IOC Report
E89hSGjVrv.exe

loading gif

Files

File Path
Type
Category
Malicious
E89hSGjVrv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsCAFHDBGHJK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AAEBAFBGIDHCBFHIECFC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\BAFCFBAEGDHIEBFHDGCBAECFBG
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\BFBGDGID
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EHIJDHCAKKFCBGCBAAECFIJDAK
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\GIJJKKJJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\IDHIEBAAKJDHIECAAFHC
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\ProgramData\KJKJJJECFIEBFHIEGHJD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\21347647-bf11-4291-b6f1-f1d503f09a89.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\285c9ab7-1da3-4819-99b7-f1ab7675bd12.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\594493d0-8337-4aba-a4bb-20b85b2ba72e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8acaf63d-2d6f-4c5b-be60-263f85fd91c6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\93ff59ea-127c-471a-9fb9-b9aeb65dd865.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9641ee84-7309-4c9d-96ae-ddf73340414f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\0615c418-779a-421c-9714-bdd10667e93f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673E7586-1FF0.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\16fddf74-c349-4ccb-b8ad-3dba784387d1.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3e209c5e-2cf6-4c51-9392-1960bf873d07.tmp
Unicode text, UTF-8 text, with very long lines (17456), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7e6651b5-08bb-4f68-bb5c-bcd00cb0128f.tmp
Unicode text, UTF-8 text, with very long lines (17456), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9f283494-4aa5-4f45-b25e-28f7552fddeb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Dyalog APL version -58.-88
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\65b2e2f6-2ba1-45bc-a9fc-41502c757161.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF49ac5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF38cc0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a0d5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a6d2294a-cee5-417f-8215-f9bde49ef329.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b3be58d1-7ac2-4abe-af15-878251f4c61f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b72cc8d8-f8da-49c1-b5e6-03c86f10c711.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c62db682-f42b-41cc-9a70-92ebc86ac696.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c8728bfc-eccf-44c6-ab71-4031e23040b8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3d449.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4170e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF48c3e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3d458.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF413e2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF40888.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376620169753926
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3d01ff70-067d-4a1f-8b46-abc6f21a5e38.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4afe4649-f44e-495d-bbdf-367ab6c55512.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4f8274d3-4ef5-41e0-bcba-f296e4ce3abc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6a1ad855-7de7-4fb4-9cc7-a9dc061e2b22.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3a0d5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a1db320f-2ce3-4b2c-b16e-5f73a9b6fcb2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b91b3dc6-1c07-4924-879b-77272fb9580a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d26454f9-efdb-4082-a4ed-6c5e60c7ffb4.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d6318873-0d36-4f3f-9318-ff694629c551.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e5609017-56a8-4d35-9c2f-3fb36b6dac7b.tmp
Unicode text, UTF-8 text, with very long lines (16698), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ef357748-7449-4a28-b239-8c22fb7f48ab.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37967.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37977.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37aee.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a1de.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3db8c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48c2f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4e6d2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c4999c8e-3be1-433f-84d7-0d3ca34ac899.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fe34ec16-f4e3-483e-b65f-86212053315b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\0837f255-99f2-4839-ae52-f0a44e4490d7.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\4f424c66-b1d7-43f2-b883-958e0eb04bc6.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\647d93b3-602c-4e6a-8f6e-babc630f9a33.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\de9eacce-ad28-46db-9602-4981cccdcc2c.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\dede0a07-e64f-4cb7-b8c8-5c14e0f35b95.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\e88f5fa7-1879-4d28-9a34-e3c40e9e8435.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\ea23b4ef-8eb2-4ddd-89ec-65dc7417bef1.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\0837f255-99f2-4839-ae52-f0a44e4490d7.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_1843397026\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_422511899\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_422511899\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_422511899\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_422511899\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8176_422511899\e88f5fa7-1879-4d28-9a34-e3c40e9e8435.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 22:49:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 22:49:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 22:49:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 22:49:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 22:49:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 466
Unicode text, UTF-8 text, with very long lines (3936)
downloaded
Chrome Cache Entry: 467
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 468
ASCII text
downloaded
Chrome Cache Entry: 469
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 470
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 471
SVG Scalable Vector Graphics image
downloaded
There are 287 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\E89hSGjVrv.exe
"C:\Users\user\Desktop\E89hSGjVrv.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2320,i,9541969784439426641,9290128447048775784,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2292,i,7521651601030041477,18299988415420470262,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2236,i,13588427511518387819,9522602448328524199,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6368 --field-trial-handle=2236,i,13588427511518387819,9522602448328524199,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6656 --field-trial-handle=2236,i,13588427511518387819,9522602448328524199,262144 /prefetch:8
malicious
C:\Users\user\DocumentsCAFHDBGHJK.exe
"C:\Users\user\DocumentsCAFHDBGHJK.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6540 --field-trial-handle=2236,i,13588427511518387819,9522602448328524199,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsCAFHDBGHJK.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/freebl3.dllK
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://31.41.244.11/files/random.exe$
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
unknown
https://www.last.fm/
unknown
https://c.msn.com/c.gif?rnd=1732146580940&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=2be22f69e21a49cfaf6226b272c6f5bf&activityId=2be22f69e21a49cfaf6226b272c6f5bf&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=98AF16FA7EF64DBE97659D03ACE375C9&MUID=02AF36CE75CE647F00F523F374AC6592
20.110.205.119
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://sb.scorecardresearch.com/
unknown
http://31.41.244.11/files/random.exe1
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://31.41.244.11/
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.185.228
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732146588118&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.9
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732146580938&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.9
185.215.113.206/c4becf79229cb002.php
http://185.215.113.206lfons
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://sb.scorecardresearch.com/b?rn=1732146580940&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=02AF36CE75CE647F00F523F374AC6592&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
13.32.99.105
https://drive-daily-2.corp.google.com/
unknown
http://31.41.244.11/files/random.exe07797001
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/c4becf79229cb002.php2
unknown
https://drive-daily-5.corp.google.com/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
http://31.41.244.11/215.113.43/Zu7JuNko/index.php
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllo
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
https://chromewebstore.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllO
unknown
http://31.41.244.11/files/random.exephp
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://m.kugou.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpd
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.18.1
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/c4becf79229cb002.phpp
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tidal.com/
unknown
https://ntp.msn.com
unknown
https://browser.events.data.msn.cn/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.185.206
play.google.com
142.250.186.46
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
13.32.99.105
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.185.228
googlehosted.l.googleusercontent.com
172.217.18.1
sni1gl.wpc.nucdn.net
152.199.21.175
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 6 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.5
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
142.250.186.46
play.google.com
United States
23.57.90.137
unknown
United States
142.250.185.228
www.google.com
United States
142.250.185.206
plus.l.google.com
United States
13.107.246.40
unknown
United States
20.189.173.9
unknown
United States
23.96.180.189
unknown
United States
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
23.200.88.39
unknown
United States
13.226.94.6
unknown
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
23.55.235.251
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
31.41.244.11
unknown
Russian Federation
104.70.121.195
unknown
United States
23.57.90.101
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
172.217.18.1
googlehosted.l.googleusercontent.com
United States
13.32.99.105
sb.scorecardresearch.com
United States
172.183.192.109
unknown
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
There are 17 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
There are 142 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4AB0000
direct allocation
page read and write
 malicious
48A0000
direct allocation
page read and write
 malicious
5520000
direct allocation
page read and write
 malicious
2D1000
unkown
page execute and read and write
 malicious
15EC000
heap
page read and write
 malicious
E81000
unkown
page execute and read and write
 malicious
2D1000
unkown
page execute and read and write
 malicious
5660000
direct allocation
page read and write
 malicious
2D1000
unkown
page execute and read and write
 malicious
B51000
unkown
page execute and read and write
 malicious
4B60000
direct allocation
page read and write
 malicious
19BE000
heap
page read and write
1669000
heap
page read and write
292E000
stack
page read and write
DB4000
heap
page read and write
5EF000
unkown
page execute and write copy
1DCB4000
heap
page read and write
5090000
heap
page read and write
1DCD0000
heap
page read and write
5EF000
unkown
page execute and read and write
17C4000
heap
page read and write
4C40000
direct allocation
page execute and read and write
4C6000
unkown
page execute and read and write
312E000
stack
page read and write
A4B000
heap
page read and write
5091000
heap
page read and write
1DC7D000
stack
page read and write
23F50000
trusted library allocation
page read and write
1DCAE000
heap
page read and write
5091000
heap
page read and write
9871000
heap
page read and write
1DCAB000
heap
page read and write
17C4000
heap
page read and write
1DC9B000
heap
page read and write
3C6E000
stack
page read and write
1DCD0000
heap
page read and write
5091000
heap
page read and write
495E000
stack
page read and write
17C4000
heap
page read and write
1DCAB000
heap
page read and write
17C4000
heap
page read and write
5091000
heap
page read and write
5080000
direct allocation
page read and write
23E9C000
heap
page read and write
B84000
heap
page read and write
1DCCA000
heap
page read and write
5091000
heap
page read and write
1DCA7000
heap
page read and write
5091000
heap
page read and write
305E000
stack
page read and write
1D89D000
stack
page read and write
4A40000
direct allocation
page execute and read and write
17C4000
heap
page read and write
33DF000
stack
page read and write
5091000
heap
page read and write
5080000
direct allocation
page read and write
3570000
direct allocation
page read and write
566F000
stack
page read and write
5091000
heap
page read and write
DB0000
heap
page read and write
17C4000
heap
page read and write
23E91000
heap
page read and write
23EA8000
heap
page read and write
D9C000
unkown
page execute and read and write
6F3F000
stack
page read and write
4631000
heap
page read and write
3597000
heap
page read and write
5840000
direct allocation
page execute and read and write
38DF000
stack
page read and write
119F000
unkown
page execute and write copy
415F000
stack
page read and write
17C4000
heap
page read and write
4D10000
direct allocation
page execute and read and write
D9A000
unkown
page write copy
315F000
stack
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
17C4000
heap
page read and write
4DDB000
stack
page read and write
BE0000
heap
page read and write
23EEA000
heap
page read and write
3FEF000
stack
page read and write
1DCA9000
heap
page read and write
17C4000
heap
page read and write
13DB000
stack
page read and write
1578000
stack
page read and write
5091000
heap
page read and write
369F000
stack
page read and write
37CF000
stack
page read and write
1DC9F000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
D88000
unkown
page execute and read and write
792000
unkown
page execute and write copy
2800000
direct allocation
page read and write
19E6000
heap
page read and write
4631000
heap
page read and write
1612000
heap
page read and write
274000
heap
page read and write
2D1000
unkown
page execute and write copy
1DCA3000
heap
page read and write
1DCCA000
heap
page read and write
B84000
heap
page read and write
274000
heap
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
80C0000
heap
page read and write
5091000
heap
page read and write
23DB0000
heap
page read and write
24030000
heap
page read and write
37DE000
stack
page read and write
390F000
stack
page read and write
57F0000
direct allocation
page execute and read and write
1983000
heap
page read and write
5091000
heap
page read and write
270000
heap
page read and write
4631000
heap
page read and write
C80000
heap
page read and write
2D0000
unkown
page read and write
A10000
direct allocation
page read and write
EE2000
unkown
page execute and read and write
4631000
heap
page read and write
17C4000
heap
page read and write
23F50000
trusted library allocation
page read and write
5EF000
unkown
page execute and read and write
5860000
direct allocation
page execute and read and write
B84000
heap
page read and write
51E1000
heap
page read and write
251E000
stack
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
4C9F000
stack
page read and write
43DF000
stack
page read and write
28AF000
stack
page read and write
4CB0000
direct allocation
page execute and read and write
17C4000
heap
page read and write
1DC8F000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
4A00000
direct allocation
page execute and read and write
1D6EF000
stack
page read and write
379F000
stack
page read and write
5091000
heap
page read and write
17C4000
heap
page read and write
3F1F000
stack
page read and write
4631000
heap
page read and write
1DC92000
heap
page read and write
7FD0000
heap
page read and write
3A5E000
stack
page read and write
2ABA0000
heap
page read and write
B84000
heap
page read and write
986C000
stack
page read and write
1DCAD000
heap
page read and write
274000
heap
page read and write
B84000
heap
page read and write
51E1000
heap
page read and write
274000
heap
page read and write
4A5E000
stack
page read and write
408F000
stack
page read and write
19BD000
heap
page read and write
57E0000
direct allocation
page execute and read and write
95DE000
stack
page read and write
16E0000
heap
page read and write
1DC83000
heap
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
4F9E000
stack
page read and write
1340000
unkown
page execute and read and write
17C4000
heap
page read and write
3570000
direct allocation
page read and write
365E000
stack
page read and write
41DE000
stack
page read and write
33B000
unkown
page execute and read and write
DB4000
heap
page read and write
2800000
direct allocation
page read and write
274000
heap
page read and write
4A00000
direct allocation
page execute and read and write
4A30000
direct allocation
page execute and read and write
17C4000
heap
page read and write
28DE000
stack
page read and write
197D000
heap
page read and write
1DCA1000
heap
page read and write
4CDE000
stack
page read and write
17C4000
heap
page read and write
5091000
heap
page read and write
5A9000
unkown
page execute and read and write
2DCF000
stack
page read and write
556C000
stack
page read and write
5091000
heap
page read and write
38AE000
stack
page read and write
2A8F000
stack
page read and write
5091000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
451F000
stack
page read and write
6C58E000
unkown
page read and write
3E0F000
stack
page read and write
1DC9B000
heap
page read and write
5080000
direct allocation
page read and write
DB4000
heap
page read and write
2A1E000
stack
page read and write
2E6F000
stack
page read and write
4631000
heap
page read and write
1DCD0000
heap
page read and write
39DF000
stack
page read and write
5091000
heap
page read and write
C23000
heap
page read and write
4631000
heap
page read and write
17C4000
heap
page read and write
B84000
heap
page read and write
17C4000
heap
page read and write
2800000
direct allocation
page read and write
23F15000
heap
page read and write
74AE000
stack
page read and write
39EE000
stack
page read and write
4631000
heap
page read and write
416E000
stack
page read and write
4631000
heap
page read and write
1DCC2000
heap
page read and write
4F1F000
stack
page read and write
75AF000
stack
page read and write
17C4000
heap
page read and write
1665000
heap
page read and write
2970000
direct allocation
page read and write
2C5F000
stack
page read and write
274000
heap
page read and write
17C4000
heap
page read and write
332000
unkown
page execute and read and write
939B000
stack
page read and write
2ACAC000
stack
page read and write
1DCCD000
heap
page read and write
38DF000
stack
page read and write
1342000
unkown
page execute and write copy
17C4000
heap
page read and write
B84000
heap
page read and write
43AF000
stack
page read and write
329F000
stack
page read and write
19D2000
heap
page read and write
B84000
heap
page read and write
17C4000
heap
page read and write
4C30000
direct allocation
page execute and read and write
4631000
heap
page read and write
16B9000
heap
page read and write
A10000
direct allocation
page read and write
5091000
heap
page read and write
4C30000
direct allocation
page execute and read and write
1978000
heap
page read and write
61ECD000
direct allocation
page readonly
4421000
heap
page read and write
17C4000
heap
page read and write
391E000
stack
page read and write
DB4000
heap
page read and write
DB4000
heap
page read and write
3B5F000
stack
page read and write
B84000
heap
page read and write
45CE000
stack
page read and write
17C4000
heap
page read and write
34DF000
stack
page read and write
19CC000
heap
page read and write
559C000
stack
page read and write
4421000
heap
page read and write
1DCC5000
heap
page read and write
61EB7000
direct allocation
page readonly
509F000
stack
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
1DC86000
heap
page read and write
4D00000
direct allocation
page execute and read and write
17C4000
heap
page read and write
430F000
stack
page read and write
5870000
direct allocation
page execute and read and write
9870000
heap
page read and write
479F000
stack
page read and write
2F4E000
stack
page read and write
55FD000
stack
page read and write
B84000
heap
page read and write
17C4000
heap
page read and write
792000
unkown
page execute and write copy
2970000
direct allocation
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
DB4000
heap
page read and write
43EE000
stack
page read and write
976C000
stack
page read and write
A10000
direct allocation
page read and write
16F0000
heap
page read and write
F21000
unkown
page execute and read and write
50A0000
heap
page read and write
296E000
stack
page read and write
431E000
stack
page read and write
17BE000
stack
page read and write
5190000
trusted library allocation
page read and write
B84000
heap
page read and write
379F000
stack
page read and write
17C4000
heap
page read and write
279F000
stack
page read and write
2800000
direct allocation
page read and write
4631000
heap
page read and write
6C5A1000
unkown
page execute read
57C0000
direct allocation
page execute and read and write
5080000
direct allocation
page read and write
17C4000
heap
page read and write
DB4000
heap
page read and write
24028000
heap
page read and write
17C5000
heap
page read and write
17C4000
heap
page read and write
B84000
heap
page read and write
1DCA2000
heap
page read and write
B84000
heap
page read and write
5080000
direct allocation
page read and write
4CE0000
direct allocation
page execute and read and write
340F000
stack
page read and write
1BFE000
stack
page read and write
535D000
stack
page read and write
194F000
heap
page read and write
4631000
heap
page read and write
1DCB5000
heap
page read and write
4631000
heap
page read and write
375F000
stack
page read and write
1191000
unkown
page execute and read and write
4631000
heap
page read and write
1DC9A000
heap
page read and write
3570000
direct allocation
page read and write
394E000
stack
page read and write
5091000
heap
page read and write
4D60000
direct allocation
page execute and read and write
17C4000
heap
page read and write
2980000
heap
page read and write
4631000
heap
page read and write
FCF000
stack
page read and write
1DCA3000
heap
page read and write
4631000
heap
page read and write
12C000
stack
page read and write
27AE000
stack
page read and write
2ACB0000
heap
page read and write
19BC000
heap
page read and write
6C780000
unkown
page read and write
57D0000
direct allocation
page execute and read and write
57E0000
direct allocation
page execute and read and write
EEE000
stack
page read and write
4631000
heap
page read and write
17C4000
heap
page read and write
16FA000
stack
page read and write
286E000
stack
page read and write
61E00000
direct allocation
page execute and read and write
2800000
direct allocation
page read and write
5091000
heap
page read and write
C1C000
unkown
page execute and read and write
3B8F000
stack
page read and write
1045000
unkown
page execute and write copy
17C4000
heap
page read and write
B84000
heap
page read and write
35EF000
stack
page read and write
11E7000
unkown
page execute and write copy
4B9F000
stack
page read and write
147C000
stack
page read and write
4C30000
direct allocation
page execute and read and write
E80000
unkown
page read and write
1DCB4000
heap
page read and write
5091000
heap
page read and write
1DCCB000
heap
page read and write
2800000
direct allocation
page read and write
1DC91000
heap
page read and write
5091000
heap
page read and write
4A70000
heap
page read and write
B84000
heap
page read and write
51E1000
heap
page read and write
32DE000
stack
page read and write
B84000
heap
page read and write
23ED1000
heap
page read and write
1D5EE000
stack
page read and write
5E1000
unkown
page execute and read and write
5E1000
unkown
page execute and read and write
5080000
direct allocation
page read and write
6C500000
unkown
page readonly
3570000
direct allocation
page read and write
1DCCE000
heap
page read and write
17C4000
heap
page read and write
505E000
stack
page read and write
308E000
stack
page read and write
4E5E000
stack
page read and write
17C4000
heap
page read and write
B84000
heap
page read and write
190E000
heap
page read and write
3A5E000
stack
page read and write
4631000
heap
page read and write
B84000
heap
page read and write
17C4000
heap
page read and write
B84000
heap
page read and write
23EB1000
heap
page read and write
DB4000
heap
page read and write
1DCB5000
heap
page read and write
2800000
direct allocation
page read and write
2827000
heap
page read and write
5091000
heap
page read and write
445E000
stack
page read and write
5091000
heap
page read and write
33D7000
heap
page read and write
1DCB5000
heap
page read and write
31CE000
stack
page read and write
282D000
heap
page read and write
17C4000
heap
page read and write
4B60000
direct allocation
page read and write
A10000
direct allocation
page read and write
419E000
stack
page read and write
4631000
heap
page read and write
2CCE000
stack
page read and write
44EF000
stack
page read and write
1DCAD000
heap
page read and write
17C4000
heap
page read and write
1DC9B000
heap
page read and write
4E1F000
stack
page read and write
17C4000
heap
page read and write
C59000
heap
page read and write
61ED0000
direct allocation
page read and write
C50000
heap
page read and write
17C4000
heap
page read and write
2970000
direct allocation
page read and write
4631000
heap
page read and write
5091000
heap
page read and write
4A70000
direct allocation
page execute and read and write
301F000
stack
page read and write
5091000
heap
page read and write
7DE000
stack
page read and write
46D1000
heap
page read and write
5080000
direct allocation
page read and write
1DD35000
heap
page read and write
61ECC000
direct allocation
page read and write
5091000
heap
page read and write
17C4000
heap
page read and write
361F000
stack
page read and write
2B1F000
stack
page read and write
17C4000
heap
page read and write
7FCE000
heap
page read and write
354F000
stack
page read and write
B84000
heap
page read and write
5080000
direct allocation
page read and write
26DE000
stack
page read and write
549E000
stack
page read and write
5091000
heap
page read and write
6C592000
unkown
page readonly
D9A000
unkown
page read and write
4631000
heap
page read and write
2987000
heap
page read and write
274000
heap
page read and write
A10000
direct allocation
page read and write
1DCC2000
heap
page read and write
B84000
heap
page read and write
4631000
heap
page read and write
17C4000
heap
page read and write
1DCA3000
heap
page read and write
A10000
direct allocation
page read and write
4C60000
direct allocation
page execute and read and write
17A0000
heap
page read and write
1DCCB000
heap
page read and write
2D0000
unkown
page readonly
5091000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
1DCC8000
heap
page read and write
199C000
heap
page read and write
BEB000
heap
page read and write
426F000
stack
page read and write
56C0000
direct allocation
page execute and read and write
EE9000
unkown
page write copy
A10000
direct allocation
page read and write
17C4000
heap
page read and write
B84000
heap
page read and write
33DE000
heap
page read and write
DB4000
heap
page read and write
E81000
unkown
page execute and write copy
6C77E000
unkown
page read and write
22D000
stack
page read and write
2E0E000
stack
page read and write
1AFE000
stack
page read and write
58C0000
heap
page read and write
A10000
direct allocation
page read and write
3590000
heap
page read and write
4631000
heap
page read and write
199C000
heap
page read and write
B84000
heap
page read and write
17C4000
heap
page read and write
391E000
stack
page read and write
3C2F000
stack
page read and write
365F000
stack
page read and write
1D5AF000
stack
page read and write
33AE000
stack
page read and write
17C4000
heap
page read and write
49E0000
direct allocation
page execute and read and write
1DCB5000
heap
page read and write
355E000
stack
page read and write
2B5E000
stack
page read and write
1DCAA000
heap
page read and write
3B5F000
stack
page read and write
17C4000
heap
page read and write
EE9000
unkown
page write copy
8DC000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
15CE000
heap
page read and write
296F000
stack
page read and write
15CA000
heap
page read and write
4AB0000
direct allocation
page read and write
402E000
stack
page read and write
6BB6000
heap
page read and write
469D000
stack
page read and write
5091000
heap
page read and write
5E1000
unkown
page execute and read and write
4E1E000
stack
page read and write
1DCB5000
heap
page read and write
1674000
heap
page read and write
1DCAB000
heap
page read and write
5091000
heap
page read and write
1DCD0000
heap
page read and write
7FC1000
heap
page read and write
1DCC5000
heap
page read and write
362E000
stack
page read and write
61ED4000
direct allocation
page readonly
17C4000
heap
page read and write
3C9E000
stack
page read and write
4D70000
direct allocation
page execute and read and write
B3D000
stack
page read and write
4A20000
direct allocation
page execute and read and write
39AF000
stack
page read and write
34EE000
stack
page read and write
19E8000
heap
page read and write
3570000
direct allocation
page read and write
4C70000
direct allocation
page execute and read and write
49F0000
direct allocation
page execute and read and write
4A1F000
stack
page read and write
2820000
heap
page read and write
4640000
heap
page read and write
29AB000
stack
page read and write
27DE000
stack
page read and write
441F000
stack
page read and write
17C4000
heap
page read and write
2970000
direct allocation
page read and write
B84000
heap
page read and write
DB4000
heap
page read and write
1A7E000
stack
page read and write
175D000
stack
page read and write
3570000
direct allocation
page read and write
4631000
heap
page read and write
1DCC2000
heap
page read and write
17C4000
heap
page read and write
282B000
heap
page read and write
2B8F000
stack
page read and write
5520000
direct allocation
page read and write
4631000
heap
page read and write
3EDF000
stack
page read and write
A3C000
stack
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
17C4000
heap
page read and write
5091000
heap
page read and write
3F5E000
stack
page read and write
19BC000
heap
page read and write
5091000
heap
page read and write
17A5000
heap
page read and write
5091000
heap
page read and write
195D000
heap
page read and write
7E0000
heap
page read and write
5091000
heap
page read and write
42DF000
stack
page read and write
17C4000
heap
page read and write
5091000
heap
page read and write
339000
unkown
page write copy
4631000
heap
page read and write
7630000
trusted library allocation
page read and write
1D84F000
stack
page read and write
3A1E000
stack
page read and write
17C4000
heap
page read and write
5091000
heap
page read and write
C8A000
heap
page read and write
255E000
stack
page read and write
23EA5000
heap
page read and write
19CF000
heap
page read and write
17C4000
heap
page read and write
61EB4000
direct allocation
page read and write
4A9E000
stack
page read and write
4BEF000
stack
page read and write
5091000
heap
page read and write
4AA0000
direct allocation
page execute and read and write
23E94000
heap
page read and write
17C4000
heap
page read and write
119F000
unkown
page execute and read and write
4CE0000
direct allocation
page execute and read and write
358E000
stack
page read and write
4CA0000
direct allocation
page execute and read and write
3B9E000
stack
page read and write
380E000
stack
page read and write
29DF000
stack
page read and write
4631000
heap
page read and write
3AEF000
stack
page read and write
2970000
direct allocation
page read and write
A10000
direct allocation
page read and write
5080000
direct allocation
page read and write
505F000
stack
page read and write
3DAE000
stack
page read and write
5091000
heap
page read and write
458F000
stack
page read and write
455F000
stack
page read and write
2597000
heap
page read and write
E80000
unkown
page readonly
1573000
stack
page read and write
24020000
heap
page read and write
2970000
direct allocation
page read and write
318F000
stack
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
DEE000
stack
page read and write
48DE000
stack
page read and write
5F0000
unkown
page execute and write copy
17C4000
heap
page read and write
1DCB4000
heap
page read and write
4A50000
direct allocation
page execute and read and write
3B9E000
stack
page read and write
1680000
heap
page read and write
46D1000
heap
page read and write
5060000
heap
page read and write
56B0000
direct allocation
page execute and read and write
3F1F000
stack
page read and write
19D2000
heap
page read and write
2FAF000
stack
page read and write
1DCC2000
heap
page read and write
17C4000
heap
page read and write
4630000
heap
page read and write
5A9000
unkown
page execute and read and write
2800000
direct allocation
page read and write
1DCAB000
heap
page read and write
4631000
heap
page read and write
2C8F000
stack
page read and write
51F0000
heap
page read and write
4B9E000
stack
page read and write
30EF000
stack
page read and write
1044000
unkown
page execute and read and write
2D6E000
stack
page read and write
4631000
heap
page read and write
19D0000
heap
page read and write
17C4000
heap
page read and write
19BC000
heap
page read and write
322F000
stack
page read and write
5093000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
4D50000
direct allocation
page execute and read and write
4631000
heap
page read and write
7FC0000
heap
page read and write
469F000
stack
page read and write
4631000
heap
page read and write
199C000
heap
page read and write
4631000
heap
page read and write
160F000
heap
page read and write
17C4000
heap
page read and write
5680000
direct allocation
page execute and read and write
1DCB5000
heap
page read and write
4C3C000
stack
page read and write
4730000
trusted library allocation
page read and write
2590000
heap
page read and write
5660000
direct allocation
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
41DE000
stack
page read and write
1DCAF000
heap
page read and write
C40000
heap
page read and write
4631000
heap
page read and write
57B0000
direct allocation
page execute and read and write
1DCB5000
heap
page read and write
1DCCF000
heap
page read and write
157E000
stack
page read and write
3A8E000
stack
page read and write
B84000
heap
page read and write
52E0000
trusted library allocation
page read and write
1DCA7000
heap
page read and write
4CDF000
stack
page read and write
1DC9B000
heap
page read and write
6C57D000
unkown
page readonly
7E30000
heap
page read and write
B84000
heap
page read and write
4AEC000
stack
page read and write
4631000
heap
page read and write
56BE000
stack
page read and write
462F000
stack
page read and write
5091000
heap
page read and write
23F90000
trusted library allocation
page read and write
2C9E000
stack
page read and write
5091000
heap
page read and write
17C4000
heap
page read and write
4631000
heap
page read and write
3F4F000
stack
page read and write
289F000
stack
page read and write
4A00000
direct allocation
page execute and read and write
4631000
heap
page read and write
6CFE000
stack
page read and write
1740000
heap
page read and write
DB4000
heap
page read and write
5091000
heap
page read and write
341E000
stack
page read and write
11A0000
unkown
page execute and write copy
1DDA9000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
4B60000
direct allocation
page read and write
15C0000
heap
page read and write
6C501000
unkown
page execute read
1DCB5000
heap
page read and write
17C4000
heap
page read and write
2402E000
heap
page read and write
1DCBE000
heap
page read and write
1DCA7000
heap
page read and write
519F000
stack
page read and write
B84000
heap
page read and write
179E000
stack
page read and write
17C4000
heap
page read and write
56B0000
direct allocation
page execute and read and write
420E000
stack
page read and write
1DCA0000
heap
page read and write
1DCC2000
heap
page read and write
4A10000
direct allocation
page execute and read and write
2EAE000
stack
page read and write
3C9F000
stack
page read and write
455E000
stack
page read and write
274000
heap
page read and write
4F5E000
stack
page read and write
17C4000
heap
page read and write
5091000
heap
page read and write
ECE000
stack
page read and write
4631000
heap
page read and write
A3B000
heap
page read and write
B84000
heap
page read and write
17C4000
heap
page read and write
3560000
heap
page read and write
A30000
heap
page read and write
4CD0000
direct allocation
page execute and read and write
17C4000
heap
page read and write
47DF000
stack
page read and write
339000
unkown
page write copy
B84000
heap
page read and write
4D20000
direct allocation
page execute and read and write
1DC9B000
heap
page read and write
5080000
direct allocation
page read and write
4C90000
direct allocation
page execute and read and write
790000
unkown
page execute and read and write
1DC80000
heap
page read and write
2970000
direct allocation
page read and write
195F000
heap
page read and write
2FEE000
stack
page read and write
17C4000
heap
page read and write
3CDE000
stack
page read and write
332000
unkown
page execute and read and write
4631000
heap
page read and write
4A60000
direct allocation
page execute and read and write
3570000
direct allocation
page read and write
17C4000
heap
page read and write
197B000
heap
page read and write
1DADD000
stack
page read and write
B84000
heap
page read and write
4631000
heap
page read and write
5091000
heap
page read and write
47D0000
trusted library allocation
page read and write
5091000
heap
page read and write
17C4000
heap
page read and write
4C20000
direct allocation
page execute and read and write
4F5E000
stack
page read and write
4CD0000
direct allocation
page execute and read and write
17C4000
heap
page read and write
4421000
heap
page read and write
4F1F000
stack
page read and write
3EEE000
stack
page read and write
17C4000
heap
page read and write
2800000
direct allocation
page read and write
199C000
heap
page read and write
6DFF000
stack
page read and write
3CCF000
stack
page read and write
B84000
heap
page read and write
4B5F000
stack
page read and write
A10000
direct allocation
page read and write
46DE000
stack
page read and write
5091000
heap
page read and write
32CF000
stack
page read and write
1DCA4000
heap
page read and write
61E01000
direct allocation
page execute read
6C5A0000
unkown
page readonly
17C4000
heap
page read and write
1DCD0000
heap
page read and write
6CBF000
stack
page read and write
2EDF000
stack
page read and write
6F60000
heap
page read and write
5820000
direct allocation
page execute and read and write
1DCCA000
heap
page read and write
B84000
heap
page read and write
1159000
unkown
page execute and read and write
5091000
heap
page read and write
1D46F000
stack
page read and write
17C4000
heap
page read and write
5D7000
unkown
page execute and read and write
1DCAB000
heap
page read and write
2DDE000
stack
page read and write
1DCAA000
heap
page read and write
355E000
stack
page read and write
4C9F000
stack
page read and write
17C4000
heap
page read and write
DB4000
heap
page read and write
5091000
heap
page read and write
B50000
unkown
page readonly
2800000
direct allocation
page read and write
3DDF000
stack
page read and write
4E1E000
stack
page read and write
790000
unkown
page execute and read and write
50B0000
heap
page read and write
1D4AE000
stack
page read and write
17C4000
heap
page read and write
51E1000
heap
page read and write
5091000
heap
page read and write
17C4000
heap
page read and write
B51000
unkown
page execute and write copy
3BCE000
stack
page read and write
1DCB5000
heap
page read and write
2800000
direct allocation
page read and write
5091000
heap
page read and write
3E1E000
stack
page read and write
429F000
stack
page read and write
46D1000
heap
page read and write
530F000
stack
page read and write
23E70000
heap
page read and write
17C4000
heap
page read and write
4631000
heap
page read and write
520E000
stack
page read and write
B50000
unkown
page read and write
4D80000
direct allocation
page execute and read and write
351E000
stack
page read and write
5830000
direct allocation
page execute and read and write
5660000
direct allocation
page read and write
17C4000
heap
page read and write
42AE000
stack
page read and write
491E000
stack
page read and write
57E0000
direct allocation
page execute and read and write
5080000
direct allocation
page read and write
2970000
direct allocation
page read and write
B84000
heap
page read and write
57E0000
direct allocation
page execute and read and write
17C4000
heap
page read and write
4D1E000
stack
page read and write
4901000
direct allocation
page read and write
5EF000
unkown
page execute and read and write
5091000
heap
page read and write
51E1000
heap
page read and write
B84000
heap
page read and write
5EF000
unkown
page execute and write copy
4F5F000
stack
page read and write
274000
heap
page read and write
DB4000
heap
page read and write
2580000
direct allocation
page execute and read and write
1DCAB000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
431E000
stack
page read and write
17C4000
heap
page read and write
5810000
direct allocation
page execute and read and write
DA0000
heap
page read and write
A20000
heap
page read and write
3EAE000
stack
page read and write
B84000
heap
page read and write
A10000
direct allocation
page read and write
4CC0000
direct allocation
page execute and read and write
3A1F000
stack
page read and write
28EE000
stack
page read and write
17C4000
heap
page read and write
419F000
stack
page read and write
17C4000
heap
page read and write
448E000
stack
page read and write
1035000
unkown
page execute and read and write
94DE000
stack
page read and write
17C4000
heap
page read and write
4631000
heap
page read and write
C41000
heap
page read and write
19D0000
heap
page read and write
2D0000
unkown
page readonly
1DCB5000
heap
page read and write
50DE000
stack
page read and write
4631000
heap
page read and write
419F000
stack
page read and write
3570000
direct allocation
page read and write
4BDE000
stack
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
3570000
direct allocation
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
339000
unkown
page write copy
17C4000
heap
page read and write
57E0000
direct allocation
page execute and read and write
17C4000
heap
page read and write
19BC000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
197E000
stack
page read and write
B84000
heap
page read and write
17C4000
heap
page read and write
3DDE000
stack
page read and write
34DF000
stack
page read and write
195F000
heap
page read and write
1DDA0000
trusted library allocation
page read and write
23E50000
trusted library allocation
page read and write
24028000
heap
page read and write
17C4000
heap
page read and write
A10000
direct allocation
page read and write
6E3E000
stack
page read and write
274000
heap
page read and write
1DCB4000
heap
page read and write
481D000
stack
page read and write
1DCAF000
heap
page read and write
1DCCB000
heap
page read and write
4B11000
direct allocation
page read and write
274000
heap
page read and write
3A4F000
stack
page read and write
4A00000
direct allocation
page execute and read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
DB4000
heap
page read and write
102E000
unkown
page execute and read and write
6BAE000
stack
page read and write
17C4000
heap
page read and write
11E6000
unkown
page execute and read and write
569E000
stack
page read and write
2D0000
unkown
page read and write
56A0000
direct allocation
page execute and read and write
4631000
heap
page read and write
166E000
heap
page read and write
4631000
heap
page read and write
545E000
stack
page read and write
1D9DD000
stack
page read and write
17C4000
heap
page read and write
409E000
stack
page read and write
33DE000
stack
page read and write
19E6000
heap
page read and write
792000
unkown
page execute and write copy
BD4000
unkown
page execute and read and write
3C9F000
stack
page read and write
332000
unkown
page execute and read and write
33B000
unkown
page execute and read and write
3CDE000
stack
page read and write
17C5000
heap
page read and write
4631000
heap
page read and write
379E000
stack
page read and write
452E000
stack
page read and write
5850000
direct allocation
page execute and read and write
3D9F000
stack
page read and write
1DCB8000
heap
page read and write
61ED3000
direct allocation
page read and write
3570000
direct allocation
page read and write
369E000
stack
page read and write
9DD000
stack
page read and write
5091000
heap
page read and write
51E0000
heap
page read and write
23E50000
trusted library allocation
page read and write
3570000
direct allocation
page read and write
B84000
heap
page read and write
4C6000
unkown
page execute and read and write
33B000
unkown
page execute and read and write
4CE0000
direct allocation
page execute and read and write
5F0000
unkown
page execute and write copy
1DCB5000
heap
page read and write
1750000
heap
page read and write
40CE000
stack
page read and write
5091000
heap
page read and write
389F000
stack
page read and write
1DCB4000
heap
page read and write
19BC000
heap
page read and write
2D0000
unkown
page read and write
2AB6C000
stack
page read and write
42DE000
stack
page read and write
17C5000
heap
page read and write
5091000
heap
page read and write
2D1000
unkown
page execute and write copy
CB7000
unkown
page execute and read and write
23E92000
heap
page read and write
1DC9D000
heap
page read and write
1DCD0000
heap
page read and write
4631000
heap
page read and write
58C4000
heap
page read and write
2ACB1000
heap
page read and write
2970000
direct allocation
page read and write
5091000
heap
page read and write
56FF000
stack
page read and write
2C2E000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
49DF000
stack
page read and write
23EF1000
heap
page read and write
4631000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
5080000
direct allocation
page read and write
5091000
heap
page read and write
4AB0000
direct allocation
page read and write
A10000
direct allocation
page read and write
24DE000
stack
page read and write
5D7000
unkown
page execute and read and write
17C4000
heap
page read and write
48DE000
stack
page read and write
330E000
stack
page read and write
304F000
stack
page read and write
4B9E000
stack
page read and write
2570000
direct allocation
page read and write
4A80000
direct allocation
page execute and read and write
5D7000
unkown
page execute and read and write
3F1E000
stack
page read and write
1DCC5000
heap
page read and write
3F8E000
stack
page read and write
269F000
stack
page read and write
1D99C000
stack
page read and write
3C5F000
stack
page read and write
33C0000
heap
page read and write
4CC0000
direct allocation
page execute and read and write
17C4000
heap
page read and write
5556000
direct allocation
page read and write
3B5E000
stack
page read and write
1D74E000
stack
page read and write
5091000
heap
page read and write
34AF000
stack
page read and write
4631000
heap
page read and write
2800000
direct allocation
page read and write
37DE000
stack
page read and write
1DC9B000
heap
page read and write
339000
unkown
page write copy
3B2E000
stack
page read and write
1DCBD000
heap
page read and write
409E000
stack
page read and write
274000
heap
page read and write
41CF000
stack
page read and write
5091000
heap
page read and write
3D0E000
stack
page read and write
1641000
heap
page read and write
5091000
heap
page read and write
199C000
heap
page read and write
17C4000
heap
page read and write
46D0000
heap
page read and write
5F0000
unkown
page execute and write copy
23E96000
heap
page read and write
17C4000
heap
page read and write
23D13000
heap
page read and write
274000
heap
page read and write
949C000
stack
page read and write
42DF000
stack
page read and write
1DC9B000
heap
page read and write
4C10000
direct allocation
page execute and read and write
319E000
stack
page read and write
23EAE000
heap
page read and write
6BB0000
heap
page read and write
1DCB1000
heap
page read and write
19C5000
heap
page read and write
6BB5000
heap
page read and write
2970000
direct allocation
page read and write
33DB000
heap
page read and write
5091000
heap
page read and write
401F000
stack
page read and write
17C4000
heap
page read and write
4C00000
direct allocation
page execute and read and write
4A00000
direct allocation
page execute and read and write
1DCC2000
heap
page read and write
434E000
stack
page read and write
5EF000
unkown
page execute and write copy
167B000
heap
page read and write
4CF0000
direct allocation
page execute and read and write
372F000
stack
page read and write
491E000
stack
page read and write
17C4000
heap
page read and write
B87000
unkown
page execute and read and write
2800000
direct allocation
page read and write
36CE000
stack
page read and write
18DE000
stack
page read and write
46CF000
stack
page read and write
2AEE000
stack
page read and write
17C4000
heap
page read and write
459E000
stack
page read and write
405E000
stack
page read and write
444F000
stack
page read and write
5091000
heap
page read and write
1044000
unkown
page execute and write copy
2970000
direct allocation
page read and write
1DCD0000
heap
page read and write
47DE000
stack
page read and write
51DF000
stack
page read and write
412F000
stack
page read and write
386F000
stack
page read and write
2F1E000
stack
page read and write
405F000
stack
page read and write
5091000
heap
page read and write
4631000
heap
page read and write
C05000
unkown
page execute and read and write
4C50000
direct allocation
page execute and read and write
3A1F000
stack
page read and write
DB4000
heap
page read and write
4C6000
unkown
page execute and read and write
2570000
direct allocation
page read and write
4BC1000
direct allocation
page read and write
C8E000
heap
page read and write
1DCB5000
heap
page read and write
1DCBC000
heap
page read and write
359E000
heap
page read and write
5091000
heap
page read and write
17C4000
heap
page read and write
1DCC5000
heap
page read and write
B84000
heap
page read and write
4CE0000
direct allocation
page execute and read and write
4631000
heap
page read and write
4421000
heap
page read and write
17C4000
heap
page read and write
579F000
stack
page read and write
4631000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
BA0000
heap
page read and write
509E000
stack
page read and write
17C4000
heap
page read and write
CFF000
stack
page read and write
17C4000
heap
page read and write
1DCB5000
heap
page read and write
1076000
unkown
page execute and read and write
3570000
direct allocation
page read and write
BD0000
heap
page read and write
2F0F000
stack
page read and write
4A90000
direct allocation
page execute and read and write
17C4000
heap
page read and write
1DCCB000
heap
page read and write
1DCD0000
heap
page read and write
B84000
heap
page read and write
57E0000
direct allocation
page execute and read and write
17C0000
heap
page read and write
441E000
stack
page read and write
2800000
direct allocation
page read and write
3570000
direct allocation
page read and write
197E000
heap
page read and write
2970000
direct allocation
page read and write
17C4000
heap
page read and write
6C77F000
unkown
page write copy
17C4000
heap
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
5091000
heap
page read and write
5800000
direct allocation
page execute and read and write
1DCAC000
heap
page read and write
3F5E000
stack
page read and write
27F0000
heap
page read and write
4C30000
direct allocation
page execute and read and write
17C4000
heap
page read and write
1DC99000
heap
page read and write
17C5000
heap
page read and write
3B1F000
stack
page read and write
327E000
stack
page read and write
5091000
heap
page read and write
4631000
heap
page read and write
3E1E000
stack
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
1DCB1000
heap
page read and write
2970000
direct allocation
page read and write
790000
unkown
page execute and read and write
46D1000
heap
page read and write
336F000
stack
page read and write
4631000
heap
page read and write
376E000
stack
page read and write
4A5F000
stack
page read and write
405F000
stack
page read and write
4631000
heap
page read and write
5091000
heap
page read and write
5080000
direct allocation
page read and write
4520000
trusted library allocation
page read and write
51E1000
heap
page read and write
1DC99000
heap
page read and write
339000
unkown
page write copy
4631000
heap
page read and write
1DC91000
heap
page read and write
5091000
heap
page read and write
1005000
unkown
page execute and read and write
4C80000
direct allocation
page execute and read and write
5091000
heap
page read and write
1900000
heap
page read and write
4631000
heap
page read and write
5091000
heap
page read and write
17C4000
heap
page read and write
4A00000
direct allocation
page execute and read and write
17C4000
heap
page read and write
B84000
heap
page read and write
2A0000
heap
page read and write
56C1000
direct allocation
page read and write
344E000
stack
page read and write
4C30000
direct allocation
page execute and read and write
441F000
stack
page read and write
56D0000
direct allocation
page execute and read and write
5080000
direct allocation
page read and write
A10000
direct allocation
page read and write
339000
unkown
page write copy
1DCD0000
heap
page read and write
38DE000
stack
page read and write
4631000
heap
page read and write
1DCB5000
heap
page read and write
19C5000
heap
page read and write
1DCA3000
heap
page read and write
17C4000
heap
page read and write
5091000
heap
page read and write
EEB000
unkown
page execute and read and write
17C4000
heap
page read and write
2D2F000
stack
page read and write
2D1000
unkown
page execute and write copy
33D0000
heap
page read and write
17C5000
heap
page read and write
1DCC2000
heap
page read and write
6C785000
unkown
page readonly
5091000
heap
page read and write
1DCD0000
heap
page read and write
326E000
stack
page read and write
351E000
stack
page read and write
368F000
stack
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
274000
heap
page read and write
190A000
heap
page read and write
1187000
unkown
page execute and read and write
5520000
direct allocation
page read and write
351F000
stack
page read and write
B80000
heap
page read and write
C28000
heap
page read and write
3D6F000
stack
page read and write
1DCB5000
heap
page read and write
337F000
stack
page read and write
B84000
heap
page read and write
33BC000
stack
page read and write
5520000
direct allocation
page read and write
274000
heap
page read and write
4631000
heap
page read and write
4631000
heap
page read and write
B84000
heap
page read and write
2970000
direct allocation
page read and write
5A9000
unkown
page execute and read and write
4DDF000
stack
page read and write
23E50000
heap
page read and write
1627000
heap
page read and write
3DDF000
stack
page read and write
2AAF000
stack
page read and write
4420000
heap
page read and write
3E4E000
stack
page read and write
1DB7D000
stack
page read and write
4C30000
direct allocation
page execute and read and write
17C4000
heap
page read and write
1DCB4000
heap
page read and write
1DCA2000
heap
page read and write
6C73F000
unkown
page readonly
4631000
heap
page read and write
17C4000
heap
page read and write
2D9F000
stack
page read and write
4631000
heap
page read and write
465F000
stack
page read and write
17C4000
heap
page read and write
17C4000
heap
page read and write
2D0000
unkown
page readonly
3570000
direct allocation
page read and write
2BEF000
stack
page read and write
4D30000
direct allocation
page execute and read and write
B84000
heap
page read and write
7FD0000
heap
page read and write
4631000
heap
page read and write
B84000
heap
page read and write
5690000
direct allocation
page execute and read and write
4D40000
direct allocation
page execute and read and write
5091000
heap
page read and write
17C4000
heap
page read and write
There are 1257 hidden memdumps, click here to show them.