IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008198001\f3f60a7f50.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008203001\d6d730409e.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsIJEGDBGDBF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFBFHDBK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\DAECFIJD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\DAECFIJDAAAKECBFCGHI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\ECAKKKKJDBKKFIEBKEHD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\FHIIEHJKKECGCBFIIJDAKFHJKJ
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\HDAKJDHIEBFIIDGDGDBA
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\IDGDAAKFHIEHIECAFBAAEBKFBA
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\04c2bd82-0186-45d2-aef6-f91732404309.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\06a0b901-0d07-4b62-920c-4081eab12cab.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\25a4a503-02b4-4c86-9ac4-3e98e52c1dc2.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6f23463d-41b1-4bfd-acb4-ce4ca8424c20.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7b82212e-74c4-42c9-b6cc-e4a205c29e2a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8cb16e79-b9d6-492d-93d8-fb9441f22ff6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\5c489df8-e4f1-42d9-88fa-f6e390d7aa6a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67408A8D-162C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0ae941cd-b903-40b6-bd49-3015cc378033.tmp
Unicode text, UTF-8 text, with very long lines (17591), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\140bfc88-bd6d-4573-aac6-c011a6ec5e10.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1cb64004-7277-4a26-895d-59e35c599801.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\20a97ce4-5b42-4171-91df-ab504e3524eb.tmp
Unicode text, UTF-8 text, with very long lines (17591), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\293f8228-c09a-473e-b764-3d97a70cb527.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2b260abd-291c-4bc3-912c-112ce84c9eae.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\553d0f4c-b5e5-477f-86a9-f90ba56944c7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5c022332-5098-4165-881b-41b0756d4c95.tmp
Unicode text, UTF-8 text, with very long lines (16648), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7e8fd37f-d08e-4753-baa2-95c0ea94aa08.tmp
Unicode text, UTF-8 text, with very long lines (17426), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\130300aa-4953-4d04-a82e-890fe5de8760.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\49ad6695-e75d-4c23-bf1e-f7d456fd8d73.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4bea4d2b-7b69-4207-8d8c-bcc4d2c30d9d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4ea4d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3d95a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ee68.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bf7290cd-1c5f-4508-81ed-01181841ed8e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d23d4950-7d11-44de-bdcd-d018efaebf58.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f978d96e-ad51-43cf-a0dd-e3b2c5edeea1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF423e0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44c67.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF47f2f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4d8a9.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF41569.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF46221.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF46fcd.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376756624663017
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2b7d8c4e-ab7b-4797-899a-4054fb5dacfe.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4e307321-9b2d-42cd-a714-8789da4b48e5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7e18c17c-f0d6-44d5-acec-9230fff75b3d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3ee68.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ed11e8f6-e817-41e7-a5fc-a2d5bb81e9cb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e41ddfc0-b344-4964-967c-400f6f4520fe.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\edfaaec6-bb45-457c-b634-512fc7ddc3af.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c39f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c3af.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c777.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ee59.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43d34.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4d87a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF53679.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bc578dc7-6ec4-4feb-ba2b-766b3ac56c6c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e56eda3f-71ab-4e7a-9101-e12e316ca3f8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\00ee9ca1-edd9-4803-809f-870476d8fc49.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\12ea3d54-05a9-4c00-b05a-1b3e351d378c.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\6024b71c-0bf8-4bbc-b850-61b5a221c585.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\8efcb272-60e8-4997-ab0e-4d608bfea94b.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\ab6c55b3-560e-4ca1-930b-665e7ad00b42.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\cdb23370-83d8-438c-9074-a605a1f8f992.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\e7e698c7-aa91-4b71-b1f7-a35195596bfb.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_1043462006\00ee9ca1-edd9-4803-809f-870476d8fc49.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_1043462006\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_1043462006\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_1043462006\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_1043462006\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\8efcb272-60e8-4997-ab0e-4d608bfea94b.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5676_175156040\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 306
ASCII text, with very long lines (3254)
downloaded
Chrome Cache Entry: 307
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 308
ASCII text
downloaded
Chrome Cache Entry: 309
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 310
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 311
SVG Scalable Vector Graphics image
downloaded
There are 284 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2160,i,13596938817302941313,5679864875784056474,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=2292,i,12221188568326329840,15947637541635957062,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2560,i,9450311379047027983,9690926915239473463,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6448 --field-trial-handle=2560,i,9450311379047027983,9690926915239473463,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6396 --field-trial-handle=2560,i,9450311379047027983,9690926915239473463,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7132 --field-trial-handle=2560,i,9450311379047027983,9690926915239473463,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7132 --field-trial-handle=2560,i,9450311379047027983,9690926915239473463,262144 /prefetch:8
malicious
C:\Users\user\DocumentsIJEGDBGDBF.exe
"C:\Users\user\DocumentsIJEGDBGDBF.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6856 --field-trial-handle=2560,i,9450311379047027983,9690926915239473463,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1008198001\f3f60a7f50.exe
"C:\Users\user\AppData\Local\Temp\1008198001\f3f60a7f50.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsIJEGDBGDBF.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
http://185.215.113.16/luma/random.exe2g
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
http://31.41.244.11/files/random.exeurlencodedy
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://docs.google.com/
unknown
https://sb.scorecardresearch.com/b2?rn=1732283037067&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0AFE249FEBCF639338DA31A0EAE662C3&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.164.116.57
https://curl.se/docs/hsts.html
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
http://185.215.113.16/luma/random.exe-3693405117-Ke
unknown
https://drive.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.100
http://185.215.113.206/68b591d6548ec281/mozglue.dllA
unknown
https://unitedstates4.ss.wd.microsoft.us/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dlle
unknown
http://185.215.113.16/luma/random.exeS
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://curl.se/docs/alt-svc.html
unknown
http://185.215.113.16/fac00b58987e8e7e7b9ca30804042ba5ce90241
unknown
https://ace-snapper-privately.ngrok-free.app/test/testFailed
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
http://185.215.113.16/luma/random.exeF
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://sb.scorecardresearch.com/b?rn=1732283037067&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0AFE249FEBCF639338DA31A0EAE662C3&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.164.116.57
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732283046679&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.7
https://chromewebstore.google.com/
unknown
http://185.215.113.16/luma/random.exe2
unknown
http://185.215.113.16/luma/random.exe0
unknown
https://drive-preprod.corp.google.com/
unknown
https://msn.comXIDv10
unknown
http://185.215.113.16/1
unknown
http://31.41.244.11/files/random.exe
unknown
https://chrome.google.com/webstore/
unknown
http://185.215.113.206/c4becf79229cb002.phpN
unknown
http://185.215.113.16/mine/random.exex
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
34.116.198.130
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347U
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
http://html4/loose.dtd
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpZ
unknown
http://185.215.113.43/Zu7JuNko/index.phpY
unknown
https://c.msn.com/c.gif?rnd=1732283037066&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e86e0d66dc7146a5907dace5bc002599&activityId=e86e0d66dc7146a5907dace5bc002599&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.110.205.119
http://185.215.113.16/luma/random.exex
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
http://185.215.113.206/c4becf79229cb002.phpf
unknown
http://185.215.113.16/luma/random.exe008203001
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
http://185.215.113.206/68b591d6548ec281/msvcp140.dll3
unknown
http://185.215.113.16/mine/random.exeT
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
http://.css
unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
http://185.215.113.16/luma/random.exe
unknown
https://ntp.msn.com
unknown
http://185.215.113.43/Zu7JuNko/index.phpO
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732283037064&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.7
https://drive-staging.corp.google.com/
unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347libgcc_s_dw2-1.dll__register_frame_info__der
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.16/luma/random.exec61395d7f
unknown
http://185.215.113.206/c4becf79229cb002.phpplorerFPS_BROWSERM
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
http://185.215.113.16/luma/random.exeo
unknown
http://185.215.113.16/luma/random.exen
unknown
https://apis.google.com
unknown
https://ntp.msn.com/
unknown
http://.jpg
unknown
http://www.sqlite.org/copyright.html.
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
unknown
https://ntp.msn.com/ntp.msn.com_default
unknown
http://31.41.244.11/files/random.exe506238476
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://curl.se/docs/http-cookies.html
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll
185.215.113.206
https://drive-autopush.corp.google.com/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
162.159.61.3
home.fvtekk5pn.top
34.116.198.130
plus.l.google.com
172.217.17.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.106
www.google.com
142.250.181.100
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
172.217.19.225
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.40
unknown
United States
18.165.220.106
sb.scorecardresearch.com
United States
20.189.173.7
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
20.110.205.119
unknown
United States
23.44.203.89
unknown
United States
172.217.17.78
plus.l.google.com
United States
23.200.88.22
unknown
United States
185.215.113.16
unknown
Portugal
239.255.255.250
unknown
Reserved
23.44.203.91
unknown
United States
127.0.0.1
unknown
unknown
152.195.19.97
unknown
United States
18.164.116.57
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
unknown
United States
31.41.244.11
unknown
Russian Federation
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
104.117.182.73
unknown
United States
142.250.181.100
www.google.com
United States
34.116.198.130
home.fvtekk5pn.top
United States
23.101.168.44
unknown
United States
23.44.203.77
unknown
United States
There are 17 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197720
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197720
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197720
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197720
WindowTabManagerFileMappingId
There are 145 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
171E000
heap
page read and write
 malicious
5250000
direct allocation
page read and write
 malicious
4CB0000
direct allocation
page read and write
 malicious
841000
unkown
page execute and read and write
 malicious
4B20000
direct allocation
page read and write
 malicious
351000
unkown
page execute and read and write
 malicious
841000
unkown
page execute and read and write
 malicious
9B1000
unkown
page execute and read and write
 malicious
4BE0000
direct allocation
page read and write
 malicious
3FDF000
stack
page read and write
6921000
heap
page read and write
4FCF000
stack
page read and write
551E000
stack
page read and write
BF4000
heap
page read and write
61ECD000
direct allocation
page readonly
2A1C000
stack
page read and write
8A9000
unkown
page write copy
108B000
heap
page read and write
1D8A5000
heap
page read and write
7040000
direct allocation
page execute and read and write
3B7F000
stack
page read and write
830000
heap
page read and write
4C90000
direct allocation
page execute and read and write
10A8000
heap
page read and write
1D8B2000
heap
page read and write
4DB1000
heap
page read and write
330000
unkown
page read and write
840000
unkown
page readonly
E8F000
heap
page read and write
4CC0000
direct allocation
page execute and read and write
1D8C0000
heap
page read and write
4DB1000
heap
page read and write
FE0000
direct allocation
page read and write
4DB1000
heap
page read and write
4C1C000
stack
page read and write
BF4000
heap
page read and write
573E000
stack
page read and write
28E0000
direct allocation
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
4761000
heap
page read and write
6921000
heap
page read and write
28A0000
direct allocation
page read and write
3EAF000
stack
page read and write
4761000
heap
page read and write
7040000
direct allocation
page execute and read and write
1D8A2000
heap
page read and write
595F000
stack
page read and write
6921000
heap
page read and write
6921000
heap
page read and write
5C7000
heap
page read and write
E5E000
stack
page read and write
1000000
direct allocation
page execute and read and write
61BE000
stack
page read and write
5C6000
heap
page read and write
3FEF000
stack
page read and write
443F000
stack
page read and write
1D89C000
heap
page read and write
4EBB000
stack
page read and write
E90000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
6921000
heap
page read and write
DCD000
unkown
page execute and read and write
53E0000
direct allocation
page execute and read and write
1D19F000
stack
page read and write
426F000
stack
page read and write
4DB1000
heap
page read and write
2B1F000
stack
page read and write
47A0000
trusted library allocation
page read and write
E8C000
unkown
page execute and read and write
371F000
stack
page read and write
BF4000
heap
page read and write
1D88B000
heap
page read and write
49DE000
stack
page read and write
F88000
unkown
page execute and read and write
4B81000
direct allocation
page read and write
1036000
unkown
page execute and write copy
46A1000
heap
page read and write
1132000
stack
page read and write
3DAE000
stack
page read and write
4761000
heap
page read and write
15A4000
heap
page read and write
1D889000
heap
page read and write
BF4000
heap
page read and write
74CB000
direct allocation
page read and write
8A2000
unkown
page execute and read and write
4761000
heap
page read and write
1D8B2000
heap
page read and write
307E000
stack
page read and write
BF4000
heap
page read and write
D4E000
stack
page read and write
4821000
heap
page read and write
5286000
direct allocation
page read and write
171A000
heap
page read and write
1D80C000
stack
page read and write
BF4000
heap
page read and write
A41000
unkown
page execute and read and write
5B70000
heap
page read and write
11F0000
direct allocation
page read and write
BF4000
heap
page read and write
2F3E000
stack
page read and write
BF4000
heap
page read and write
4ECC000
stack
page read and write
670B000
heap
page read and write
49EF000
stack
page read and write
362E000
stack
page read and write
A28000
unkown
page execute and read and write
E94000
heap
page read and write
289E000
stack
page read and write
10FF000
stack
page read and write
23A3D000
stack
page read and write
16CE000
stack
page read and write
CE5000
unkown
page execute and write copy
1D8A5000
heap
page read and write
A28000
unkown
page execute and read and write
BF4000
heap
page read and write
5F70000
heap
page read and write
4B2F000
stack
page read and write
E70000
direct allocation
page read and write
23D64000
heap
page read and write
6921000
heap
page read and write
4DB1000
heap
page read and write
BF4000
heap
page read and write
617000
unkown
page execute and read and write
BF4000
heap
page read and write
6921000
heap
page read and write
1D8B2000
heap
page read and write
BF4000
heap
page read and write
15A4000
heap
page read and write
46FE000
stack
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
15A4000
heap
page read and write
2B7E000
stack
page read and write
4DB1000
heap
page read and write
301F000
stack
page read and write
DCE000
unkown
page execute and write copy
4DB1000
heap
page read and write
4DB1000
heap
page read and write
505F000
stack
page read and write
BF4000
heap
page read and write
3480000
direct allocation
page read and write
11F0000
direct allocation
page read and write
3F5E000
stack
page read and write
4DB1000
heap
page read and write
CDF000
unkown
page execute and read and write
BF4000
heap
page read and write
4761000
heap
page read and write
32DE000
stack
page read and write
4761000
heap
page read and write
528C000
stack
page read and write
11F0000
direct allocation
page read and write
BF0000
heap
page read and write
6921000
heap
page read and write
45BE000
stack
page read and write
BF4000
heap
page read and write
E8F000
heap
page read and write
5DDF000
stack
page read and write
28A0000
direct allocation
page read and write
452E000
stack
page read and write
4DB1000
heap
page read and write
375E000
stack
page read and write
BF4000
heap
page read and write
39AF000
stack
page read and write
23B18000
heap
page read and write
46A1000
heap
page read and write
33AF000
stack
page read and write
BF4000
heap
page read and write
E87000
heap
page read and write
1D8A5000
heap
page read and write
881C000
stack
page read and write
28E0000
direct allocation
page read and write
BF4000
heap
page read and write
3D9E000
stack
page read and write
4761000
heap
page read and write
70E0000
direct allocation
page execute and read and write
4BDF000
stack
page read and write
1D8B9000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
337C000
stack
page read and write
38DF000
stack
page read and write
7110000
direct allocation
page execute and read and write
53D0000
direct allocation
page execute and read and write
599E000
stack
page read and write
C00000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
415E000
stack
page read and write
538000
unkown
page execute and read and write
BF4000
heap
page read and write
23D5C000
heap
page read and write
4DB1000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
16A2000
heap
page read and write
1D8A5000
heap
page read and write
2B00000
direct allocation
page execute and read and write
4761000
heap
page read and write
6921000
heap
page read and write
2C1F000
stack
page read and write
BF4000
heap
page read and write
33BE000
stack
page read and write
1D89D000
heap
page read and write
32FE000
stack
page read and write
4DB1000
heap
page read and write
47AE000
stack
page read and write
DCD000
unkown
page execute and write copy
E7F000
heap
page read and write
E7F000
heap
page read and write
4EB0000
trusted library allocation
page read and write
372F000
stack
page read and write
BF5000
heap
page read and write
E94000
heap
page read and write
4761000
heap
page read and write
6C9F1000
unkown
page execute read
1D89D000
heap
page read and write
2A9D0000
heap
page read and write
4CEE000
stack
page read and write
3F7E000
stack
page read and write
3D5F000
stack
page read and write
4D40000
direct allocation
page execute and read and write
A34000
unkown
page execute and read and write
4E70000
direct allocation
page execute and read and write
F9F000
stack
page read and write
BF4000
heap
page read and write
2393D000
stack
page read and write
BF4000
heap
page read and write
E1E000
heap
page read and write
6921000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
4761000
heap
page read and write
1D88B000
heap
page read and write
BF4000
heap
page read and write
4E50000
direct allocation
page execute and read and write
2D9F000
stack
page read and write
BF4000
heap
page read and write
15FE000
stack
page read and write
2C7F000
stack
page read and write
4E10000
direct allocation
page execute and read and write
157C000
stack
page read and write
1D8A1000
heap
page read and write
3B2000
unkown
page execute and read and write
E94000
heap
page read and write
704E000
stack
page read and write
3480000
direct allocation
page read and write
43ED000
stack
page read and write
23A81000
heap
page read and write
E94000
heap
page read and write
4D60000
direct allocation
page execute and read and write
605E000
stack
page read and write
617F000
stack
page read and write
4DB1000
heap
page read and write
BF4000
heap
page read and write
28A0000
direct allocation
page read and write
6921000
heap
page read and write
3E9F000
stack
page read and write
3A7E000
stack
page read and write
153E000
heap
page read and write
1D8A5000
heap
page read and write
4DB1000
heap
page read and write
1D70D000
stack
page read and write
4CF0000
direct allocation
page execute and read and write
53C0000
direct allocation
page execute and read and write
E94000
heap
page read and write
BF4000
heap
page read and write
980000
heap
page read and write
BF4000
heap
page read and write
4C60000
direct allocation
page execute and read and write
BF4000
heap
page read and write
E70000
direct allocation
page read and write
53D0000
direct allocation
page execute and read and write
E94000
heap
page read and write
BF5000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
303F000
stack
page read and write
E70000
direct allocation
page read and write
3B1E000
stack
page read and write
3F3E000
stack
page read and write
4761000
heap
page read and write
4DB1000
heap
page read and write
5BDE000
stack
page read and write
4DB1000
heap
page read and write
7040000
direct allocation
page execute and read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
9B1000
unkown
page execute and write copy
2B00000
direct allocation
page execute and read and write
B3C000
unkown
page execute and read and write
125C000
stack
page read and write
BF4000
heap
page read and write
4E20000
direct allocation
page execute and read and write
36BE000
stack
page read and write
BF4000
heap
page read and write
28D7000
heap
page read and write
4DB1000
heap
page read and write
4CE0000
direct allocation
page execute and read and write
425F000
stack
page read and write
BF4000
heap
page read and write
61EB7000
direct allocation
page readonly
3DDE000
stack
page read and write
BF4000
heap
page read and write
6921000
heap
page read and write
ECA000
heap
page read and write
416E000
stack
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
4DB1000
heap
page read and write
4DB1000
heap
page read and write
BF5000
heap
page read and write
E94000
heap
page read and write
840000
unkown
page read and write
BF4000
heap
page read and write
6921000
heap
page read and write
FF0000
direct allocation
page execute and read and write
5D0000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
411F000
stack
page read and write
6D70000
heap
page read and write
3E3D000
stack
page read and write
1585000
heap
page read and write
E94000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
6921000
heap
page read and write
457F000
stack
page read and write
1D8B2000
heap
page read and write
28A0000
direct allocation
page read and write
BF4000
heap
page read and write
1D899000
heap
page read and write
350000
unkown
page read and write
4CB0000
direct allocation
page read and write
23A40000
trusted library allocation
page read and write
28F7000
heap
page read and write
E70000
direct allocation
page read and write
2C5F000
stack
page read and write
3497000
heap
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
4DB0000
heap
page read and write
61E01000
direct allocation
page execute read
D7F000
unkown
page execute and read and write
11F0000
direct allocation
page read and write
BCE000
unkown
page execute and read and write
500F000
stack
page read and write
28E0000
direct allocation
page read and write
15A0000
heap
page read and write
61ED3000
direct allocation
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
28DE000
stack
page read and write
6921000
heap
page read and write
4E84000
heap
page read and write
CE0000
heap
page read and write
30DF000
stack
page read and write
BF4000
heap
page read and write
53B0000
direct allocation
page execute and read and write
4DB1000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
476F000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
BF5000
heap
page read and write
BF4000
heap
page read and write
315F000
stack
page read and write
3480000
direct allocation
page read and write
514F000
stack
page read and write
1D8B2000
heap
page read and write
29DF000
stack
page read and write
4DB1000
heap
page read and write
2AF0000
direct allocation
page execute and read and write
7040000
direct allocation
page execute and read and write
1D89C000
heap
page read and write
629E000
stack
page read and write
BF4000
heap
page read and write
E70000
direct allocation
page read and write
BF4000
heap
page read and write
319E000
stack
page read and write
E94000
heap
page read and write
5C0000
heap
page read and write
4DB1000
heap
page read and write
61EB4000
direct allocation
page read and write
6921000
heap
page read and write
E94000
heap
page read and write
4E30000
direct allocation
page execute and read and write
BF4000
heap
page read and write
6C9DE000
unkown
page read and write
3480000
direct allocation
page read and write
4C80000
direct allocation
page execute and read and write
4E13000
heap
page read and write
7040000
direct allocation
page execute and read and write
1D89F000
heap
page read and write
6921000
heap
page read and write
BF4000
heap
page read and write
459E000
stack
page read and write
4761000
heap
page read and write
5E1E000
stack
page read and write
528F000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
B07000
unkown
page execute and read and write
1D8A5000
heap
page read and write
379F000
stack
page read and write
2F1E000
stack
page read and write
7040000
direct allocation
page execute and read and write
4C90000
direct allocation
page execute and read and write
CE3000
unkown
page execute and read and write
BF5000
heap
page read and write
2AEE000
stack
page read and write
1510000
heap
page read and write
3480000
direct allocation
page read and write
BF4000
heap
page read and write
402E000
stack
page read and write
841000
unkown
page execute and write copy
BF4000
heap
page read and write
BF4000
heap
page read and write
469F000
stack
page read and write
3DFF000
stack
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
E70000
direct allocation
page read and write
BF4000
heap
page read and write
7020000
direct allocation
page execute and read and write
7040000
direct allocation
page execute and read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
BF5000
heap
page read and write
14A0000
heap
page read and write
4C41000
direct allocation
page read and write
4DB1000
heap
page read and write
5B1C000
stack
page read and write
4DB1000
heap
page read and write
3EEE000
stack
page read and write
895E000
stack
page read and write
5C7000
heap
page read and write
28D0000
heap
page read and write
28E0000
direct allocation
page read and write
4761000
heap
page read and write
3A1F000
stack
page read and write
1D8B2000
heap
page read and write
840000
unkown
page read and write
1D870000
heap
page read and write
2B00000
direct allocation
page execute and read and write
ECE000
heap
page read and write
28A0000
direct allocation
page read and write
BF4000
heap
page read and write
1D89E000
heap
page read and write
7040000
direct allocation
page execute and read and write
4DD0000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
15A4000
heap
page read and write
BF4000
heap
page read and write
2D5E000
stack
page read and write
E94000
heap
page read and write
6921000
heap
page read and write
4DB1000
heap
page read and write
7340000
heap
page read and write
4DB1000
heap
page read and write
431E000
stack
page read and write
BF4000
heap
page read and write
44EE000
stack
page read and write
4DB1000
heap
page read and write
120F000
stack
page read and write
365F000
stack
page read and write
671E000
stack
page read and write
3B9E000
stack
page read and write
5400000
direct allocation
page execute and read and write
305E000
stack
page read and write
BF5000
heap
page read and write
47FF000
stack
page read and write
28A0000
direct allocation
page read and write
75D000
stack
page read and write
1D89F000
heap
page read and write
441F000
stack
page read and write
407F000
stack
page read and write
15A4000
heap
page read and write
11F0000
direct allocation
page read and write
4D1F000
stack
page read and write
1D8C0000
heap
page read and write
BF4000
heap
page read and write
53F0000
direct allocation
page execute and read and write
BFA000
unkown
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
E94000
heap
page read and write
BF4000
heap
page read and write
439F000
stack
page read and write
4EA0000
direct allocation
page execute and read and write
6921000
heap
page read and write
E62000
heap
page read and write
15A4000
heap
page read and write
2DBF000
stack
page read and write
A65000
unkown
page execute and read and write
E70000
direct allocation
page read and write
7372000
direct allocation
page read and write
E94000
heap
page read and write
28A0000
direct allocation
page read and write
331000
unkown
page execute and write copy
BF4000
heap
page read and write
B07000
unkown
page execute and read and write
E94000
heap
page read and write
28C0000
direct allocation
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
431E000
stack
page read and write
1D8A2000
heap
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
3EDE000
stack
page read and write
4821000
heap
page read and write
E94000
heap
page read and write
BF4000
heap
page read and write
70C0000
direct allocation
page execute and read and write
6CB8F000
unkown
page readonly
4DB1000
heap
page read and write
BF5000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
B17000
unkown
page execute and read and write
567E000
stack
page read and write
B4B000
unkown
page execute and write copy
1D882000
heap
page read and write
4EB0000
direct allocation
page execute and read and write
583E000
stack
page read and write
6DC0000
direct allocation
page read and write
5C7000
heap
page read and write
BF4000
heap
page read and write
7040000
direct allocation
page execute and read and write
2A9D1000
heap
page read and write
1095000
heap
page read and write
3D6F000
stack
page read and write
6921000
heap
page read and write
401E000
stack
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
BF4000
heap
page read and write
1D89A000
heap
page read and write
1D8C0000
heap
page read and write
1D8B2000
heap
page read and write
E6F000
heap
page read and write
4DB1000
heap
page read and write
4761000
heap
page read and write
5240000
direct allocation
page read and write
106E000
heap
page read and write
11BD000
stack
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
4920000
trusted library allocation
page read and write
66BC000
stack
page read and write
23D64000
heap
page read and write
BF4000
heap
page read and write
7040000
direct allocation
page execute and read and write
361E000
stack
page read and write
391E000
stack
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
4DB1000
heap
page read and write
34AF000
stack
page read and write
4DB1000
heap
page read and write
3480000
direct allocation
page read and write
23A60000
heap
page read and write
31BE000
stack
page read and write
E94000
heap
page read and write
4DB1000
heap
page read and write
E70000
direct allocation
page read and write
7040000
direct allocation
page execute and read and write
3AEF000
stack
page read and write
1055000
heap
page read and write
1D872000
heap
page read and write
6921000
heap
page read and write
BF4000
heap
page read and write
38FF000
stack
page read and write
1D89C000
heap
page read and write
BF4000
heap
page read and write
3C9F000
stack
page read and write
412F000
stack
page read and write
BF4000
heap
page read and write
15A4000
heap
page read and write
341E000
stack
page read and write
1537000
heap
page read and write
409E000
stack
page read and write
2B1D000
heap
page read and write
376E000
stack
page read and write
BF4000
heap
page read and write
9B0000
unkown
page read and write
BF4000
heap
page read and write
6921000
heap
page read and write
4770000
heap
page read and write
E5E000
heap
page read and write
DCE000
heap
page read and write
33FE000
stack
page read and write
575E000
stack
page read and write
37FE000
stack
page read and write
1D41E000
stack
page read and write
28A0000
direct allocation
page read and write
E94000
heap
page read and write
8AB000
unkown
page execute and read and write
351F000
stack
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
3B9000
unkown
page write copy
B8A000
stack
page read and write
509E000
stack
page read and write
BF4000
heap
page read and write
6C9E2000
unkown
page readonly
70D0000
direct allocation
page execute and read and write
4761000
heap
page read and write
1D48E000
stack
page read and write
6921000
heap
page read and write
B34000
unkown
page execute and read and write
4761000
heap
page read and write
BF5000
heap
page read and write
BF4000
heap
page read and write
28E0000
direct allocation
page read and write
4761000
heap
page read and write
840000
unkown
page readonly
113B000
stack
page read and write
4DB1000
heap
page read and write
7040000
direct allocation
page execute and read and write
2AAF000
stack
page read and write
2A9CC000
stack
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
4DB1000
heap
page read and write
28A0000
direct allocation
page read and write
7050000
direct allocation
page execute and read and write
BF4000
heap
page read and write
15A4000
heap
page read and write
3C9F000
stack
page read and write
BF4000
heap
page read and write
885E000
stack
page read and write
3CFE000
stack
page read and write
350000
unkown
page readonly
389E000
stack
page read and write
BF4000
heap
page read and write
405F000
stack
page read and write
BF4000
heap
page read and write
42DF000
stack
page read and write
E94000
heap
page read and write
BF5000
heap
page read and write
3B2E000
stack
page read and write
386F000
stack
page read and write
1D8BA000
heap
page read and write
1650000
heap
page read and write
3CBF000
stack
page read and write
7350000
heap
page read and write
4DB1000
heap
page read and write
4E30000
direct allocation
page execute and read and write
BE8000
unkown
page execute and read and write
4D30000
direct allocation
page execute and read and write
4C70000
direct allocation
page execute and read and write
DED000
stack
page read and write
BF4000
heap
page read and write
1D6CD000
stack
page read and write
61E00000
direct allocation
page execute and read and write
3480000
direct allocation
page read and write
E94000
heap
page read and write
8A9000
unkown
page write copy
557D000
stack
page read and write
69B0000
trusted library allocation
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
B4A000
unkown
page execute and read and write
65A000
unkown
page execute and write copy
BF4000
heap
page read and write
BF5000
heap
page read and write
15A4000
heap
page read and write
BF5000
heap
page read and write
1763000
heap
page read and write
1035000
unkown
page execute and read and write
BF4000
heap
page read and write
42AE000
stack
page read and write
4761000
heap
page read and write
1D89C000
heap
page read and write
BF4000
heap
page read and write
11F0000
direct allocation
page read and write
462F000
stack
page read and write
15A4000
heap
page read and write
1D8BD000
heap
page read and write
331000
unkown
page execute and read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
23D56000
heap
page read and write
3480000
direct allocation
page read and write
E03000
heap
page read and write
BF4000
heap
page read and write
6921000
heap
page read and write
4ED0000
direct allocation
page execute and read and write
1D8C0000
heap
page read and write
625F000
stack
page read and write
8E3000
unkown
page execute and read and write
15A4000
heap
page read and write
1D897000
heap
page read and write
DB0000
heap
page read and write
E94000
heap
page read and write
23CAE000
stack
page read and write
6D70000
trusted library allocation
page read and write
EA9000
heap
page read and write
4DB1000
heap
page read and write
28E0000
direct allocation
page read and write
BF4000
heap
page read and write
7070000
direct allocation
page execute and read and write
7040000
direct allocation
page execute and read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
EAB000
heap
page read and write
54DF000
stack
page read and write
475F000
stack
page read and write
BF4000
heap
page read and write
2B5E000
stack
page read and write
4821000
heap
page read and write
E81000
heap
page read and write
4B6E000
stack
page read and write
2CBE000
stack
page read and write
BF4000
heap
page read and write
4D30000
direct allocation
page execute and read and write
BF4000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
E94000
heap
page read and write
BF4000
heap
page read and write
11F0000
direct allocation
page read and write
1D89D000
heap
page read and write
351000
unkown
page execute and write copy
4E1F000
stack
page read and write
4E3B000
stack
page read and write
61ED0000
direct allocation
page read and write
317F000
stack
page read and write
BF5000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
731F000
stack
page read and write
6921000
heap
page read and write
1D8C0000
heap
page read and write
BF4000
heap
page read and write
335F000
stack
page read and write
41DE000
stack
page read and write
55C000
stack
page read and write
601F000
stack
page read and write
1D8B1000
heap
page read and write
369F000
stack
page read and write
4DB1000
heap
page read and write
32BF000
stack
page read and write
E94000
heap
page read and write
1D881000
heap
page read and write
6920000
heap
page read and write
101B000
heap
page read and write
6921000
heap
page read and write
E9B000
unkown
page execute and read and write
6921000
heap
page read and write
1D8A5000
heap
page read and write
4761000
heap
page read and write
3480000
direct allocation
page read and write
3480000
direct allocation
page read and write
4D90000
direct allocation
page execute and read and write
62FE000
stack
page read and write
E87000
heap
page read and write
B4A000
unkown
page execute and write copy
4DB1000
heap
page read and write
33FF000
stack
page read and write
2B17000
heap
page read and write
6921000
heap
page read and write
BF5000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
CE5000
unkown
page execute and write copy
BF4000
heap
page read and write
BF4000
heap
page read and write
17CF000
heap
page read and write
E93000
heap
page read and write
1D2DF000
stack
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4BDC000
stack
page read and write
28A0000
direct allocation
page read and write
607E000
stack
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
7040000
direct allocation
page execute and read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
E84000
unkown
page execute and read and write
BF4000
heap
page read and write
7040000
direct allocation
page execute and read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
DFE000
stack
page read and write
BF4000
heap
page read and write
42DF000
stack
page read and write
5E0000
heap
page read and write
23CC0000
trusted library allocation
page read and write
871B000
stack
page read and write
E70000
direct allocation
page read and write
6DC0000
direct allocation
page read and write
3C5E000
stack
page read and write
E5D000
unkown
page execute and read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
90C000
stack
page read and write
4DB1000
heap
page read and write
11E0000
heap
page read and write
BF4000
heap
page read and write
2E9E000
stack
page read and write
35DF000
stack
page read and write
2C9E000
stack
page read and write
4DB1000
heap
page read and write
2DFE000
stack
page read and write
BF4000
heap
page read and write
28A0000
direct allocation
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
6DC0000
direct allocation
page read and write
1D31D000
stack
page read and write
6C950000
unkown
page readonly
6921000
heap
page read and write
BF4000
heap
page read and write
5B9F000
stack
page read and write
23AC3000
heap
page read and write
170E000
stack
page read and write
BF4000
heap
page read and write
339E000
stack
page read and write
455E000
stack
page read and write
34DE000
stack
page read and write
4DB1000
heap
page read and write
7040000
direct allocation
page execute and read and write
BF4000
heap
page read and write
1D8B2000
heap
page read and write
6DFE000
stack
page read and write
BF4000
heap
page read and write
1D8C0000
heap
page read and write
325E000
stack
page read and write
15A4000
heap
page read and write
518E000
stack
page read and write
367F000
stack
page read and write
4EC0000
direct allocation
page execute and read and write
970000
heap
page read and write
553C000
stack
page read and write
BF4000
heap
page read and write
74C9000
direct allocation
page read and write
2FDE000
stack
page read and write
6CBCE000
unkown
page read and write
4F0E000
stack
page read and write
433E000
stack
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
6FFF000
stack
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
66E0000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
FF0000
heap
page read and write
5240000
direct allocation
page read and write
4DB1000
heap
page read and write
343E000
stack
page read and write
1D8BA000
heap
page read and write
65B000
unkown
page execute and write copy
BF4000
heap
page read and write
7F3000
unkown
page execute and read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
71B9000
heap
page read and write
70A0000
direct allocation
page execute and read and write
2A3E000
stack
page read and write
1D897000
heap
page read and write
41FE000
stack
page read and write
4DB1000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
6A20000
heap
page read and write
BF4000
heap
page read and write
4C90000
direct allocation
page execute and read and write
52FE000
stack
page read and write
FDB000
stack
page read and write
2B00000
direct allocation
page execute and read and write
1D87D000
heap
page read and write
4761000
heap
page read and write
E94000
heap
page read and write
2B00000
direct allocation
page execute and read and write
150E000
stack
page read and write
1137000
stack
page read and write
BF4000
heap
page read and write
1010000
heap
page read and write
1D882000
heap
page read and write
6420000
heap
page read and write
1D889000
heap
page read and write
4E80000
direct allocation
page execute and read and write
BF4000
heap
page read and write
6921000
heap
page read and write
1D8A8000
heap
page read and write
1D8A2000
heap
page read and write
4761000
heap
page read and write
311E000
stack
page read and write
461F000
stack
page read and write
4CAE000
stack
page read and write
BF4000
heap
page read and write
4E5E000
stack
page read and write
691F000
stack
page read and write
4820000
heap
page read and write
4DB1000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4E60000
direct allocation
page execute and read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
3BB000
unkown
page execute and read and write
145D000
stack
page read and write
E8C000
heap
page read and write
E94000
heap
page read and write
2D1F000
stack
page read and write
71B0000
heap
page read and write
4764000
heap
page read and write
6921000
heap
page read and write
4761000
heap
page read and write
6921000
heap
page read and write
3A3F000
stack
page read and write
1D8A5000
heap
page read and write
BF4000
heap
page read and write
1580000
heap
page read and write
53A0000
direct allocation
page execute and read and write
369E000
stack
page read and write
1D8A5000
heap
page read and write
65C000
stack
page read and write
357E000
stack
page read and write
6CBD0000
unkown
page read and write
649F000
stack
page read and write
BF4000
heap
page read and write
E9B000
unkown
page execute and write copy
BF4000
heap
page read and write
BF4000
heap
page read and write
165E000
heap
page read and write
61ED4000
direct allocation
page readonly
3480000
direct allocation
page read and write
46A1000
heap
page read and write
4761000
heap
page read and write
4E30000
direct allocation
page execute and read and write
3480000
direct allocation
page read and write
4DEF000
stack
page read and write
4DB1000
heap
page read and write
DBD000
unkown
page execute and read and write
1D8A5000
heap
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
571F000
stack
page read and write
23B50000
trusted library allocation
page read and write
3BBE000
stack
page read and write
1D8A5000
heap
page read and write
BF4000
heap
page read and write
4DC0000
heap
page read and write
EA9000
heap
page read and write
E94000
heap
page read and write
385F000
stack
page read and write
1D88B000
heap
page read and write
BF5000
heap
page read and write
35EF000
stack
page read and write
BF4000
heap
page read and write
419F000
stack
page read and write
7100000
direct allocation
page execute and read and write
3C2F000
stack
page read and write
4DB1000
heap
page read and write
6921000
heap
page read and write
4761000
heap
page read and write
3A5E000
stack
page read and write
B4B000
unkown
page execute and write copy
BF4000
heap
page read and write
E94000
heap
page read and write
BF4000
heap
page read and write
4D10000
direct allocation
page execute and read and write
7C0000
heap
page read and write
4DB0000
direct allocation
page execute and read and write
504D000
stack
page read and write
6921000
heap
page read and write
4DB1000
heap
page read and write
389F000
stack
page read and write
E94000
heap
page read and write
BF4000
heap
page read and write
117E000
stack
page read and write
23AE3000
heap
page read and write
E94000
heap
page read and write
1D8C0000
heap
page read and write
4E40000
direct allocation
page execute and read and write
46AA000
heap
page read and write
46BF000
stack
page read and write
644000
unkown
page execute and read and write
2A820000
heap
page read and write
6921000
heap
page read and write
4E30000
direct allocation
page execute and read and write
BF5000
heap
page read and write
475F000
stack
page read and write
3480000
direct allocation
page read and write
23B2C000
heap
page read and write
BF4000
heap
page read and write
5F75000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
23A40000
heap
page read and write
CE6000
unkown
page execute and read and write
349F000
stack
page read and write
29FF000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
E81000
heap
page read and write
2EDF000
stack
page read and write
4761000
heap
page read and write
4760000
heap
page read and write
70F0000
direct allocation
page execute and read and write
1D89E000
heap
page read and write
BF4000
heap
page read and write
455F000
stack
page read and write
2B00000
direct allocation
page execute and read and write
1D8C0000
heap
page read and write
6C951000
unkown
page execute read
3C1F000
stack
page read and write
BF4000
heap
page read and write
4860000
trusted library allocation
page read and write
4DB1000
heap
page read and write
1D89D000
heap
page read and write
F8A000
unkown
page execute and write copy
5F6E000
stack
page read and write
BF4000
heap
page read and write
4D11000
direct allocation
page read and write
11F0000
direct allocation
page read and write
1710000
heap
page read and write
BF4000
heap
page read and write
1D89C000
heap
page read and write
1D881000
heap
page read and write
BFC000
unkown
page execute and read and write
466E000
stack
page read and write
9B0000
unkown
page readonly
BF4000
heap
page read and write
4D50000
direct allocation
page execute and read and write
E80000
heap
page read and write
B4A000
unkown
page execute and write copy
23B40000
trusted library allocation
page read and write
6921000
heap
page read and write
4DB1000
heap
page read and write
BF5000
heap
page read and write
6921000
heap
page read and write
BF4000
heap
page read and write
153B000
heap
page read and write
445E000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
43DE000
stack
page read and write
451F000
stack
page read and write
32AF000
stack
page read and write
E91000
heap
page read and write
61ECC000
direct allocation
page read and write
BF4000
heap
page read and write
1D8B2000
heap
page read and write
7090000
direct allocation
page execute and read and write
39EE000
stack
page read and write
1D882000
heap
page read and write
1D88B000
heap
page read and write
6921000
heap
page read and write
E60000
heap
page read and write
4761000
heap
page read and write
7060000
direct allocation
page execute and read and write
23D5E000
heap
page read and write
447E000
stack
page read and write
4DB1000
heap
page read and write
4DB1000
heap
page read and write
1D88D000
heap
page read and write
37BF000
stack
page read and write
BF4000
heap
page read and write
3B9000
unkown
page write copy
479E000
stack
page read and write
E94000
heap
page read and write
4E00000
direct allocation
page execute and read and write
4761000
heap
page read and write
451E000
stack
page read and write
4C99000
stack
page read and write
3ADF000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
8A9000
unkown
page write copy
15A4000
heap
page read and write
BF5000
heap
page read and write
FBF000
stack
page read and write
1D8C0000
heap
page read and write
165A000
heap
page read and write
44DF000
stack
page read and write
1D89A000
heap
page read and write
6921000
heap
page read and write
40BE000
stack
page read and write
7040000
direct allocation
page execute and read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
E10000
heap
page read and write
28C0000
direct allocation
page read and write
4E30000
direct allocation
page execute and read and write
4761000
heap
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
E94000
heap
page read and write
46A1000
heap
page read and write
2B3F000
stack
page read and write
4DAF000
stack
page read and write
4A2E000
stack
page read and write
1D8A5000
heap
page read and write
347E000
stack
page read and write
1D99F000
heap
page read and write
7040000
direct allocation
page execute and read and write
830000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
1D8A5000
heap
page read and write
7040000
direct allocation
page execute and read and write
7010000
direct allocation
page execute and read and write
BF4000
heap
page read and write
E9C000
unkown
page execute and write copy
4D70000
direct allocation
page execute and read and write
28E0000
direct allocation
page read and write
5F2B000
stack
page read and write
8A2000
unkown
page execute and read and write
1D8A5000
heap
page read and write
BF4000
heap
page read and write
46A1000
heap
page read and write
28F0000
heap
page read and write
52DE000
stack
page read and write
B4A000
unkown
page execute and read and write
4761000
heap
page read and write
329F000
stack
page read and write
4DB1000
heap
page read and write
41BF000
stack
page read and write
6921000
heap
page read and write
BF4000
heap
page read and write
E70000
direct allocation
page read and write
BF4000
heap
page read and write
28E0000
direct allocation
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
6921000
heap
page read and write
28A0000
direct allocation
page read and write
7080000
direct allocation
page execute and read and write
E94000
heap
page read and write
2F9F000
stack
page read and write
4761000
heap
page read and write
4DB1000
heap
page read and write
FE0000
direct allocation
page read and write
3480000
direct allocation
page read and write
4800000
heap
page read and write
BF4000
heap
page read and write
64C000
unkown
page execute and read and write
34EE000
stack
page read and write
168E000
stack
page read and write
1D8A4000
heap
page read and write
31AF000
stack
page read and write
4CA0000
direct allocation
page execute and read and write
2A80B000
stack
page read and write
1059000
heap
page read and write
4761000
heap
page read and write
285E000
stack
page read and write
BF4000
heap
page read and write
190E000
stack
page read and write
BF4000
heap
page read and write
4C1E000
stack
page read and write
1D8A5000
heap
page read and write
4E90000
direct allocation
page execute and read and write
2EFF000
stack
page read and write
4761000
heap
page read and write
4D00000
direct allocation
page execute and read and write
37DE000
stack
page read and write
6CBCF000
unkown
page write copy
4E30000
direct allocation
page execute and read and write
4761000
heap
page read and write
4DB1000
heap
page read and write
3E1E000
stack
page read and write
BF4000
heap
page read and write
538F000
stack
page read and write
393E000
stack
page read and write
3C6E000
stack
page read and write
62BF000
stack
page read and write
1D8B2000
heap
page read and write
4C5F000
stack
page read and write
BF4000
heap
page read and write
4B5E000
stack
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
28E0000
direct allocation
page read and write
4761000
heap
page read and write
6921000
heap
page read and write
53FF000
stack
page read and write
1795000
heap
page read and write
E94000
heap
page read and write
3A9F000
stack
page read and write
4DB1000
heap
page read and write
33DF000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
343E000
stack
page read and write
66C0000
heap
page read and write
BF5000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
1D1DE000
stack
page read and write
E94000
heap
page read and write
E6F000
heap
page read and write
B3C000
unkown
page execute and read and write
11F0000
direct allocation
page read and write
E94000
heap
page read and write
529F000
stack
page read and write
4C6F000
stack
page read and write
11F0000
direct allocation
page read and write
BF5000
heap
page read and write
28E0000
direct allocation
page read and write
BF4000
heap
page read and write
15A4000
heap
page read and write
4D80000
direct allocation
page execute and read and write
E94000
heap
page read and write
11F0000
direct allocation
page read and write
734E000
heap
page read and write
BFA000
unkown
page write copy
9E7000
unkown
page execute and read and write
4761000
heap
page read and write
15A4000
heap
page read and write
7F5000
unkown
page execute and write copy
4CD0000
direct allocation
page execute and read and write
BF4000
heap
page read and write
FFE000
stack
page read and write
38AE000
stack
page read and write
11F0000
direct allocation
page read and write
499F000
stack
page read and write
4C90000
direct allocation
page execute and read and write
6921000
heap
page read and write
28E0000
direct allocation
page read and write
409F000
stack
page read and write
DB6000
unkown
page execute and read and write
4761000
heap
page read and write
BF4000
heap
page read and write
1D89C000
heap
page read and write
2B10000
heap
page read and write
4D20000
direct allocation
page execute and read and write
E94000
heap
page read and write
4761000
heap
page read and write
28E0000
direct allocation
page read and write
DC0000
heap
page read and write
3F1F000
stack
page read and write
63FF000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
E70000
direct allocation
page read and write
4761000
heap
page read and write
10A1000
heap
page read and write
4C90000
direct allocation
page execute and read and write
1D8C0000
heap
page read and write
23AA1000
heap
page read and write
6921000
heap
page read and write
BF4000
heap
page read and write
A3A000
unkown
page execute and read and write
E70000
direct allocation
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
1B4F000
stack
page read and write
3CDE000
stack
page read and write
66DF000
stack
page read and write
1580000
heap
page read and write
E70000
direct allocation
page read and write
E8F000
heap
page read and write
4761000
heap
page read and write
6921000
heap
page read and write
5C7C000
stack
page read and write
1D58F000
stack
page read and write
6C9F0000
unkown
page readonly
39DE000
stack
page read and write
BF5000
heap
page read and write
3B5F000
stack
page read and write
BF4000
heap
page read and write
1D8C0000
heap
page read and write
11F0000
direct allocation
page read and write
1D89C000
heap
page read and write
841000
unkown
page execute and write copy
BF4000
heap
page read and write
BF4000
heap
page read and write
1D8A5000
heap
page read and write
11F0000
direct allocation
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
48EE000
stack
page read and write
28E0000
direct allocation
page read and write
333E000
stack
page read and write
BF5000
heap
page read and write
4DB1000
heap
page read and write
1D990000
trusted library allocation
page read and write
64DE000
stack
page read and write
EC0000
heap
page read and write
1D8A1000
heap
page read and write
4DB1000
heap
page read and write
4761000
heap
page read and write
1D89C000
heap
page read and write
BF4000
heap
page read and write
6921000
heap
page read and write
42FF000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
321F000
stack
page read and write
3E9E000
stack
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
40DE000
stack
page read and write
65BC000
stack
page read and write
28DE000
heap
page read and write
353F000
stack
page read and write
2DDE000
stack
page read and write
23BAE000
stack
page read and write
4D20000
direct allocation
page execute and read and write
6921000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
6921000
heap
page read and write
E94000
heap
page read and write
6921000
heap
page read and write
B34000
unkown
page execute and read and write
BF4000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
BF4000
heap
page read and write
53DE000
stack
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
A7C000
unkown
page execute and read and write
BF4000
heap
page read and write
CE3000
unkown
page execute and read and write
E94000
heap
page read and write
8AB000
unkown
page execute and read and write
BF4000
heap
page read and write
4761000
heap
page read and write
4DB1000
heap
page read and write
BF4000
heap
page read and write
1D8B8000
heap
page read and write
6921000
heap
page read and write
BF4000
heap
page read and write
E94000
heap
page read and write
355E000
stack
page read and write
194F000
stack
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
A3C000
unkown
page execute and read and write
BF4000
heap
page read and write
4CB0000
direct allocation
page read and write
BF5000
heap
page read and write
330000
unkown
page readonly
BF4000
heap
page read and write
BF4000
heap
page read and write
BF5000
heap
page read and write
1D8A4000
heap
page read and write
465E000
stack
page read and write
28E0000
direct allocation
page read and write
23B03000
heap
page read and write
5240000
direct allocation
page read and write
A8B000
stack
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
4E80000
heap
page read and write
6921000
heap
page read and write
399F000
stack
page read and write
1D8A5000
heap
page read and write
8A9000
unkown
page write copy
1D8A1000
heap
page read and write
23A40000
trusted library allocation
page read and write
6921000
heap
page read and write
1778000
heap
page read and write
429E000
stack
page read and write
163E000
stack
page read and write
4DB1000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
2E5F000
stack
page read and write
BF4000
heap
page read and write
65A000
unkown
page execute and read and write
3490000
heap
page read and write
BF4000
heap
page read and write
1D5CD000
stack
page read and write
28A0000
direct allocation
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
D9E000
stack
page read and write
70B0000
direct allocation
page execute and read and write
82E000
stack
page read and write
1D89D000
heap
page read and write
28A0000
direct allocation
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
4761000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
4DB1000
heap
page read and write
7030000
direct allocation
page execute and read and write
DCA000
heap
page read and write
4780000
heap
page read and write
BF4000
heap
page read and write
6709000
heap
page read and write
E70000
direct allocation
page read and write
1D8A5000
heap
page read and write
23B2D000
heap
page read and write
6921000
heap
page read and write
6C9CD000
unkown
page readonly
1D88B000
heap
page read and write
BF4000
heap
page read and write
BF4000
heap
page read and write
1D88B000
heap
page read and write
4761000
heap
page read and write
15A4000
heap
page read and write
1D8A2000
heap
page read and write
1D897000
heap
page read and write
E93000
heap
page read and write
4DB1000
heap
page read and write
4C90000
direct allocation
page execute and read and write
1D8C0000
heap
page read and write
543D000
stack
page read and write
E94000
heap
page read and write
48AF000
stack
page read and write
6CBD5000
unkown
page readonly
E94000
heap
page read and write
1530000
heap
page read and write
43AF000
stack
page read and write
BF4000
heap
page read and write
16B5000
heap
page read and write
BF5000
heap
page read and write
BF4000
heap
page read and write
7040000
direct allocation
page execute and read and write
4DB1000
heap
page read and write
There are 1443 hidden memdumps, click here to show them.