IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsBAEHIEBGHD.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFHDAKJKFCFBGCBGDHCBAFCAKE
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\AFIDGDBGCAAFIDHIJKEH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\CGIEBAFHJJDBGCAKJJKF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EBFBFBFI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\EHCFBFBAEBKJKEBGCAEH
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\JEHIJJKEGHJJKECBKECFIIDBKK
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KFIIJJJD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\14d8c38f-05ac-4f8a-92da-8f6bf3b002c2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2e0d1a4e-6d2c-40aa-a437-0f83feb1c37c.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3b9fed17-ebc3-4550-b6be-6b6d1b0fe9c1.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3fb1b316-42f7-47d0-8405-fb33f4448f6e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\61a1a764-bedf-4eed-a6a3-68cfbd9f9651.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\91b2005a-d1cb-4652-a63e-f354d5f86d26.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\fbbc84dd-801b-46dc-8a87-42cb79f85447.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673E230D-1E44.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\07c09778-5f3f-46e5-bb98-5e1fb2cea3f7.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0e51d4cc-965b-418d-a8cd-5c9c533cfa90.tmp
ASCII text, with very long lines (17608), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\116f9d40-b123-443a-9c52-05f1f66a7d18.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\128afa37-6152-4098-8cf7-7f9b517daefa.tmp
ASCII text, with very long lines (17258), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\723db808-87cf-481a-8cf0-8e13877042da.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\76a97006-1174-4929-a18f-212f57c6c07a.tmp
ASCII text, with very long lines (17608), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\99e3a18d-7bf6-49f8-bb52-73e8dc9cc88e.tmp
ASCII text, with very long lines (17443), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\450f7fb7-d6bb-4150-a2b6-a474a5b3f332.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4eb14ff2-3044-42b7-96f5-8fd4ea03ffcc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\54026c71-88bc-482d-a534-52394a3e5ab5.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6d025a7f-c4fb-4a8b-9319-3b4f2fc8673e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ecbd8d4-6a2e-4c2b-8f70-6e791e85aeb8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4cd7e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3bd56.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3d301.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c9dbd2fa-21fa-42a0-a000-5c3d53ab6dc2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40115.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4293f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF462ec.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b9a7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3f9f1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF44216.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376599056117058
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\20a60e92-58d0-4891-ab49-ed8eeb1b9983.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3ad76fa5-a62b-4411-a06d-b395c3bc9cc9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3fcf97cd-2696-474a-802e-469b1668891f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3d301.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b7384738-31c5-4248-92b8-ef1f3f03108b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b3c81739-dac9-47aa-9d74-5216752ec4f8.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b9a9cccd-1349-4e6d-b84b-6f55af47388e.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d56de107-b5d4-4eb7-b187-dc6af64bdfd8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a73d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a74d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a912.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3cf76.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4150b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b988.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF518cf.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b82b3833-b7db-4121-bb1a-b694651c29de.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\efd5c829-4604-4fff-bda8-41b28d728112.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\1007721001\dc5edaf639.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\27ee6616-5531-43a0-865b-d07e5fbde27e.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\28ec87d1-a3ce-499e-a493-ee1862c4bb11.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\29028309-c421-41b9-9184-700f4842780d.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\6e84a571-9b0e-4430-8281-6c5e030038ad.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\ac1f07fc-631c-45dc-9fa7-0b9d39d2e0e7.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\c6ca8f15-03ea-4aeb-a033-66522c9e0584.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\e1d0665f-3913-44f4-bb59-1113fd6f9a6c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_1612770968\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_1612770968\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_1612770968\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_1612770968\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_1612770968\c6ca8f15-03ea-4aeb-a033-66522c9e0584.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7748_822109041\e1d0665f-3913-44f4-bb59-1113fd6f9a6c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 508
ASCII text, with very long lines (3513)
downloaded
Chrome Cache Entry: 509
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 510
ASCII text
downloaded
Chrome Cache Entry: 511
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 512
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 513
SVG Scalable Vector Graphics image
downloaded
There are 280 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2192,i,12616498222566698575,857865143827692260,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2272,i,8644300524140361366,6652659034351590865,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2036,i,11321964657895670609,3347667301527403325,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6656 --field-trial-handle=2036,i,11321964657895670609,3347667301527403325,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6812 --field-trial-handle=2036,i,11321964657895670609,3347667301527403325,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3632 --field-trial-handle=2036,i,11321964657895670609,3347667301527403325,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3632 --field-trial-handle=2036,i,11321964657895670609,3347667301527403325,262144 /prefetch:8
malicious
C:\Users\user\DocumentsBAEHIEBGHD.exe
"C:\Users\user\DocumentsBAEHIEBGHD.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6036 --field-trial-handle=2036,i,11321964657895670609,3347667301527403325,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsBAEHIEBGHD.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 7 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
http://31.41.244.11/files/random.exe1007721001J
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://31.41.244.11/files/random.exe50623
unknown
http://31.41.244.11/files/random.exe5E
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllh~~
unknown
https://sb.scorecardresearch.com/
unknown
http://31.41.244.11/files/random.exe3
unknown
http://31.41.244.11/files/random.exe1
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://31.41.244.11/
unknown
http://31.41.244.11/files/random.exeem32
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://sb.scorecardresearch.com/b2?rn=1732125470383&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=28E93D09C21660CD09BC2834C3746145&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.219.84
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll)
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll;
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.68
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://sb.scorecardresearch.com/b?rn=1732125470383&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=28E93D09C21660CD09BC2834C3746145&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.219.84
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732125476227&w=0&anoncknm=app_anon&NoResponseBody=true
13.69.116.107
https://mozilla.org0/
unknown
http://185.215.113.43/Zu7JuNko/index.phpyu
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://185.215.113.206/c4becf79229cb002.php-
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239360264303_1FV8HLP8B8WOIRSCV&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://drive-daily-1.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php1
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllf
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
http://31.41.244.11//Zu7JuNko/index.php
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
http://31.41.244.11/215.113.43/Zu7JuNko/index.php
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
23.44.203.27
https://www.msn.com/web-notification-icon-light.png
unknown
http://31.41.244.11/files/random.exe3b31
unknown
https://c.msn.com/c.gif?rnd=1732125470382&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=ccd0fd7b3902437281037ab16e9a62fd&activityId=ccd0fd7b3902437281037ab16e9a62fd&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F4F88F636E6E4E9EBBDD3FA481D47ECA&MUID=28E93D09C21660CD09BC2834C3746145
20.110.205.119
https://chromewebstore.google.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
http://185.215.113.206s
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732125477223&w=0&anoncknm=app_anon&NoResponseBody=true
13.69.116.107
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
http://31.41.244.11/files/random.exerlencodedX
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://185.215.113.206/c4becf79229cb002.phpIEBGHD.exeata;
unknown
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.181.78
play.google.com
172.217.19.238
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.110
www.google.com
142.250.181.68
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
142.250.181.65
ax-0001.ax-msedge.net
150.171.27.10
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
There are 4 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
13.107.246.40
unknown
United States
23.96.180.189
unknown
United States
152.195.19.97
unknown
United States
192.168.2.7
unknown
unknown
162.159.61.3
unknown
United States
23.44.203.85
unknown
United States
142.250.181.68
www.google.com
United States
20.110.205.119
unknown
United States
23.44.203.27
unknown
United States
204.79.197.219
unknown
United States
142.250.181.65
googlehosted.l.googleusercontent.com
United States
18.173.219.84
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
31.41.244.11
unknown
Russian Federation
13.107.21.237
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
185.215.113.16
unknown
Portugal
2.16.158.88
unknown
European Union
239.255.255.250
unknown
Reserved
23.44.203.90
unknown
United States
192.168.2.13
unknown
unknown
192.168.2.14
unknown
unknown
23.44.203.79
unknown
United States
104.117.182.18
unknown
United States
142.250.181.78
plus.l.google.com
United States
127.0.0.1
unknown
unknown
23.44.203.78
unknown
United States
13.69.116.107
unknown
United States
There are 22 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197722
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197722
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197722
WindowTabManagerFileMappingId
There are 96 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5180000
direct allocation
page read and write
 malicious
D01000
unkown
page execute and read and write
 malicious
D01000
unkown
page execute and read and write
 malicious
621000
unkown
page execute and read and write
 malicious
D91000
unkown
page execute and read and write
 malicious
11CE000
heap
page read and write
 malicious
4BE0000
direct allocation
page read and write
 malicious
48A0000
direct allocation
page read and write
 malicious
4FC0000
direct allocation
page read and write
 malicious
11B4000
heap
page read and write
34EE000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
1D73C000
heap
page read and write
59BF000
stack
page read and write
4CF1000
heap
page read and write
2B70000
direct allocation
page execute and read and write
4FC0000
direct allocation
page read and write
86A000
unkown
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
3CBE000
stack
page read and write
5B4D000
stack
page read and write
964000
heap
page read and write
128D000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
965000
heap
page read and write
4CF2000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CE0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
3A3E000
stack
page read and write
1D752000
heap
page read and write
4CF1000
heap
page read and write
3037000
heap
page read and write
4761000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
32BE000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
61E00000
direct allocation
page execute and read and write
964000
heap
page read and write
4761000
heap
page read and write
7230000
heap
page read and write
964000
heap
page read and write
A6A000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1363000
heap
page read and write
403F000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4D00000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
2B2E000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
4B40000
heap
page read and write
2B9E000
heap
page read and write
5380000
direct allocation
page execute and read and write
964000
heap
page read and write
B26000
heap
page read and write
964000
heap
page read and write
D00000
unkown
page read and write
1D752000
heap
page read and write
AD7000
heap
page read and write
376E000
stack
page read and write
50E000
heap
page read and write
30EF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
ABE000
heap
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
D90000
unkown
page readonly
964000
heap
page read and write
11A0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4411000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
965000
heap
page read and write
7A0000
heap
page read and write
964000
heap
page read and write
5180000
direct allocation
page execute and read and write
6612000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
1D760000
heap
page read and write
11A0000
direct allocation
page read and write
11B4000
heap
page read and write
5120000
heap
page read and write
964000
heap
page read and write
A30000
direct allocation
page read and write
AC9000
unkown
page execute and read and write
6EC000
unkown
page execute and read and write
964000
heap
page read and write
1D71F000
heap
page read and write
52BF000
stack
page read and write
1D729000
heap
page read and write
4B31000
heap
page read and write
54EE000
stack
page read and write
964000
heap
page read and write
88CE000
stack
page read and write
11B4000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D4AD000
stack
page read and write
4CF1000
heap
page read and write
4A20000
direct allocation
page execute and read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
2C7E000
stack
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
363F000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
AB0000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
2DBE000
stack
page read and write
964000
heap
page read and write
626E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
AFD000
heap
page read and write
964000
heap
page read and write
3CBE000
stack
page read and write
61ED0000
direct allocation
page read and write
964000
heap
page read and write
4B30000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
B33000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
11A0000
direct allocation
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
6CBD5000
unkown
page readonly
4B31000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
6CBCF000
unkown
page write copy
964000
heap
page read and write
4761000
heap
page read and write
1D09F000
stack
page read and write
117E000
stack
page read and write
965000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
A50000
direct allocation
page read and write
4761000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
11B4000
heap
page read and write
965000
heap
page read and write
4B31000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
113E000
stack
page read and write
4761000
heap
page read and write
965000
heap
page read and write
1D72B000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
1002000
unkown
page execute and read and write
4CF0000
heap
page read and write
A30000
direct allocation
page read and write
1D75A000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
B33000
heap
page read and write
23B01000
heap
page read and write
237E0000
heap
page read and write
23821000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
1298000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
5390000
direct allocation
page execute and read and write
1D713000
heap
page read and write
964000
heap
page read and write
86C000
unkown
page execute and read and write
D69000
unkown
page write copy
964000
heap
page read and write
4761000
heap
page read and write
4A20000
direct allocation
page execute and read and write
B01000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
A30000
direct allocation
page read and write
4CC0000
heap
page read and write
1277000
heap
page read and write
4761000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
1D21E000
stack
page read and write
964000
heap
page read and write
61EB4000
direct allocation
page read and write
5FEE000
stack
page read and write
313F000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
402E000
stack
page read and write
73B1000
heap
page read and write
964000
heap
page read and write
349F000
stack
page read and write
11B4000
heap
page read and write
4761000
heap
page read and write
B46000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4CE0000
direct allocation
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
4A00000
direct allocation
page execute and read and write
4400000
direct allocation
page read and write
4B2F000
stack
page read and write
964000
heap
page read and write
5360000
direct allocation
page execute and read and write
417F000
stack
page read and write
4761000
heap
page read and write
4860000
trusted library allocation
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4B31000
heap
page read and write
1D752000
heap
page read and write
964000
heap
page read and write
A30000
direct allocation
page read and write
4761000
heap
page read and write
964000
heap
page read and write
73BE000
heap
page read and write
4CF1000
heap
page read and write
1D72F000
heap
page read and write
B2C000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D73C000
heap
page read and write
429E000
stack
page read and write
4761000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
264E000
stack
page read and write
407E000
stack
page read and write
964000
heap
page read and write
4CE0000
direct allocation
page read and write
5160000
direct allocation
page execute and read and write
4A20000
direct allocation
page execute and read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
DB0000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
3C6E000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4B31000
heap
page read and write
39FF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
ABE000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4FC0000
direct allocation
page read and write
4761000
heap
page read and write
ABD000
heap
page read and write
12FE000
stack
page read and write
C5E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
CA8000
unkown
page execute and write copy
964000
heap
page read and write
43AF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
1D752000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1D745000
heap
page read and write
964000
heap
page read and write
4B7F000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
B36000
heap
page read and write
4B31000
heap
page read and write
1018000
unkown
page execute and read and write
4CE0000
direct allocation
page read and write
4CBF000
stack
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
950000
heap
page read and write
964000
heap
page read and write
35DF000
stack
page read and write
964000
heap
page read and write
ADF000
heap
page read and write
B0C000
unkown
page execute and write copy
964000
heap
page read and write
2EFE000
stack
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
2B70000
direct allocation
page execute and read and write
DFB000
unkown
page execute and read and write
4CF1000
heap
page read and write
964000
heap
page read and write
AFD000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D72D000
heap
page read and write
29BF000
stack
page read and write
4761000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
7238000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
6026000
heap
page read and write
964000
heap
page read and write
600000
heap
page read and write
964000
heap
page read and write
1D72F000
heap
page read and write
964000
heap
page read and write
12BD000
stack
page read and write
1D745000
heap
page read and write
D00000
unkown
page read and write
4761000
heap
page read and write
1D752000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
1D73C000
heap
page read and write
1D73F000
heap
page read and write
4C1C000
stack
page read and write
964000
heap
page read and write
965000
heap
page read and write
1D745000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
B2C000
heap
page read and write
63B000
stack
page read and write
9AE000
stack
page read and write
4761000
heap
page read and write
4A20000
direct allocation
page execute and read and write
586E000
stack
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
4A90000
direct allocation
page execute and read and write
4761000
heap
page read and write
11B4000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
335F000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
325E000
stack
page read and write
4B31000
heap
page read and write
4761000
heap
page read and write
1214000
heap
page read and write
86A000
unkown
page write copy
139A000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CE0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4A20000
direct allocation
page execute and read and write
964000
heap
page read and write
1D745000
heap
page read and write
4B31000
heap
page read and write
1D73B000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
B01000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
D6B000
unkown
page execute and read and write
964000
heap
page read and write
11A0000
direct allocation
page read and write
D00000
unkown
page readonly
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
2B70000
direct allocation
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4D70000
direct allocation
page execute and read and write
367E000
stack
page read and write
1D745000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4A30000
direct allocation
page execute and read and write
33AE000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
4400000
direct allocation
page read and write
1D752000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4510000
trusted library allocation
page read and write
1D745000
heap
page read and write
82F000
stack
page read and write
1D737000
heap
page read and write
4761000
heap
page read and write
1D70E000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4CE0000
direct allocation
page read and write
610000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4411000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
5C4C000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
11B8000
unkown
page execute and write copy
353E000
stack
page read and write
1246000
unkown
page execute and read and write
3C2F000
stack
page read and write
43DE000
stack
page read and write
493E000
stack
page read and write
4D80000
direct allocation
page execute and read and write
4FC0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
43EE000
stack
page read and write
4761000
heap
page read and write
58BE000
stack
page read and write
1288000
heap
page read and write
B2D000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
4F80000
heap
page read and write
964000
heap
page read and write
1320000
heap
page read and write
4761000
heap
page read and write
2FDF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
55EF000
stack
page read and write
1D758000
heap
page read and write
6C9F1000
unkown
page execute read
4761000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
3030000
heap
page read and write
964000
heap
page read and write
23AF9000
heap
page read and write
4761000
heap
page read and write
965000
heap
page read and write
4D40000
direct allocation
page execute and read and write
303E000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
4B31000
heap
page read and write
51E1000
direct allocation
page read and write
1285000
heap
page read and write
964000
heap
page read and write
636F000
stack
page read and write
964000
heap
page read and write
1D760000
heap
page read and write
964000
heap
page read and write
6CBD0000
unkown
page read and write
964000
heap
page read and write
93E000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1D73F000
heap
page read and write
964000
heap
page read and write
401E000
stack
page read and write
4761000
heap
page read and write
4B31000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
65F0000
heap
page read and write
4CF1000
heap
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
2D7F000
stack
page read and write
AD7000
heap
page read and write
964000
heap
page read and write
D69000
unkown
page write copy
964000
heap
page read and write
52E0000
direct allocation
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
61ECD000
direct allocation
page readonly
38BF000
stack
page read and write
964000
heap
page read and write
4FF6000
direct allocation
page read and write
11B4000
heap
page read and write
1D73D000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D741000
heap
page read and write
964000
heap
page read and write
312E000
stack
page read and write
4761000
heap
page read and write
4D20000
direct allocation
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
1D737000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
D80000
direct allocation
page execute and read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
1288000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
D6B000
unkown
page execute and read and write
A30000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
50A000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1CF5E000
stack
page read and write
6C9CD000
unkown
page readonly
964000
heap
page read and write
11B4000
heap
page read and write
DA0000
heap
page read and write
964000
heap
page read and write
1D737000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
B36000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4D50000
direct allocation
page execute and read and write
964000
heap
page read and write
4761000
heap
page read and write
238AD000
heap
page read and write
964000
heap
page read and write
DF9000
unkown
page write copy
439F000
stack
page read and write
4B31000
heap
page read and write
49EF000
stack
page read and write
2C3F000
stack
page read and write
4761000
heap
page read and write
327F000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
3EFF000
stack
page read and write
4761000
heap
page read and write
377F000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
FD3000
unkown
page execute and read and write
4761000
heap
page read and write
964000
heap
page read and write
1D73C000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
11A0000
direct allocation
page read and write
4901000
direct allocation
page read and write
964000
heap
page read and write
965000
heap
page read and write
1D745000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D752000
heap
page read and write
965000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D745000
heap
page read and write
3AEF000
stack
page read and write
4B31000
heap
page read and write
4761000
heap
page read and write
426F000
stack
page read and write
39EE000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
2D6E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
4A2E000
stack
page read and write
4761000
heap
page read and write
11A0000
direct allocation
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
D3C000
stack
page read and write
1D729000
heap
page read and write
11B4000
heap
page read and write
1D75A000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
3A3E000
stack
page read and write
964000
heap
page read and write
1D0DE000
stack
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
339E000
stack
page read and write
1009000
unkown
page execute and read and write
23B01000
heap
page read and write
417F000
stack
page read and write
964000
heap
page read and write
1D73D000
heap
page read and write
326E000
stack
page read and write
1D710000
heap
page read and write
1D75D000
heap
page read and write
3FDF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
621000
unkown
page execute and write copy
EFC000
unkown
page execute and read and write
4761000
heap
page read and write
D90000
unkown
page read and write
5B0D000
stack
page read and write
3C7F000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1D73C000
heap
page read and write
23AFB000
heap
page read and write
4761000
heap
page read and write
AFD000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
43FF000
stack
page read and write
965000
heap
page read and write
4A50000
direct allocation
page execute and read and write
4761000
heap
page read and write
964000
heap
page read and write
1D745000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
4CF1000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
4CF1000
heap
page read and write
4400000
direct allocation
page read and write
4CE0000
direct allocation
page read and write
2D9F000
stack
page read and write
4761000
heap
page read and write
13C000
stack
page read and write
10A8000
unkown
page execute and read and write
965000
heap
page read and write
DF2000
unkown
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
1D748000
heap
page read and write
965000
heap
page read and write
11B4000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
FD3000
unkown
page execute and read and write
2B90000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
4D90000
direct allocation
page execute and read and write
4B31000
heap
page read and write
964000
heap
page read and write
4D30000
direct allocation
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
52F0000
direct allocation
page execute and read and write
462F000
stack
page read and write
965000
heap
page read and write
4761000
heap
page read and write
4D1F000
stack
page read and write
1CF9E000
stack
page read and write
2EDE000
stack
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
B2C000
heap
page read and write
416E000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
129F000
heap
page read and write
4CF1000
heap
page read and write
23800000
heap
page read and write
5300000
direct allocation
page execute and read and write
4761000
heap
page read and write
3B3F000
stack
page read and write
321F000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
38BF000
stack
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
1D721000
heap
page read and write
34FF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4A7E000
stack
page read and write
2AEF000
stack
page read and write
516C000
stack
page read and write
964000
heap
page read and write
5180000
direct allocation
page read and write
964000
heap
page read and write
137E000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
6A4000
unkown
page execute and read and write
964000
heap
page read and write
D62000
unkown
page execute and read and write
451E000
stack
page read and write
4A3F000
stack
page read and write
622F000
stack
page read and write
1D742000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D46D000
stack
page read and write
1D73C000
heap
page read and write
6C9F0000
unkown
page readonly
4761000
heap
page read and write
CA7000
unkown
page execute and read and write
23AF3000
heap
page read and write
5150000
direct allocation
page execute and read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
5350000
direct allocation
page execute and read and write
4CE0000
direct allocation
page read and write
4C41000
direct allocation
page read and write
4761000
heap
page read and write
4B46000
heap
page read and write
964000
heap
page read and write
37BE000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
42FE000
stack
page read and write
965000
heap
page read and write
4761000
heap
page read and write
3EEE000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
4400000
direct allocation
page read and write
1D1DF000
stack
page read and write
1D760000
heap
page read and write
2F9F000
stack
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
11B4000
heap
page read and write
1D73C000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
5D0E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
B01000
heap
page read and write
964000
heap
page read and write
858000
unkown
page execute and read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
965000
heap
page read and write
3B7E000
stack
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
2A771000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
965000
heap
page read and write
11B4000
heap
page read and write
1D870000
trusted library allocation
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
A30000
direct allocation
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
B1E000
heap
page read and write
238B9000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D36D000
stack
page read and write
237E0000
trusted library allocation
page read and write
4761000
heap
page read and write
964000
heap
page read and write
38FE000
stack
page read and write
964000
heap
page read and write
4A60000
direct allocation
page execute and read and write
4411000
heap
page read and write
5130000
direct allocation
page execute and read and write
11B4000
heap
page read and write
965000
heap
page read and write
3F3E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
AFD000
heap
page read and write
3EAF000
stack
page read and write
B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
1D716000
heap
page read and write
A30000
direct allocation
page read and write
2A5C0000
heap
page read and write
412F000
stack
page read and write
35EF000
stack
page read and write
64EB000
stack
page read and write
3EFF000
stack
page read and write
4761000
heap
page read and write
1D741000
heap
page read and write
301B000
stack
page read and write
964000
heap
page read and write
386F000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
10FE000
stack
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
11CA000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
11A0000
direct allocation
page read and write
9EB000
unkown
page execute and read and write
11A0000
direct allocation
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1D744000
heap
page read and write
B29000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
1D759000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
238E0000
trusted library allocation
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
23842000
heap
page read and write
965000
heap
page read and write
1D73B000
heap
page read and write
411F000
stack
page read and write
4761000
heap
page read and write
2FAF000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
313F000
stack
page read and write
11A0000
direct allocation
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
44DF000
stack
page read and write
4C30000
trusted library allocation
page read and write
964000
heap
page read and write
4761000
heap
page read and write
362E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
375E000
stack
page read and write
4761000
heap
page read and write
4B31000
heap
page read and write
132B000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
620000
unkown
page read and write
4761000
heap
page read and write
965000
heap
page read and write
11B4000
heap
page read and write
10F8000
stack
page read and write
B01000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
CA0000
heap
page read and write
4761000
heap
page read and write
9EC000
stack
page read and write
965000
heap
page read and write
AAA000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
2B70000
direct allocation
page execute and read and write
5340000
direct allocation
page execute and read and write
4761000
heap
page read and write
1D72B000
heap
page read and write
72E000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
A30000
direct allocation
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4B50000
heap
page read and write
964000
heap
page read and write
6A30000
trusted library allocation
page read and write
D62000
unkown
page execute and read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
2677000
heap
page read and write
4761000
heap
page read and write
443E000
stack
page read and write
960000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
3DBF000
stack
page read and write
1D760000
heap
page read and write
2E9F000
stack
page read and write
11C0000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4BBE000
stack
page read and write
964000
heap
page read and write
377F000
stack
page read and write
1D871000
heap
page read and write
317E000
stack
page read and write
4761000
heap
page read and write
AFD000
unkown
page execute and read and write
48FF000
stack
page read and write
1D73D000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
120F000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D722000
heap
page read and write
964000
heap
page read and write
A6E000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
148E000
stack
page read and write
964000
heap
page read and write
B46000
heap
page read and write
1D760000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
6C9DE000
unkown
page read and write
5120000
direct allocation
page execute and read and write
4400000
direct allocation
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
B0D000
unkown
page execute and write copy
11B4000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
5A0D000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
A60000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CE0000
direct allocation
page read and write
4761000
heap
page read and write
964000
heap
page read and write
371F000
stack
page read and write
964000
heap
page read and write
385F000
stack
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
F8C000
unkown
page execute and read and write
1D759000
heap
page read and write
48EE000
stack
page read and write
11B4000
heap
page read and write
11B4000
heap
page read and write
4761000
heap
page read and write
657000
unkown
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
41BE000
stack
page read and write
D91000
unkown
page execute and write copy
5300000
direct allocation
page execute and read and write
4D10000
heap
page read and write
572F000
stack
page read and write
5300000
direct allocation
page execute and read and write
38AE000
stack
page read and write
964000
heap
page read and write
238E0000
trusted library allocation
page read and write
965000
heap
page read and write
3D5F000
stack
page read and write
4400000
direct allocation
page read and write
3020000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4411000
heap
page read and write
D00000
unkown
page readonly
AD6000
heap
page read and write
4761000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
11B4000
heap
page read and write
4B31000
heap
page read and write
452E000
stack
page read and write
3D6F000
stack
page read and write
964000
heap
page read and write
453F000
stack
page read and write
1D752000
heap
page read and write
4761000
heap
page read and write
237E0000
trusted library allocation
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
46BE000
stack
page read and write
964000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
4400000
direct allocation
page read and write
4DF0000
trusted library allocation
page read and write
964000
heap
page read and write
D69000
unkown
page write copy
353E000
stack
page read and write
4CF1000
heap
page read and write
C3C000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
DFB000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
1D73C000
heap
page read and write
47BF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
AE3000
heap
page read and write
964000
heap
page read and write
361E000
stack
page read and write
DF7000
heap
page read and write
4761000
heap
page read and write
A30000
direct allocation
page read and write
964000
heap
page read and write
562E000
stack
page read and write
4B31000
heap
page read and write
33BF000
stack
page read and write
4761000
heap
page read and write
880000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
38FE000
stack
page read and write
1D751000
heap
page read and write
4761000
heap
page read and write
2AFF000
stack
page read and write
23A5E000
stack
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
49DF000
stack
page read and write
964000
heap
page read and write
39FF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
11A0000
direct allocation
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
41BE000
stack
page read and write
5150000
direct allocation
page execute and read and write
4CF1000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
3B3F000
stack
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
CFE000
stack
page read and write
42AE000
stack
page read and write
964000
heap
page read and write
D5E000
stack
page read and write
39AF000
stack
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
1063000
unkown
page execute and read and write
964000
heap
page read and write
965000
heap
page read and write
2B3E000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
B36000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
28BE000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
47AE000
stack
page read and write
964000
heap
page read and write
4400000
direct allocation
page read and write
964000
heap
page read and write
48DE000
stack
page read and write
4761000
heap
page read and write
4B31000
heap
page read and write
DF9000
unkown
page write copy
476F000
stack
page read and write
4A40000
direct allocation
page execute and read and write
965000
heap
page read and write
D60000
direct allocation
page execute and read and write
6CB8F000
unkown
page readonly
11B8000
unkown
page execute and write copy
15EF000
stack
page read and write
1D752000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
16EF000
stack
page read and write
3DFE000
stack
page read and write
A30000
direct allocation
page read and write
367E000
stack
page read and write
3C7F000
stack
page read and write
4B31000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4AC0000
direct allocation
page execute and read and write
11B4000
heap
page read and write
964000
heap
page read and write
30DF000
stack
page read and write
964000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
A30000
direct allocation
page read and write
965000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
49F0000
direct allocation
page execute and read and write
47FE000
stack
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
475F000
stack
page read and write
457E000
stack
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
43FF000
stack
page read and write
48AF000
stack
page read and write
4B31000
heap
page read and write
2A770000
heap
page read and write
1092000
unkown
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
73B0000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
317E000
stack
page read and write
4761000
heap
page read and write
5170000
direct allocation
page execute and read and write
4FD000
stack
page read and write
964000
heap
page read and write
4A20000
direct allocation
page execute and read and write
4761000
heap
page read and write
964000
heap
page read and write
1D72B000
heap
page read and write
11B4000
heap
page read and write
48A0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
A30000
direct allocation
page read and write
964000
heap
page read and write
1D743000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
466E000
stack
page read and write
4761000
heap
page read and write
5330000
direct allocation
page execute and read and write
1018000
unkown
page execute and write copy
4D60000
direct allocation
page execute and read and write
2FDE000
stack
page read and write
964000
heap
page read and write
403F000
stack
page read and write
4761000
heap
page read and write
4400000
direct allocation
page read and write
964000
heap
page read and write
4761000
heap
page read and write
B0C000
unkown
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
D69000
unkown
page write copy
1D752000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
5140000
direct allocation
page execute and read and write
4761000
heap
page read and write
1D723000
heap
page read and write
3EDE000
stack
page read and write
3E9F000
stack
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
1D760000
heap
page read and write
A2E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
5E0F000
stack
page read and write
32BE000
stack
page read and write
1D722000
heap
page read and write
51BC000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
8EE000
stack
page read and write
964000
heap
page read and write
1002000
unkown
page execute and read and write
4B31000
heap
page read and write
4761000
heap
page read and write
4760000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
3FEF000
stack
page read and write
73C0000
heap
page read and write
4761000
heap
page read and write
73A000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
1300000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
3F3E000
stack
page read and write
965000
heap
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
B49000
heap
page read and write
1369000
heap
page read and write
964000
heap
page read and write
1D741000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
42BF000
stack
page read and write
336F000
stack
page read and write
1D752000
heap
page read and write
34DE000
stack
page read and write
73C0000
heap
page read and write
3B1E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
3B2E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
10F3000
stack
page read and write
964000
heap
page read and write
4A80000
direct allocation
page execute and read and write
1D721000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
6CBCE000
unkown
page read and write
DFE000
heap
page read and write
1B0000
heap
page read and write
964000
heap
page read and write
1D73D000
heap
page read and write
964000
heap
page read and write
ADA000
heap
page read and write
964000
heap
page read and write
B36000
heap
page read and write
158E000
stack
page read and write
4411000
heap
page read and write
29FE000
stack
page read and write
964000
heap
page read and write
4400000
direct allocation
page read and write
1248000
unkown
page execute and write copy
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
576E000
stack
page read and write
11B4000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
61EB7000
direct allocation
page readonly
4CF1000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
1018000
unkown
page execute and write copy
2B70000
direct allocation
page execute and read and write
964000
heap
page read and write
4CF1000
heap
page read and write
2A76C000
stack
page read and write
2A5AC000
stack
page read and write
4B31000
heap
page read and write
964000
heap
page read and write
A30000
direct allocation
page read and write
4761000
heap
page read and write
964000
heap
page read and write
3DFE000
stack
page read and write
1D745000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D745000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
6C950000
unkown
page readonly
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
D01000
unkown
page execute and write copy
964000
heap
page read and write
11A0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4AB0000
direct allocation
page execute and read and write
AF4000
unkown
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
4CE0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D745000
heap
page read and write
287F000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1D73E000
heap
page read and write
4B31000
heap
page read and write
467F000
stack
page read and write
4761000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
EFC000
unkown
page execute and read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
34FF000
stack
page read and write
1019000
unkown
page execute and write copy
4CF1000
heap
page read and write
1D72B000
heap
page read and write
4400000
direct allocation
page read and write
61ECC000
direct allocation
page read and write
4761000
heap
page read and write
53A0000
direct allocation
page execute and read and write
12A5000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
327F000
stack
page read and write
1D60D000
stack
page read and write
A50000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
4A10000
direct allocation
page execute and read and write
1292000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1D745000
heap
page read and write
65EC000
stack
page read and write
10A9000
unkown
page execute and write copy
4B31000
heap
page read and write
964000
heap
page read and write
2B97000
heap
page read and write
3DAE000
stack
page read and write
1D73D000
heap
page read and write
4761000
heap
page read and write
B25000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
2395E000
stack
page read and write
6C951000
unkown
page execute read
964000
heap
page read and write
11A0000
direct allocation
page read and write
964000
heap
page read and write
33FE000
stack
page read and write
1019000
unkown
page execute and write copy
964000
heap
page read and write
965000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1D72F000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
1D5AC000
stack
page read and write
964000
heap
page read and write
10A8000
unkown
page execute and write copy
4B31000
heap
page read and write
964000
heap
page read and write
DF0000
heap
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
1D758000
heap
page read and write
964000
heap
page read and write
B33000
heap
page read and write
964000
heap
page read and write
C80000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
B25000
heap
page read and write
407E000
stack
page read and write
510F000
stack
page read and write
964000
heap
page read and write
5300000
direct allocation
page execute and read and write
964000
heap
page read and write
D70000
direct allocation
page execute and read and write
2B70000
direct allocation
page execute and read and write
965000
heap
page read and write
389E000
stack
page read and write
964000
heap
page read and write
311E000
stack
page read and write
42BF000
stack
page read and write
4400000
direct allocation
page read and write
964000
heap
page read and write
11B0000
heap
page read and write
1D73D000
heap
page read and write
54AB000
stack
page read and write
964000
heap
page read and write
AD9000
heap
page read and write
2670000
heap
page read and write
2E6F000
stack
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4400000
direct allocation
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D745000
heap
page read and write
4761000
heap
page read and write
399F000
stack
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
277F000
stack
page read and write
1D739000
heap
page read and write
964000
heap
page read and write
11A0000
direct allocation
page read and write
964000
heap
page read and write
620000
unkown
page readonly
52D0000
direct allocation
page execute and read and write
4761000
heap
page read and write
964000
heap
page read and write
1D31F000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
965000
heap
page read and write
2A798000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
888C000
stack
page read and write
964000
heap
page read and write
3C5E000
stack
page read and write
964000
heap
page read and write
415E000
stack
page read and write
37BE000
stack
page read and write
4CE0000
direct allocation
page read and write
4CF1000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
465E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D722000
heap
page read and write
11A0000
direct allocation
page read and write
B33000
heap
page read and write
964000
heap
page read and write
3ADF000
stack
page read and write
964000
heap
page read and write
63AE000
stack
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
4CF1000
heap
page read and write
44EF000
stack
page read and write
461F000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
1190000
heap
page read and write
1D722000
heap
page read and write
3D9E000
stack
page read and write
4B31000
heap
page read and write
11B6000
unkown
page execute and read and write
5370000
direct allocation
page execute and read and write
4CF1000
heap
page read and write
322F000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4411000
heap
page read and write
2650000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4A70000
direct allocation
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
3DBF000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
B2C000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
11B4000
heap
page read and write
4CF1000
heap
page read and write
B2D000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
A30000
direct allocation
page read and write
2FEE000
stack
page read and write
965000
heap
page read and write
1D745000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
34AF000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4CF1000
heap
page read and write
4761000
heap
page read and write
6D5000
unkown
page execute and read and write
372F000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D760000
heap
page read and write
6000000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
4AA0000
direct allocation
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1D745000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
616000
heap
page read and write
AD9000
heap
page read and write
964000
heap
page read and write
4410000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
86E000
stack
page read and write
964000
heap
page read and write
4B31000
heap
page read and write
4761000
heap
page read and write
1367000
heap
page read and write
5320000
direct allocation
page execute and read and write
964000
heap
page read and write
B1E000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
D01000
unkown
page execute and write copy
2C9F000
stack
page read and write
11B4000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4CE0000
direct allocation
page read and write
964000
heap
page read and write
965000
heap
page read and write
1009000
unkown
page execute and read and write
4B31000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
64AF000
stack
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
965000
heap
page read and write
39DE000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
11B6000
unkown
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
1D760000
heap
page read and write
3B7E000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
3C1F000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
6025000
heap
page read and write
500000
heap
page read and write
964000
heap
page read and write
303D000
heap
page read and write
4B31000
heap
page read and write
4761000
heap
page read and write
1018000
unkown
page execute and read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
1A0000
heap
page read and write
AF9000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
2B6E000
stack
page read and write
4761000
heap
page read and write
1CE5E000
stack
page read and write
6C9E2000
unkown
page readonly
4CF1000
heap
page read and write
48A0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4CE0000
direct allocation
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
2FFF000
stack
page read and write
965000
heap
page read and write
964000
heap
page read and write
5300000
direct allocation
page execute and read and write
1229000
heap
page read and write
425F000
stack
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4B31000
heap
page read and write
1099000
unkown
page execute and read and write
964000
heap
page read and write
1D72B000
heap
page read and write
1D745000
heap
page read and write
965000
heap
page read and write
4761000
heap
page read and write
878B000
stack
page read and write
964000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
964000
heap
page read and write
2EBF000
stack
page read and write
964000
heap
page read and write
33FE000
stack
page read and write
33BF000
stack
page read and write
4761000
heap
page read and write
500C000
stack
page read and write
4B31000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
23A60000
trusted library allocation
page read and write
964000
heap
page read and write
4400000
direct allocation
page read and write
965000
heap
page read and write
1243000
heap
page read and write
4761000
heap
page read and write
11B4000
heap
page read and write
964000
heap
page read and write
61ED4000
direct allocation
page readonly
2EAC000
stack
page read and write
964000
heap
page read and write
1D72B000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4CF1000
heap
page read and write
5310000
direct allocation
page execute and read and write
964000
heap
page read and write
4CE0000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
61ED3000
direct allocation
page read and write
964000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
96E000
stack
page read and write
2B80000
direct allocation
page execute and read and write
5180000
direct allocation
page read and write
89CE000
stack
page read and write
AD9000
heap
page read and write
4761000
heap
page read and write
964000
heap
page read and write
4761000
heap
page read and write
CA5000
heap
page read and write
964000
heap
page read and write
61E01000
direct allocation
page execute read
66F0000
heap
page read and write
964000
heap
page read and write
964000
heap
page read and write
260E000
stack
page read and write
964000
heap
page read and write
363F000
stack
page read and write
787000
unkown
page execute and read and write
4F84000
heap
page read and write
964000
heap
page read and write
5300000
direct allocation
page execute and read and write
965000
heap
page read and write
B25000
heap
page read and write
42FD000
stack
page read and write
6020000
heap
page read and write
There are 1994 hidden memdumps, click here to show them.