page read and write
570000
heap
page read and write
9A8000
unkown
page read and write
43DF000
stack
page read and write
E2E000
heap
page read and write
304000
heap
page read and write
7140000
direct allocation
page execute and read and write
FF0000
heap
page read and write
3B4E000
stack
page read and write
79000
unkown
page write copy
2D4F000
stack
page read and write
4D5000
unkown
page execute and read and write
3EDF000
stack
page read and write
304000
heap
page read and write
E3A000
heap
page read and write
6A01000
heap
page read and write
304000
heap
page read and write
28E0000
direct allocation
page read and write
575000
heap
page read and write
304000
heap
page read and write
11000
unkown
page execute and write copy
48D0000
direct allocation
page read and write
A34000
heap
page read and write
5440000
direct allocation
page execute and read and write
1004000
heap
page read and write
304000
heap
page read and write
6A00000
heap
page read and write
44FF000
stack
page read and write
378E000
stack
page read and write
4D7000
unkown
page execute and write copy
1004000
heap
page read and write
9E0000
direct allocation
page read and write
48E1000
heap
page read and write
3B5E000
stack
page read and write
304000
heap
page read and write
300E000
stack
page read and write
3140000
direct allocation
page read and write
3150000
heap
page read and write
EB6000
heap
page read and write
1004000
heap
page read and write
304000
heap
page read and write
304000
heap
page read and write
1A7FF000
stack
page read and write
4970000
direct allocation
page execute and read and write
29C7000
heap
page read and write
344F000
stack
page read and write
72000
unkown
page execute and read and write
2AAF000
stack
page read and write
1004000
heap
page read and write
1004000
heap
page read and write
4A2F000
stack
page read and write
30FF000
stack
page read and write
30AE000
stack
page read and write
6A01000
heap
page read and write
4A60000
direct allocation
page execute and read and write
1A6BF000
stack
page read and write
4E01000
heap
page read and write
40CF000
stack
page read and write
8B5000
unkown
page execute and read and write
4640000
heap
page read and write
9BA000
unkown
page readonly
4E01000
heap
page read and write
23DBF000
heap
page read and write
1A57F000
stack
page read and write
613E000
stack
page read and write
7100000
direct allocation
page execute and read and write
1004000
heap
page read and write
48E1000
heap
page read and write
2EB000
unkown
page execute and read and write
373F000
stack
page read and write
304000
heap
page read and write
E33000
heap
page read and write
23AD0000
heap
page read and write
7250000
heap
page read and write
B0E000
stack
page read and write
1D8CF000
heap
page read and write
5D50000
heap
page read and write
10000
unkown
page readonly
65A000
heap
page read and write
3630000
heap
page read and write
5EBF000
stack
page read and write
575E000
stack
page read and write
304000
heap
page read and write
BE1000
unkown
page execute and read and write
289E000
stack
page read and write
392F000
stack
page read and write
61ECC000
direct allocation
page read and write
304000
heap
page read and write
3B1F000
stack
page read and write
28E0000
direct allocation
page read and write
2E4E000
stack
page read and write
4E01000
heap
page read and write
3140000
direct allocation
page read and write
300000
heap
page read and write
52C6000
direct allocation
page read and write
306F000
stack
page read and write
304000
heap
page read and write
673E000
stack
page read and write
E0F000
heap
page read and write
4E01000
heap
page read and write
304000
heap
page read and write
4F00000
trusted library allocation
page read and write
4F30000
direct allocation
page execute and read and write
1D8F1000
heap
page read and write
4970000
direct allocation
page execute and read and write
3D2E000
stack
page read and write
3140000
direct allocation
page read and write
51EF000
stack
page read and write
E02000
heap
page read and write
4AA0000
direct allocation
page execute and read and write
3620000
direct allocation
page read and write
E0A000
heap
page read and write
1D90E000
heap
page read and write
EA9000
heap
page read and write
6A01000
heap
page read and write
BE0000
unkown
page readonly
48E0000
heap
page read and write
40EE000
stack
page read and write
DE0000
heap
page read and write
872C000
stack
page read and write
304000
heap
page read and write
6228000
heap
page read and write
6CD90000
unkown
page read and write
E33000
heap
page read and write
E79000
heap
page read and write
6CB9E000
unkown
page read and write
6A01000
heap
page read and write
4E01000
heap
page read and write
5D3E000
stack
page read and write
410E000
stack
page read and write
304000
heap
page read and write
1004000
heap
page read and write
6A01000
heap
page read and write
304000
heap
page read and write
4990000
direct allocation
page execute and read and write
4E01000
heap
page read and write
7FE000
unkown
page read and write
48D0000
direct allocation
page read and write
1D8EA000
heap
page read and write
B10000
direct allocation
page read and write
There are 1504 hidden memdumps, click here to show them.