IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsFHJKKECFIE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AKFHDBFI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\AKFHDBFIDAECAAAKEGDA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\AKKKFBGDHJKFHJJJJDGC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\BKKKFCFI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\DGDHJEGIEBFHDGDGHDHIEBKFHD
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EGIDAAFIEHIEHJKFHCAEGCBFHJ
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KFBGCAKFHCFHJKECFIID
ASCII text, with very long lines (1769), with CRLF line terminators
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\17af10ab-15da-402a-8fb1-b97fd0a68ad9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1a2248f8-51cb-4f65-a4b1-c95ed0de34a4.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\73ab8156-c481-4037-b048-76cec3679d94.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9402e034-16f6-46c3-b2cf-78d8c28312ca.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\b5602f85-ebe3-4bb2-a52b-29015303af4c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673E5ED7-1B70.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673E5ED8-1418.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0c3f5248-cb59-400b-8bec-b2d452e16910.tmp
Unicode text, UTF-8 text, with very long lines (17075), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1b6ffe30-3a18-415b-810c-667c0ba7d4b3.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\29a6a460-5fbd-4d4d-8d5b-3322a5db283e.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c823ee0-9d37-4720-b119-eff1c12bb493.tmp
Unicode text, UTF-8 text, with very long lines (17425), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6d49b9f3-51cc-4c99-9112-63f1bbab3884.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9dff5801-5269-4445-8385-05c0c2609dfe.tmp
Unicode text, UTF-8 text, with very long lines (17260), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\128111f0-c152-4c7b-8f1c-6f4aab452da7.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1b4aec1e-0c56-4935-80d4-d2035d99056b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF277a7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF28fe2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a9440ec7-7ce5-4f83-a366-33dca376a0c5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f1e9eabe-e5fd-45cc-a399-44ed16ac5807.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f55e27ef-b27b-4194-8f76-5a5dcd2616c0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2bef1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e610.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF319f2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3781f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2b6e2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF2ff26.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376614363026006
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\08d9ec29-8633-431b-834a-504129e14667.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\34481f55-e056-46cd-bec1-5c60b6186c31.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\47b17e9c-14ec-4b36-abf5-59b5f6e1d930.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF28fe2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aadfe7b2-ece2-49cb-a16e-83363f19f09a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b82f4122-65f2-49e2-bb7d-9b930baee068.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dfa58898-a6d1-4b95-a83f-b2584ce56e48.tmp
Unicode text, UTF-8 text, with very long lines (17425), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f54c125a-f5cd-4253-8b01-7fc94f289ca5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF26538.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF26557.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF266bf.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28da0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2dac6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3782f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3d264.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b7ad27b3-6014-4913-822e-35af74ecd894.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c8e96c79-c75c-4439-86d8-dbededbf8a18.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dd6b8e0c-ae65-44af-9298-bf4831f05977.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f0c16e03-9d90-4f78-b610-f91dede6e37b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\0acdd2da-f696-479d-b5dc-1413c74647e0.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\2f3ebe29-ce86-4e4e-b4c4-49980a46341b.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\374b45d5-902f-4f6a-bcb6-23d0757272ec.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\3d21e51e-e2d9-4d15-b4ef-e2d7a61dbe39.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\3e35b20f-4a02-4d01-868d-9f587c54ae37.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\9d67ac9b-1656-4f99-806d-a975d2332d84.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\e04ada0c-0d65-4537-aa92-72638ae1b819.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\0acdd2da-f696-479d-b5dc-1413c74647e0.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_2118300560\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_472953999\2f3ebe29-ce86-4e4e-b4c4-49980a46341b.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_472953999\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_472953999\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_472953999\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5144_472953999\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 433
ASCII text, with very long lines (4943)
downloaded
Chrome Cache Entry: 434
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 435
ASCII text
downloaded
Chrome Cache Entry: 436
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 437
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 438
SVG Scalable Vector Graphics image
downloaded
There are 275 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2224,i,15428073326921430912,4792700764699708340,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2188,i,8283749054754101398,9414593298289081245,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2460,i,9054009632194455587,10742817590129212962,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6672 --field-trial-handle=2460,i,9054009632194455587,10742817590129212962,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6884 --field-trial-handle=2460,i,9054009632194455587,10742817590129212962,262144 /prefetch:8
malicious
C:\Users\user\DocumentsFHJKKECFIE.exe
"C:\Users\user\DocumentsFHJKKECFIE.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6880 --field-trial-handle=2460,i,9054009632194455587,10742817590129212962,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsFHJKKECFIE.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732140782742&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.11
https://duckduckgo.com/chrome_newtab
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732140783607&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.11
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://185.215.113.43/Zu7JuNko/index.phpncoded
unknown
https://sb.scorecardresearch.com/
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/c4becf79229cb002.phpation
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
http://185.215.113.206s.exe
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
172.217.21.36
https://i.y.qq.com/n2/m/index.html
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
unknown
https://www.deezer.com/
unknown
185.215.113.206/c4becf79229cb002.php
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllz
unknown
https://drive-daily-2.corp.google.com/
unknown
http://185.215.113.206g
unknown
https://drive-daily-4.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php&
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllk
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://drive-daily-5.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpZo
unknown
http://185.215.113.206/c4becf79229cb002.php6
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll$
unknown
http://185.215.113.43/Zu7JuNko/index.phpk3
unknown
https://bard.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732140775642&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.11
https://assets.msn.cn/resolver/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732140782745&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.11
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://185.215.113.43/Zu7JuNko/index.php3jf
unknown
http://185.215.113.43/Zu7JuNko/index.phpT
unknown
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
http://185.215.113.206/c4becf79229cb002.phpb
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
142.250.181.65
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://c.msn.com/c.gif?rnd=1732140775644&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e960d3386b8642dbb8e622514e00b247&activityId=e960d3386b8642dbb8e622514e00b247&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=2947A454840A4FD09991B5E1B311CF6E&MUID=3E320C721BF96C1208BE194F1A9E6DEF
20.110.205.119
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tidal.com/
unknown
https://ntp.msn.com
unknown
http://185.215.113.43/Zu7JuNko/index.phpQ
unknown
https://browser.events.data.msn.cn/
unknown
https://c.msn.com/c.gif?rnd=1732140775644&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e960d3386b8642dbb8e622514e00b247&activityId=e960d3386b8642dbb8e622514e00b247&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.110.205.119
http://185.215.113.206/c4becf79229cb002.phpz
unknown
https://gaana.com/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0012.t-0009.t-msedge.net
13.107.246.40
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
142.250.181.110
play.google.com
172.217.19.206
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.106
www.google.com
172.217.21.36
googlehosted.l.googleusercontent.com
142.250.181.65
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
assets2.msn.com
unknown
There are 6 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.7
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
20.25.227.174
unknown
United States
13.107.246.40
s-part-0012.t-0009.t-msedge.net
United States
23.96.180.189
unknown
United States
18.165.220.106
sb.scorecardresearch.com
United States
23.49.251.21
unknown
United States
142.250.181.110
plus.l.google.com
United States
20.189.173.11
unknown
United States
104.126.116.98
unknown
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
23.219.82.91
unknown
United States
104.117.182.41
unknown
United States
104.126.116.8
unknown
United States
172.217.21.36
www.google.com
United States
20.110.205.119
unknown
United States
23.55.235.251
unknown
United States
204.79.197.219
unknown
United States
142.250.181.65
googlehosted.l.googleusercontent.com
United States
18.173.219.40
unknown
United States
172.64.41.3
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
There are 16 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197726
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197726
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197726
WindowTabManagerFileMappingId
There are 94 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
101000
unkown
page execute and read and write
 malicious
50D0000
direct allocation
page read and write
 malicious
101000
unkown
page execute and read and write
 malicious
4DF0000
direct allocation
page read and write
 malicious
8CE000
heap
page read and write
 malicious
4CB0000
direct allocation
page read and write
 malicious
48D0000
direct allocation
page read and write
 malicious
101000
unkown
page execute and read and write
 malicious
4DF0000
direct allocation
page read and write
 malicious
D51000
unkown
page execute and read and write
 malicious
5F1000
unkown
page execute and read and write
 malicious
36BE000
stack
page read and write
E24000
unkown
page execute and read and write
1CE9E000
stack
page read and write
14C0000
direct allocation
page read and write
1D434000
heap
page read and write
14C0000
direct allocation
page read and write
10E4000
heap
page read and write
2EC000
unkown
page execute and read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
4AC0000
direct allocation
page execute and read and write
1D454000
heap
page read and write
1D460000
heap
page read and write
10E4000
heap
page read and write
12BA000
heap
page read and write
3F4000
heap
page read and write
AA4000
heap
page read and write
343E000
stack
page read and write
3040000
heap
page read and write
10E4000
heap
page read and write
558D000
stack
page read and write
10E4000
heap
page read and write
482F000
stack
page read and write
11B0000
direct allocation
page read and write
11B0000
direct allocation
page read and write
6235000
heap
page read and write
B80000
direct allocation
page read and write
10E4000
heap
page read and write
AA4000
heap
page read and write
12B6000
heap
page read and write
4831000
heap
page read and write
4F70000
direct allocation
page execute and read and write
4FA0000
direct allocation
page execute and read and write
1D444000
heap
page read and write
353F000
stack
page read and write
12B0000
heap
page read and write
10E4000
heap
page read and write
237B4000
heap
page read and write
2F3E000
stack
page read and write
4831000
heap
page read and write
346E000
stack
page read and write
10E4000
heap
page read and write
3CEF000
stack
page read and write
37BF000
stack
page read and write
1241000
heap
page read and write
332E000
stack
page read and write
4831000
heap
page read and write
3F4000
heap
page read and write
4A50000
direct allocation
page execute and read and write
1334000
heap
page read and write
303F000
stack
page read and write
4A20000
direct allocation
page execute and read and write
169000
unkown
page write copy
2B20000
heap
page read and write
B80000
direct allocation
page read and write
10E4000
heap
page read and write
8C0000
heap
page read and write
10E4000
heap
page read and write
12B6000
heap
page read and write
162000
unkown
page execute and read and write
1330000
heap
page read and write
4C51000
heap
page read and write
61ED4000
direct allocation
page readonly
3F4000
heap
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
40BE000
stack
page read and write
1CD5F000
stack
page read and write
10E4000
heap
page read and write
3DFF000
stack
page read and write
2DE0000
heap
page read and write
4831000
heap
page read and write
1D443000
heap
page read and write
4A0F000
stack
page read and write
11B0000
direct allocation
page read and write
4F70000
direct allocation
page execute and read and write
4B0F000
stack
page read and write
14E0000
heap
page read and write
70152000
unkown
page readonly
4971000
heap
page read and write
12B0000
heap
page read and write
1CB1E000
stack
page read and write
1D443000
heap
page read and write
1D441000
heap
page read and write
488F000
stack
page read and write
10E5000
heap
page read and write
1D438000
heap
page read and write
407000
unkown
page execute and read and write
4961000
heap
page read and write
1D432000
heap
page read and write
234E0000
heap
page read and write
23517000
heap
page read and write
4C51000
heap
page read and write
1440000
heap
page read and write
3D2E000
stack
page read and write
1334000
heap
page read and write
10E4000
heap
page read and write
1D423000
heap
page read and write
5250000
direct allocation
page execute and read and write
1565000
heap
page read and write
1D454000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
5260000
direct allocation
page execute and read and write
65BF000
stack
page read and write
F90000
heap
page read and write
4831000
heap
page read and write
1D437000
heap
page read and write
4831000
heap
page read and write
235A0000
trusted library allocation
page read and write
4831000
heap
page read and write
1537000
heap
page read and write
1D460000
heap
page read and write
10E4000
heap
page read and write
2A3E000
stack
page read and write
353F000
stack
page read and write
3F4000
heap
page read and write
1249000
unkown
page execute and write copy
4831000
heap
page read and write
12B0000
heap
page read and write
AA4000
heap
page read and write
4AA0000
direct allocation
page execute and read and write
659000
unkown
page write copy
1D40D000
stack
page read and write
277F000
stack
page read and write
66FF000
stack
page read and write
10E4000
heap
page read and write
12A3000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
8A0000
direct allocation
page read and write
3F4000
heap
page read and write
4F40000
direct allocation
page execute and read and write
4C51000
heap
page read and write
4831000
heap
page read and write
8A8C000
stack
page read and write
10E4000
heap
page read and write
450E000
stack
page read and write
583C000
stack
page read and write
12B6000
heap
page read and write
AA8000
unkown
page execute and read and write
23509000
heap
page read and write
FB0000
direct allocation
page read and write
12B6000
heap
page read and write
10E4000
heap
page read and write
5A7E000
stack
page read and write
10E4000
heap
page read and write
FB0000
direct allocation
page read and write
5BEF000
stack
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
46EF000
stack
page read and write
1D412000
heap
page read and write
388E000
stack
page read and write
4930000
trusted library allocation
page read and write
AA4000
heap
page read and write
4B4E000
stack
page read and write
100000
unkown
page read and write
4F50000
direct allocation
page execute and read and write
1334000
heap
page read and write
14AE000
stack
page read and write
10E4000
heap
page read and write
4831000
heap
page read and write
1334000
heap
page read and write
3F4000
heap
page read and write
4831000
heap
page read and write
10E4000
heap
page read and write
29FF000
stack
page read and write
12EE000
stack
page read and write
4FF0000
direct allocation
page execute and read and write
1334000
heap
page read and write
2DBF000
stack
page read and write
10E4000
heap
page read and write
1D439000
heap
page read and write
4FA0000
direct allocation
page execute and read and write
5BA000
unkown
page execute and write copy
446F000
stack
page read and write
464E000
stack
page read and write
105C000
stack
page read and write
1334000
heap
page read and write
1D42B000
heap
page read and write
4831000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
4F70000
direct allocation
page execute and read and write
4C70000
heap
page read and write
7480000
heap
page read and write
1D454000
heap
page read and write
4F30000
direct allocation
page execute and read and write
1CD9E000
stack
page read and write
5131000
direct allocation
page read and write
12B3000
heap
page read and write
1334000
heap
page read and write
432F000
stack
page read and write
EFD000
stack
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
12A0000
heap
page read and write
10E5000
heap
page read and write
263F000
stack
page read and write
10E4000
heap
page read and write
4F2F000
stack
page read and write
4C51000
heap
page read and write
1334000
heap
page read and write
303F000
stack
page read and write
36EE000
stack
page read and write
637E000
stack
page read and write
31EF000
stack
page read and write
357E000
stack
page read and write
1D43F000
heap
page read and write
3F4000
heap
page read and write
443F000
stack
page read and write
B80000
direct allocation
page read and write
1D445000
heap
page read and write
417000
unkown
page execute and read and write
12DD000
heap
page read and write
8F7000
unkown
page execute and read and write
7600000
heap
page read and write
3F3F000
stack
page read and write
14C0000
direct allocation
page read and write
1334000
heap
page read and write
700C0000
unkown
page readonly
1D30E000
stack
page read and write
12BA000
heap
page read and write
1334000
heap
page read and write
13EA000
unkown
page execute and read and write
44AE000
stack
page read and write
30AE000
stack
page read and write
1D42B000
heap
page read and write
3F4000
heap
page read and write
1D444000
heap
page read and write
3F6F000
stack
page read and write
5270000
direct allocation
page execute and read and write
4DEF000
stack
page read and write
10E5000
heap
page read and write
3F4000
heap
page read and write
45EE000
stack
page read and write
4831000
heap
page read and write
FC7000
heap
page read and write
12B0000
heap
page read and write
4F70000
direct allocation
page execute and read and write
4961000
heap
page read and write
4F40000
direct allocation
page execute and read and write
1127000
unkown
page execute and read and write
234A0000
heap
page read and write
1D43F000
heap
page read and write
10E4000
heap
page read and write
B80000
direct allocation
page read and write
10E4000
heap
page read and write
11B0000
direct allocation
page read and write
1334000
heap
page read and write
10E4000
heap
page read and write
40EE000
stack
page read and write
4CEB000
stack
page read and write
659000
unkown
page write copy
FB0000
direct allocation
page read and write
2351B000
heap
page read and write
10E4000
heap
page read and write
4847000
heap
page read and write
6230000
heap
page read and write
11B0000
direct allocation
page read and write
10E5000
heap
page read and write
1D444000
heap
page read and write
6CDE1000
unkown
page execute read
4831000
heap
page read and write
10E4000
heap
page read and write
1227000
heap
page read and write
2CBE000
stack
page read and write
2DE7000
heap
page read and write
4831000
heap
page read and write
1D43B000
heap
page read and write
10E4000
heap
page read and write
B37000
heap
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
392F000
stack
page read and write
23521000
heap
page read and write
7488000
heap
page read and write
3BEE000
stack
page read and write
41BF000
stack
page read and write
100000
unkown
page readonly
52C0000
direct allocation
page execute and read and write
B80000
direct allocation
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
BBF000
stack
page read and write
61E01000
direct allocation
page execute read
3F0000
heap
page read and write
3F4000
heap
page read and write
1D43A000
heap
page read and write
48D0000
direct allocation
page read and write
438F000
stack
page read and write
10E4000
heap
page read and write
3AAE000
stack
page read and write
4F60000
direct allocation
page execute and read and write
1D430000
heap
page read and write
6CDE0000
unkown
page readonly
10E4000
heap
page read and write
1D460000
heap
page read and write
D51000
unkown
page execute and write copy
10E4000
heap
page read and write
1D441000
heap
page read and write
36EE000
stack
page read and write
10E4000
heap
page read and write
51A4000
heap
page read and write
32BF000
stack
page read and write
10E4000
heap
page read and write
4C60000
heap
page read and write
100000
unkown
page read and write
2DFE000
stack
page read and write
12C7000
heap
page read and write
234A0000
trusted library allocation
page read and write
3E2F000
stack
page read and write
10E4000
heap
page read and write
4831000
heap
page read and write
8C2000
unkown
page execute and read and write
10E4000
heap
page read and write
FB0000
direct allocation
page read and write
1D43B000
heap
page read and write
14C0000
direct allocation
page read and write
1D444000
heap
page read and write
1D460000
heap
page read and write
460F000
stack
page read and write
4A50000
direct allocation
page execute and read and write
307E000
stack
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
152B000
heap
page read and write
1335000
heap
page read and write
10E4000
heap
page read and write
5F0000
unkown
page read and write
234A0000
trusted library allocation
page read and write
16B000
unkown
page execute and read and write
61ED3000
direct allocation
page read and write
3CEF000
stack
page read and write
37FE000
stack
page read and write
39CE000
stack
page read and write
2356A000
heap
page read and write
10E4000
heap
page read and write
4971000
heap
page read and write
10E4000
heap
page read and write
1334000
heap
page read and write
3F4000
heap
page read and write
4831000
heap
page read and write
3F4000
heap
page read and write
B30000
heap
page read and write
1CC5E000
stack
page read and write
35AE000
stack
page read and write
10CE000
stack
page read and write
6F7000
stack
page read and write
FB0000
direct allocation
page read and write
4831000
heap
page read and write
10E4000
heap
page read and write
48CE000
stack
page read and write
10E4000
heap
page read and write
2A4E1000
heap
page read and write
3F4000
heap
page read and write
4FB0000
direct allocation
page execute and read and write
32FE000
stack
page read and write
1D410000
heap
page read and write
14C0000
direct allocation
page read and write
929000
heap
page read and write
10E4000
heap
page read and write
2DBF000
stack
page read and write
3D0000
heap
page read and write
112E000
stack
page read and write
4831000
heap
page read and write
75F0000
heap
page read and write
12DD000
heap
page read and write
422E000
stack
page read and write
4831000
heap
page read and write
41BF000
stack
page read and write
BBA000
heap
page read and write
2360E000
stack
page read and write
554F000
stack
page read and write
1D43E000
heap
page read and write
1D43F000
heap
page read and write
FB0000
direct allocation
page read and write
3D2000
unkown
page execute and read and write
2D2F000
stack
page read and write
687E000
stack
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
4E2E000
stack
page read and write
41FE000
stack
page read and write
1D443000
heap
page read and write
11B0000
direct allocation
page read and write
3D8E000
stack
page read and write
12B0000
heap
page read and write
1D416000
heap
page read and write
37FE000
stack
page read and write
1D454000
heap
page read and write
1334000
heap
page read and write
12A2000
heap
page read and write
3A6F000
stack
page read and write
3047000
heap
page read and write
3BAF000
stack
page read and write
3F4000
heap
page read and write
1D42B000
heap
page read and write
1D454000
heap
page read and write
1D454000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
306F000
stack
page read and write
10E4000
heap
page read and write
4971000
heap
page read and write
23563000
heap
page read and write
5090000
heap
page read and write
AA4000
heap
page read and write
AA4000
heap
page read and write
4960000
heap
page read and write
10E4000
heap
page read and write
447E000
stack
page read and write
37BF000
stack
page read and write
673B000
stack
page read and write
3F4000
heap
page read and write
D50000
unkown
page read and write
2DFE000
stack
page read and write
4831000
heap
page read and write
101000
unkown
page execute and write copy
1D26D000
stack
page read and write
356F000
stack
page read and write
5240000
direct allocation
page execute and read and write
49CF000
stack
page read and write
38FF000
stack
page read and write
10E4000
heap
page read and write
5B8000
unkown
page execute and read and write
486E000
stack
page read and write
4A50000
direct allocation
page execute and read and write
4A30000
direct allocation
page execute and read and write
382E000
stack
page read and write
B80000
direct allocation
page read and write
36BE000
stack
page read and write
116E000
stack
page read and write
2DBE000
stack
page read and write
10E4000
heap
page read and write
384F000
stack
page read and write
10E4000
heap
page read and write
8CA000
heap
page read and write
3F7E000
stack
page read and write
1D530000
trusted library allocation
page read and write
10E4000
heap
page read and write
86E000
stack
page read and write
1D43D000
heap
page read and write
4831000
heap
page read and write
913000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
4831000
heap
page read and write
2DEE000
heap
page read and write
1D445000
heap
page read and write
8A0000
direct allocation
page read and write
3FAD000
stack
page read and write
B80000
direct allocation
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
FB0000
direct allocation
page read and write
4E51000
direct allocation
page read and write
162000
unkown
page execute and read and write
125B000
heap
page read and write
169000
unkown
page write copy
38FF000
stack
page read and write
346E000
stack
page read and write
2CBE000
stack
page read and write
1D43E000
heap
page read and write
104E000
stack
page read and write
12C7000
heap
page read and write
2AFE000
stack
page read and write
342F000
stack
page read and write
4AE0000
direct allocation
page execute and read and write
10E4000
heap
page read and write
393E000
stack
page read and write
3FF000
unkown
page execute and read and write
61E00000
direct allocation
page execute and read and write
3F4000
heap
page read and write
1334000
heap
page read and write
652000
unkown
page execute and read and write
2F3E000
stack
page read and write
13DE000
stack
page read and write
4C51000
heap
page read and write
3BEE000
stack
page read and write
1D440000
heap
page read and write
1D42F000
heap
page read and write
10E4000
heap
page read and write
B3B000
stack
page read and write
4DF0000
heap
page read and write
10E4000
heap
page read and write
1D445000
heap
page read and write
10E4000
heap
page read and write
3F4000
heap
page read and write
1334000
heap
page read and write
132E000
stack
page read and write
10E4000
heap
page read and write
2A3E000
stack
page read and write
4831000
heap
page read and write
16B000
unkown
page execute and read and write
1D450000
heap
page read and write
16DF000
stack
page read and write
4FB0000
direct allocation
page execute and read and write
4831000
heap
page read and write
1D43E000
heap
page read and write
10E4000
heap
page read and write
4850000
heap
page read and write
40EE000
stack
page read and write
10E4000
heap
page read and write
2A30B000
stack
page read and write
317F000
stack
page read and write
10E4000
heap
page read and write
32BF000
stack
page read and write
B80000
direct allocation
page read and write
1334000
heap
page read and write
1D439000
heap
page read and write
AA4000
heap
page read and write
357E000
stack
page read and write
1D421000
heap
page read and write
1334000
heap
page read and write
10E5000
heap
page read and write
4831000
heap
page read and write
4831000
heap
page read and write
10E4000
heap
page read and write
1D443000
heap
page read and write
10E4000
heap
page read and write
1D439000
heap
page read and write
101000
unkown
page execute and write copy
3F4000
heap
page read and write
4831000
heap
page read and write
2DC0000
direct allocation
page execute and read and write
4C51000
heap
page read and write
169000
unkown
page write copy
FB0000
direct allocation
page read and write
1D443000
heap
page read and write
3A7D000
stack
page read and write
5F0000
unkown
page readonly
472E000
stack
page read and write
10E4000
heap
page read and write
1D42B000
heap
page read and write
493F000
stack
page read and write
4C51000
heap
page read and write
1D450000
heap
page read and write
10E4000
heap
page read and write
3F3F000
stack
page read and write
127F000
heap
page read and write
410F000
stack
page read and write
1334000
heap
page read and write
100000
unkown
page readonly
2A3D0000
heap
page read and write
1334000
heap
page read and write
41EF000
stack
page read and write
61EB7000
direct allocation
page readonly
4831000
heap
page read and write
4831000
heap
page read and write
14C0000
direct allocation
page read and write
10E4000
heap
page read and write
4A60000
direct allocation
page execute and read and write
3F4000
heap
page read and write
3F4000
heap
page read and write
4F40000
direct allocation
page execute and read and write
2ABE000
stack
page read and write
3F4000
heap
page read and write
4F40000
direct allocation
page execute and read and write
7600000
heap
page read and write
3E2F000
stack
page read and write
FB0000
direct allocation
page read and write
5250000
direct allocation
page execute and read and write
5230000
direct allocation
page execute and read and write
3A7E000
stack
page read and write
6CFC0000
unkown
page read and write
37EF000
stack
page read and write
10E4000
heap
page read and write
4F70000
direct allocation
page execute and read and write
1334000
heap
page read and write
8A0000
direct allocation
page read and write
1334000
heap
page read and write
10E4000
heap
page read and write
101000
unkown
page execute and write copy
483E000
stack
page read and write
10E4000
heap
page read and write
11B0000
heap
page read and write
3CFE000
stack
page read and write
418000
unkown
page execute and write copy
2EEF000
stack
page read and write
4540000
trusted library allocation
page read and write
4831000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
11AE000
stack
page read and write
31AF000
stack
page read and write
FB0000
direct allocation
page read and write
31BE000
stack
page read and write
10E4000
heap
page read and write
8A0000
direct allocation
page read and write
11B0000
direct allocation
page read and write
53FB000
stack
page read and write
10E4000
heap
page read and write
40AF000
stack
page read and write
10E4000
heap
page read and write
EB7000
unkown
page execute and read and write
12B6000
heap
page read and write
5190000
heap
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
3F4000
heap
page read and write
10E4000
heap
page read and write
37EF000
stack
page read and write
3F4000
heap
page read and write
4831000
heap
page read and write
4C4F000
stack
page read and write
4972000
heap
page read and write
F96000
heap
page read and write
1334000
heap
page read and write
6B2C000
stack
page read and write
100000
unkown
page readonly
3F4000
heap
page read and write
417000
unkown
page execute and read and write
10E4000
heap
page read and write
12A3000
heap
page read and write
907000
unkown
page execute and write copy
14C0000
direct allocation
page read and write
2B7E000
stack
page read and write
1D460000
heap
page read and write
3F4000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
3B7F000
stack
page read and write
4F90000
direct allocation
page execute and read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
367F000
stack
page read and write
12B0000
heap
page read and write
568F000
stack
page read and write
1D43A000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
1334000
heap
page read and write
E20000
unkown
page execute and read and write
1334000
heap
page read and write
123B000
unkown
page execute and read and write
52A0000
direct allocation
page execute and read and write
1334000
heap
page read and write
10E4000
heap
page read and write
9B0000
heap
page read and write
1334000
heap
page read and write
6AD0000
heap
page read and write
10E4000
heap
page read and write
3ACF000
stack
page read and write
AA4000
heap
page read and write
2EC000
unkown
page execute and read and write
3F4000
heap
page read and write
4A40000
direct allocation
page execute and read and write
3BBE000
stack
page read and write
10E5000
heap
page read and write
33FF000
stack
page read and write
1D02D000
stack
page read and write
4C51000
heap
page read and write
697E000
stack
page read and write
4F90000
direct allocation
page execute and read and write
B80000
direct allocation
page read and write
474F000
stack
page read and write
12C7000
heap
page read and write
1334000
heap
page read and write
2B27000
heap
page read and write
436E000
stack
page read and write
4F40000
direct allocation
page execute and read and write
10E5000
heap
page read and write
2370E000
stack
page read and write
12B1000
heap
page read and write
4831000
heap
page read and write
10E4000
heap
page read and write
4DF0000
direct allocation
page read and write
65FE000
stack
page read and write
10E4000
heap
page read and write
1D535000
heap
page read and write
1D454000
heap
page read and write
14C0000
direct allocation
page read and write
418000
unkown
page execute and write copy
3D2000
unkown
page execute and read and write
FB0000
direct allocation
page read and write
12A7000
heap
page read and write
3E6D000
stack
page read and write
100000
unkown
page read and write
12BA000
heap
page read and write
14C0000
direct allocation
page read and write
2A7C000
stack
page read and write
4931000
direct allocation
page read and write
700C1000
unkown
page execute read
F9A000
unkown
page read and write
482F000
stack
page read and write
10E4000
heap
page read and write
1334000
heap
page read and write
1D44D000
heap
page read and write
5220000
direct allocation
page execute and read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
1551000
heap
page read and write
65B000
unkown
page execute and read and write
30EF000
stack
page read and write
10E4000
heap
page read and write
AA4000
heap
page read and write
1D460000
heap
page read and write
124A000
unkown
page execute and write copy
1D42F000
heap
page read and write
5BA000
unkown
page execute and write copy
11E0000
heap
page read and write
417000
unkown
page execute and write copy
8A0000
direct allocation
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
1D432000
heap
page read and write
4A50000
direct allocation
page execute and read and write
334F000
stack
page read and write
4F80000
direct allocation
page execute and read and write
4831000
heap
page read and write
12BA000
heap
page read and write
52B0000
direct allocation
page execute and read and write
360E000
stack
page read and write
907000
unkown
page execute and read and write
234C0000
heap
page read and write
4AB0000
direct allocation
page execute and read and write
3DFF000
stack
page read and write
BB0000
heap
page read and write
AAA000
unkown
page execute and write copy
1D43C000
heap
page read and write
4E20000
direct allocation
page execute and read and write
12BA000
heap
page read and write
125E000
heap
page read and write
129F000
stack
page read and write
683C000
stack
page read and write
10E4000
heap
page read and write
5B8000
unkown
page execute and read and write
2B00000
direct allocation
page read and write
1D443000
heap
page read and write
169000
unkown
page write copy
1D16D000
stack
page read and write
1334000
heap
page read and write
10E4000
heap
page read and write
2EFF000
stack
page read and write
AA0000
heap
page read and write
490E000
stack
page read and write
4F80000
direct allocation
page execute and read and write
12B0000
heap
page read and write
10E4000
heap
page read and write
42FF000
stack
page read and write
890000
heap
page read and write
4831000
heap
page read and write
127F000
heap
page read and write
10E4000
heap
page read and write
23720000
trusted library allocation
page read and write
267E000
stack
page read and write
47FF000
stack
page read and write
4C51000
heap
page read and write
13EB000
unkown
page execute and write copy
496F000
stack
page read and write
407000
unkown
page execute and read and write
5250000
direct allocation
page execute and read and write
1334000
heap
page read and write
10E4000
heap
page read and write
F9C000
unkown
page execute and read and write
472E000
stack
page read and write
28BF000
stack
page read and write
4831000
heap
page read and write
5AEE000
stack
page read and write
10E4000
heap
page read and write
418000
unkown
page execute and write copy
1D42B000
heap
page read and write
4F40000
direct allocation
page execute and read and write
D87000
unkown
page execute and read and write
3E3E000
stack
page read and write
2A4DC000
stack
page read and write
1D43C000
heap
page read and write
3F4000
heap
page read and write
424F000
stack
page read and write
4FE0000
direct allocation
page execute and read and write
4971000
heap
page read and write
14C0000
direct allocation
page read and write
432F000
stack
page read and write
61EB4000
direct allocation
page read and write
28FE000
stack
page read and write
2B00000
direct allocation
page read and write
B00000
heap
page read and write
4830000
heap
page read and write
B80000
direct allocation
page read and write
AA4000
heap
page read and write
12A3000
heap
page read and write
10E4000
heap
page read and write
42FF000
stack
page read and write
4441000
heap
page read and write
10E4000
heap
page read and write
1334000
heap
page read and write
10E4000
heap
page read and write
F9A000
unkown
page write copy
1334000
heap
page read and write
4831000
heap
page read and write
4FD0000
direct allocation
page execute and read and write
1D460000
heap
page read and write
5BA000
unkown
page execute and write copy
5290000
direct allocation
page execute and read and write
1334000
heap
page read and write
10E4000
heap
page read and write
12A2000
heap
page read and write
10E4000
heap
page read and write
235A0000
trusted library allocation
page read and write
61ED0000
direct allocation
page read and write
8AB3000
heap
page read and write
3B7F000
stack
page read and write
4A70000
direct allocation
page execute and read and write
10E4000
heap
page read and write
3FAE000
stack
page read and write
1334000
heap
page read and write
127F000
heap
page read and write
457F000
stack
page read and write
12B6000
heap
page read and write
396E000
stack
page read and write
3F4000
heap
page read and write
2A4E0000
heap
page read and write
4940000
heap
page read and write
ABE000
stack
page read and write
10E4000
heap
page read and write
1D421000
heap
page read and write
10E4000
heap
page read and write
41EF000
stack
page read and write
57CF000
stack
page read and write
4961000
heap
page read and write
940000
heap
page read and write
35CF000
stack
page read and write
10E4000
heap
page read and write
100E000
stack
page read and write
10E4000
heap
page read and write
10E5000
heap
page read and write
32EF000
stack
page read and write
1334000
heap
page read and write
407F000
stack
page read and write
8A0000
direct allocation
page read and write
10E4000
heap
page read and write
520F000
stack
page read and write
4441000
heap
page read and write
10E4000
heap
page read and write
4FD0000
direct allocation
page execute and read and write
6CFBF000
unkown
page write copy
370F000
stack
page read and write
DD4000
unkown
page execute and read and write
6C80000
trusted library allocation
page read and write
12B0000
heap
page read and write
8A0000
direct allocation
page read and write
10E4000
heap
page read and write
1D42B000
heap
page read and write
5B8000
unkown
page execute and read and write
12DD000
heap
page read and write
1334000
heap
page read and write
FDA000
heap
page read and write
4C50000
heap
page read and write
2C7F000
stack
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
4831000
heap
page read and write
3F6E000
stack
page read and write
10E4000
heap
page read and write
8A0000
direct allocation
page read and write
5280000
direct allocation
page execute and read and write
48D0000
direct allocation
page read and write
4CE6000
direct allocation
page read and write
52F0000
direct allocation
page execute and read and write
12B6000
heap
page read and write
4441000
heap
page read and write
169000
unkown
page write copy
14C0000
direct allocation
page read and write
4C51000
heap
page read and write
1D43E000
heap
page read and write
33FF000
stack
page read and write
544E000
stack
page read and write
23501000
heap
page read and write
10E4000
heap
page read and write
40AF000
stack
page read and write
B7E000
stack
page read and write
1D443000
heap
page read and write
1334000
heap
page read and write
4831000
heap
page read and write
3AAE000
stack
page read and write
10E4000
heap
page read and write
4831000
heap
page read and write
1334000
heap
page read and write
4AD0000
direct allocation
page execute and read and write
AA4000
heap
page read and write
1D445000
heap
page read and write
7014E000
unkown
page read and write
115D000
stack
page read and write
446F000
stack
page read and write
8A0000
direct allocation
page read and write
12B1000
heap
page read and write
36AF000
stack
page read and write
45AF000
stack
page read and write
1D42B000
heap
page read and write
75F1000
heap
page read and write
32EF000
stack
page read and write
12A3000
heap
page read and write
4831000
heap
page read and write
1D433000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
1CFDF000
stack
page read and write
B90000
heap
page read and write
2350F000
heap
page read and write
2D7F000
stack
page read and write
4F2F000
stack
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
10E0000
heap
page read and write
393E000
stack
page read and write
1231000
heap
page read and write
FB0000
direct allocation
page read and write
11EE000
heap
page read and write
6FB000
stack
page read and write
2EFF000
stack
page read and write
10E4000
heap
page read and write
1D445000
heap
page read and write
417000
unkown
page execute and write copy
6CFBE000
unkown
page read and write
12BA000
heap
page read and write
10E4000
heap
page read and write
443F000
stack
page read and write
8A0000
direct allocation
page read and write
1CEDE000
stack
page read and write
10E4000
heap
page read and write
1D43A000
heap
page read and write
10E5000
heap
page read and write
5250000
direct allocation
page execute and read and write
1249000
unkown
page execute and read and write
11B0000
direct allocation
page read and write
2F6E000
stack
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
3F4000
heap
page read and write
1D442000
heap
page read and write
23504000
heap
page read and write
FA0000
heap
page read and write
2B00000
direct allocation
page read and write
10E4000
heap
page read and write
2DD0000
direct allocation
page execute and read and write
4A60000
trusted library allocation
page read and write
1334000
heap
page read and write
4FC0000
direct allocation
page execute and read and write
1D12C000
stack
page read and write
4E20000
direct allocation
page execute and read and write
AFE000
stack
page read and write
108E000
stack
page read and write
3C0F000
stack
page read and write
1D437000
heap
page read and write
407F000
stack
page read and write
10E4000
heap
page read and write
B80000
direct allocation
page read and write
169000
unkown
page write copy
127F000
heap
page read and write
1D41F000
heap
page read and write
4E40000
direct allocation
page execute and read and write
155F000
heap
page read and write
1334000
heap
page read and write
3F4000
heap
page read and write
400E000
stack
page read and write
10E4000
heap
page read and write
237C4000
heap
page read and write
1D441000
heap
page read and write
10E4000
heap
page read and write
12B0000
heap
page read and write
303E000
stack
page read and write
3BBE000
stack
page read and write
3E3E000
stack
page read and write
D50000
unkown
page readonly
32FE000
stack
page read and write
10E4000
heap
page read and write
1D42C000
heap
page read and write
10E4000
heap
page read and write
4831000
heap
page read and write
46BF000
stack
page read and write
1D460000
heap
page read and write
1231000
unkown
page execute and read and write
10E4000
heap
page read and write
46EF000
stack
page read and write
3F4000
heap
page read and write
10E4000
heap
page read and write
8EF000
unkown
page execute and read and write
3CBF000
stack
page read and write
4441000
heap
page read and write
3ECE000
stack
page read and write
1D423000
heap
page read and write
436E000
stack
page read and write
4FC0000
direct allocation
page execute and read and write
2F2F000
stack
page read and write
56CE000
stack
page read and write
34CE000
stack
page read and write
16B000
unkown
page execute and read and write
4F70000
direct allocation
page execute and read and write
307E000
stack
page read and write
1334000
heap
page read and write
1D421000
heap
page read and write
FDE000
heap
page read and write
BAB000
heap
page read and write
4440000
heap
page read and write
3E0000
heap
page read and write
D9F000
stack
page read and write
120B000
unkown
page execute and read and write
F88000
unkown
page execute and read and write
4F60000
direct allocation
page execute and read and write
1D439000
heap
page read and write
11B0000
direct allocation
page read and write
129A000
heap
page read and write
3FF000
unkown
page execute and read and write
10E4000
heap
page read and write
478E000
stack
page read and write
593B000
stack
page read and write
3F4000
heap
page read and write
12C8000
heap
page read and write
2FEF000
stack
page read and write
4831000
heap
page read and write
B80000
direct allocation
page read and write
4A0E000
stack
page read and write
10E4000
heap
page read and write
14C0000
direct allocation
page read and write
B4C000
stack
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
4831000
heap
page read and write
3A3F000
stack
page read and write
EFA000
stack
page read and write
51A0000
heap
page read and write
5250000
direct allocation
page execute and read and write
11B0000
direct allocation
page read and write
3C4E000
stack
page read and write
4972000
heap
page read and write
8A90000
heap
page read and write
4982000
heap
page read and write
10E4000
heap
page read and write
11B0000
direct allocation
page read and write
332E000
stack
page read and write
14EB000
heap
page read and write
348F000
stack
page read and write
10E4000
heap
page read and write
433E000
stack
page read and write
10E4000
heap
page read and write
4831000
heap
page read and write
36C000
stack
page read and write
3D2000
unkown
page execute and read and write
45BE000
stack
page read and write
E05000
unkown
page execute and read and write
4E2E000
stack
page read and write
2B3F000
stack
page read and write
52D0000
direct allocation
page execute and read and write
3D2E000
stack
page read and write
3E8F000
stack
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
31BE000
stack
page read and write
3F4000
heap
page read and write
10E4000
heap
page read and write
50D0000
direct allocation
page read and write
4831000
heap
page read and write
1D42B000
heap
page read and write
1D460000
heap
page read and write
4831000
heap
page read and write
396E000
stack
page read and write
3F4000
heap
page read and write
AA4000
heap
page read and write
6CFC5000
unkown
page readonly
1334000
heap
page read and write
3F4000
heap
page read and write
10E4000
heap
page read and write
314F000
stack
page read and write
10E4000
heap
page read and write
1D439000
heap
page read and write
392F000
stack
page read and write
4961000
heap
page read and write
3CBF000
stack
page read and write
3F7E000
stack
page read and write
AA4000
heap
page read and write
597D000
stack
page read and write
4A50000
direct allocation
page execute and read and write
41FE000
stack
page read and write
4D50000
trusted library allocation
page read and write
B80000
direct allocation
page read and write
10E4000
heap
page read and write
4AF0000
direct allocation
page execute and read and write
F7E000
stack
page read and write
10E4000
heap
page read and write
4831000
heap
page read and write
11D0000
direct allocation
page read and write
1D439000
heap
page read and write
4C51000
heap
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
1D44C000
heap
page read and write
3A6F000
stack
page read and write
4E10000
direct allocation
page execute and read and write
1D42C000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
4E00000
direct allocation
page execute and read and write
5F1000
unkown
page execute and write copy
4F40000
direct allocation
page execute and read and write
10E4000
heap
page read and write
317F000
stack
page read and write
11B0000
direct allocation
page read and write
1D460000
heap
page read and write
2B7E000
stack
page read and write
1D442000
heap
page read and write
64BE000
stack
page read and write
10E4000
heap
page read and write
31EE000
stack
page read and write
1D42B000
heap
page read and write
1D437000
heap
page read and write
2B2B000
heap
page read and write
35AE000
stack
page read and write
3FF000
unkown
page execute and read and write
3BAF000
stack
page read and write
14B0000
heap
page read and write
82E000
stack
page read and write
10E4000
heap
page read and write
FB0000
direct allocation
page read and write
11B0000
direct allocation
page read and write
10E4000
heap
page read and write
43CE000
stack
page read and write
4E30000
direct allocation
page execute and read and write
2355F000
heap
page read and write
4E51000
direct allocation
page read and write
10E4000
heap
page read and write
4961000
heap
page read and write
1334000
heap
page read and write
61ECD000
direct allocation
page readonly
11D0000
direct allocation
page read and write
FC0000
heap
page read and write
1266000
heap
page read and write
45AF000
stack
page read and write
2F7F000
stack
page read and write
1334000
heap
page read and write
8A0000
direct allocation
page read and write
3F4000
heap
page read and write
12BA000
heap
page read and write
4A90000
direct allocation
page execute and read and write
3F4000
heap
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
3F4000
heap
page read and write
10E4000
heap
page read and write
139F000
stack
page read and write
8A0000
direct allocation
page read and write
1D42B000
heap
page read and write
7013D000
unkown
page readonly
F3E000
stack
page read and write
10E4000
heap
page read and write
12DD000
heap
page read and write
367F000
stack
page read and write
433E000
stack
page read and write
B80000
direct allocation
page read and write
3F4000
heap
page read and write
3B0E000
stack
page read and write
422E000
stack
page read and write
237BC000
heap
page read and write
1334000
heap
page read and write
4C51000
heap
page read and write
4A80000
direct allocation
page execute and read and write
10E4000
heap
page read and write
3F4000
heap
page read and write
414E000
stack
page read and write
6CF7F000
unkown
page readonly
1240000
heap
page read and write
1334000
heap
page read and write
12DD000
heap
page read and write
4831000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
398F000
stack
page read and write
8A0000
direct allocation
page read and write
4C51000
heap
page read and write
2EC000
unkown
page execute and read and write
BA0000
heap
page read and write
647F000
stack
page read and write
3CFE000
stack
page read and write
44CF000
stack
page read and write
356F000
stack
page read and write
10D0000
heap
page read and write
8A0000
direct allocation
page read and write
4DF0000
direct allocation
page execute and read and write
1D431000
heap
page read and write
162000
unkown
page execute and read and write
4A70000
trusted library allocation
page read and write
50D0000
direct allocation
page read and write
2B2E000
heap
page read and write
11B0000
direct allocation
page read and write
16B000
unkown
page execute and read and write
FB0000
direct allocation
page read and write
1D443000
heap
page read and write
417000
unkown
page execute and write copy
10E4000
heap
page read and write
6236000
heap
page read and write
10E4000
heap
page read and write
1334000
heap
page read and write
75FE000
heap
page read and write
510B000
stack
page read and write
52E0000
direct allocation
page execute and read and write
4831000
heap
page read and write
4DF0000
direct allocation
page read and write
44AE000
stack
page read and write
3F4000
heap
page read and write
1D429000
heap
page read and write
14C0000
direct allocation
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
417000
unkown
page execute and read and write
2E2F000
stack
page read and write
10E4000
heap
page read and write
10E4000
heap
page read and write
4C51000
heap
page read and write
407000
unkown
page execute and read and write
46FE000
stack
page read and write
1D44F000
heap
page read and write
1D45D000
heap
page read and write
10E4000
heap
page read and write
95D000
stack
page read and write
3E6E000
stack
page read and write
14DF000
stack
page read and write
BC0000
heap
page read and write
4F50000
direct allocation
page execute and read and write
4831000
heap
page read and write
5000000
direct allocation
page execute and read and write
143E000
stack
page read and write
10E4000
heap
page read and write
45EE000
stack
page read and write
10E4000
heap
page read and write
382E000
stack
page read and write
4C51000
heap
page read and write
428E000
stack
page read and write
14C0000
direct allocation
page read and write
12DD000
heap
page read and write
374E000
stack
page read and write
1334000
heap
page read and write
7DC000
unkown
page execute and read and write
BB0000
heap
page read and write
3A3F000
stack
page read and write
AA4000
heap
page read and write
4971000
heap
page read and write
5250000
direct allocation
page execute and read and write
237CC000
heap
page read and write
85C000
stack
page read and write
4961000
heap
page read and write
3FCF000
stack
page read and write
338E000
stack
page read and write
10E4000
heap
page read and write
BA0000
heap
page read and write
AA4000
heap
page read and write
12AE000
heap
page read and write
4831000
heap
page read and write
1568000
heap
page read and write
342F000
stack
page read and write
343E000
stack
page read and write
1D442000
heap
page read and write
2FBB000
stack
page read and write
1D445000
heap
page read and write
36AF000
stack
page read and write
4831000
heap
page read and write
2FFE000
stack
page read and write
4831000
heap
page read and write
1D445000
heap
page read and write
908000
unkown
page execute and write copy
12C7000
heap
page read and write
4F70000
direct allocation
page execute and read and write
4831000
heap
page read and write
525C000
stack
page read and write
324F000
stack
page read and write
23506000
heap
page read and write
4A50000
direct allocation
page execute and read and write
2C2F000
stack
page read and write
1D454000
heap
page read and write
10E4000
heap
page read and write
3D4F000
stack
page read and write
27BE000
stack
page read and write
12DD000
heap
page read and write
2C7F000
stack
page read and write
FD0000
heap
page read and write
1CC1F000
stack
page read and write
4C51000
heap
page read and write
10E4000
heap
page read and write
40BE000
stack
page read and write
61ECC000
direct allocation
page read and write
237C2000
heap
page read and write
6F2000
stack
page read and write
There are 1288 hidden memdumps, click here to show them.