IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008217001\rnd.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008231001\fb1f3ab244.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Bijouterie\tak_deco_lib.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsIDGHDGIDAK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFHDBGHJKFIDHJJJEBKE
ASCII text, with very long lines (1808), with CRLF line terminators
dropped
C:\ProgramData\EBKKKEGIDBGHIDGDHDBFHDAKJJ
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EHCAEGDH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\FBGHCGCAEBFIJKFIDBGH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\GHJDHDAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\IDGDAAKFHIEHIECAFBAAEBKFBA
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KKKJKEBKFCAAECAAAAAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\461c15a1-b00a-4f31-859b-d110a673cb7d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5f245ab7-d380-44f6-b378-cbe2a3127942.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\616a68c6-8dcd-4ee1-b36a-84e9b72a27ae.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\dba09553-eee3-4e2b-94ea-1c5c33e015b1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6740AC8D-1518.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6740AC8E-1AE0.pma
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 134217728.000000, slope 75015551881388056232440365056.000000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1331cd1a-069e-4d7a-b372-93be92022af1.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\56743580-66ea-4898-b492-9f5761f32198.tmp
Unicode text, UTF-8 text, with very long lines (17421), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\60803192-f1c0-4ea7-ac71-f193efd870ed.tmp
Unicode text, UTF-8 text, with very long lines (17256), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\75f9051c-2473-4d7d-928f-3aed8fd3a1f6.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7fe1a664-04b3-48b6-8e3a-2102f625c5cd.tmp
Unicode text, UTF-8 text, with very long lines (17421), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8d40d2bf-15ce-4c85-be9e-83656c29a994.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\412d2b60-c3b3-4aba-80e9-87fb8fbd0b3d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\53739503-4360-4f38-a9f9-90fcbd8ace46.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5ef179f2-f163-49eb-a429-ddb2a223ca99.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a30c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2bd6a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c5f20540-2857-46be-b39b-beb9578d4ff9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d1e031f3-668e-488d-a774-b09921bdca17.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2ec1b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF32c9f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a1ee.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2deae.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3229c.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376765328853640
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\088dbb62-bf1f-4ce6-9e04-94c8bbd255a5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2bd7a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\fc03fe70-b1a8-47d6-9a4f-0440864eec6f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\fcb0d368-63c2-461d-8919-6b75164ec649.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b0557d0f-9f46-470c-816d-97299e6227c9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b7902186-5005-4d48-89b9-932c9635c706.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d1caae6d-1569-4451-b24a-3db9f859e030.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28f26.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28f36.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF290eb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b7fb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f5fe.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a1bf.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c8cf.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fd5c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a13e9199-accf-43b2-ab66-e81724d687de.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b978d3da-a45c-4375-abd7-9fb282186f33.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cde44e74-bae9-46fe-a7c3-30ccf4e0707a.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d38c6110-aa64-4923-9705-0af370d3e42c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d9a4edbd-ee10-4edd-9455-1746fd92f0a4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f31e8390-bea7-4fc9-81ff-cf93ec2fb649.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\rnd[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\0fb357af-c525-4bac-88b9-5d668ddfc6b8.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\2ce420b7-8ed0-41c9-8b18-b0636e898e9c.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\3ec7f2ca-bce4-4e7d-bfe2-5e3e93b39d92.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\6dea31ce-0552-4263-8291-eb49cd934e91.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\Bijouterie\fgq
data
dropped
C:\Users\user\AppData\Local\Temp\Bijouterie\ymv
data
dropped
C:\Users\user\AppData\Local\Temp\cc02452a-f582-436d-93ad-feacde958d4f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cd491016-80b8-42ae-8ca6-071f9ce736ed.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\dcad88a3-7ba4-49f9-bef0-deba4741f7db.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\3ec7f2ca-bce4-4e7d-bfe2-5e3e93b39d92.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_2012062272\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_349042258\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_349042258\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_349042258\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_349042258\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6880_349042258\cc02452a-f582-436d-93ad-feacde958d4f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 15:08:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 15:08:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 15:08:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 15:08:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 15:08:38 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 474
ASCII text, with very long lines (783)
downloaded
Chrome Cache Entry: 475
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 476
ASCII text
downloaded
Chrome Cache Entry: 477
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 478
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 479
SVG Scalable Vector Graphics image
downloaded
There are 290 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2080,i,18242314153072897791,5523460126860221555,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2380,i,15895540208041940085,12511833201022013577,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2012,i,10376800940862538965,2285784219331554161,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6424 --field-trial-handle=2012,i,10376800940862538965,2285784219331554161,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6872 --field-trial-handle=2012,i,10376800940862538965,2285784219331554161,262144 /prefetch:8
malicious
C:\Users\user\DocumentsIDGHDGIDAK.exe
"C:\Users\user\DocumentsIDGHDGIDAK.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceuserer --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6492 --field-trial-handle=2012,i,10376800940862538965,2285784219331554161,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsIDGHDGIDAK.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\user\AppData\Local\Temp\1008217001\rnd.exe
"C:\Users\user\AppData\Local\Temp\1008217001\rnd.exe"
C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe
"C:\Users\user\AppData\Local\Temp\Bijouterie\Mp3tag.exe"
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/sqlite3.dll4
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.vmware.com/0
unknown
https://c.msn.com/c.gif?rnd=1732291741203&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=9aecdf6384254054b34c2d28c33bb36c&activityId=9aecdf6384254054b34c2d28c33bb36c&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=FE5BBD40A0CF427BA444C5123269F69F&MUID=379C33D393BD6E761EBE26EC92DF6F66
20.110.205.119
http://www.broofa.com
unknown
http://31.41.244.11/files/random.exe50623
unknown
https://api.discogs.com/oauth/access_token
unknown
https://ntp.msn.com/0
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
http://31.41.244.11/files/random.exe8
unknown
https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
unknown
https://docs.google.com/
unknown
http://31.41.244.11/
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
unknown
http://185.215.113.206/c4becf79229cb002.phpation
unknown
https://www.mp3tag.de/en/donations.htmlpStaticDonate
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/mozglue.dll/
unknown
https://drive.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732291746979&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.23
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.68
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
unknown
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://api.discogs.com/oauth/identity
unknown
https://download.mp3tag.de/versions.xmlCMTUpdater::HandleLatestVersion
unknown
https://www.discogs.com/oauth/authorize
unknown
https://community.mp3tag.de/
unknown
http://31.41.244.11/files/random.exeXU.QP
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://community.mp3tag.de/pStaticSupport
unknown
https://drive-daily-2.corp.google.com/
unknown
https://drive-daily-4.corp.google.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
http://185.215.113.43/Zu7JuNko/index.phpHG
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllr
unknown
http://www.symauth.com/cps0(
unknown
https://drive-daily-1.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpD52
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/c4becf79229cb002.phpX#R
unknown
https://drive-daily-5.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php8
unknown
http://31.41
unknown
http://31.41.244.11/files/rnd.exeex.phpr
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
http://31.41.244.11/215.113.43/Zu7JuNko/index.php
unknown
https://www.google.com/chrome
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllo
unknown
http://www.symauth.com/rpa00
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllj
unknown
http://185.215.113.206/c4becf79229cb002.phpH
unknown
http://www.info-zip.org/
unknown
https://chromewebstore.google.com/
unknown
http://31.41.244.11/files/random.exephp
unknown
https://drive-preprod.corp.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllL
unknown
http://31.41.244.11/files/random.exe8-3693405117-#
unknown
https://msn.comXIDv10
unknown
http://31.41.244.11/files/random.exe
unknown
https://chrome.google.com/webstore/
unknown
https://docs.mp3tag.de/credits/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://sb.scorecardresearch.com/b?rn=1732291741203&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=379C33D393BD6E761EBE26EC92DF6F66&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.165.220.110
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732291746981&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.23
http://185.215.113.206/c4becf79229cb002.phpgPreference.VerbP
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.206/.
unknown
http://31.41.244.11/files/random.exe13
unknown
https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
https://ntp.msn.com/edge/ntp
unknown
https://www.mp3tag.de/en/donations.html
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll/
unknown
http://185.215.113.206ocal
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJp
unknown
http://185.215.113.16/mine/random.exeX
unknown
http://musicbrainz.org
unknown
https://ntp.msn.com
unknown
http://185.215.113.206/c4becf79229cb002.php(_
unknown
https://sb.scorecardresearch.com/b2?rn=1732291741203&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=379C33D393BD6E761EBE26EC92DF6F66&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.238.49.74
http://185.215.113.43/Zu7JuNko/index.php.10
unknown
https://drive-staging.corp.google.com/
unknown
http://31.41.244.11/files/random.exe5062384
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732291747989&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.23
http://185.215.113.206/U
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
http://31.41.244.11/files/rnd.exefc8506238476
unknown
https://apis.google.com
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
142.250.181.78
play.google.com
172.217.19.206
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.110
www.google.com
142.250.181.68
googlehosted.l.googleusercontent.com
172.217.19.225
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
deff.nelreports.net
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.10
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
20.1.248.118
unknown
United States
20.25.227.174
unknown
United States
13.107.246.40
unknown
United States
23.199.62.75
unknown
United States
23.200.0.6
unknown
United States
192.168.2.9
unknown
unknown
172.217.19.225
googlehosted.l.googleusercontent.com
United States
18.238.49.74
unknown
United States
104.70.121.219
unknown
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
142.250.181.68
www.google.com
United States
23.44.203.68
unknown
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
31.41.244.11
unknown
Russian Federation
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
185.215.113.16
unknown
Portugal
20.189.173.23
unknown
United States
104.117.182.72
unknown
United States
239.255.255.250
unknown
Reserved
142.250.181.78
plus.l.google.com
United States
18.165.220.110
sb.scorecardresearch.com
United States
127.0.0.1
unknown
unknown
There are 16 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197836
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197836
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197836
WindowTabManagerFileMappingId
There are 93 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
A51000
unkown
page execute and read and write
 malicious
5250000
direct allocation
page read and write
 malicious
B51000
unkown
page execute and read and write
 malicious
A51000
unkown
page execute and read and write
 malicious
5100000
direct allocation
page read and write
 malicious
5260000
direct allocation
page read and write
 malicious
CA1000
unkown
page execute and read and write
 malicious
A51000
unkown
page execute and read and write
 malicious
5330000
direct allocation
page read and write
 malicious
4BF0000
direct allocation
page read and write
 malicious
152E000
heap
page read and write
 malicious
4F4E000
stack
page read and write
34DE000
stack
page read and write
7270000
heap
page read and write
14A4000
heap
page read and write
1D18F000
stack
page read and write
3AEF000
stack
page read and write
3040000
direct allocation
page read and write
4C6E000
stack
page read and write
476E000
stack
page read and write
149A000
heap
page read and write
1D72E000
heap
page read and write
5330000
direct allocation
page read and write
3040000
direct allocation
page read and write
887D000
stack
page read and write
14A4000
heap
page read and write
53285D4000
stack
page read and write
5500000
direct allocation
page execute and read and write
508D000
stack
page read and write
1D76E000
heap
page read and write
16EB000
heap
page read and write
23900000
trusted library allocation
page read and write
14A4000
heap
page read and write
96D000
direct allocation
page read and write
1354000
heap
page read and write
399F000
stack
page read and write
53C0000
direct allocation
page execute and read and write
4750000
direct allocation
page read and write
105E000
stack
page read and write
140A21000
unkown
page readonly
14A4000
heap
page read and write
14A4000
heap
page read and write
1D751000
heap
page read and write
3040000
direct allocation
page read and write
F12000
unkown
page execute and read and write
48AF000
stack
page read and write
4760000
heap
page read and write
218965B0000
trusted library allocation
page read and write
1D75A000
heap
page read and write
523F000
stack
page read and write
23B6E000
stack
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
2FFE000
stack
page read and write
140BD2000
unkown
page readonly
14AA000
heap
page read and write
1D74D000
heap
page read and write
92E000
stack
page read and write
4AEF000
stack
page read and write
3B0E000
stack
page read and write
4761000
heap
page read and write
1354000
heap
page read and write
16C1000
heap
page read and write
4761000
heap
page read and write
44AF000
stack
page read and write
3D6F000
stack
page read and write
2FC0000
direct allocation
page read and write
30A7000
heap
page read and write
14A4000
heap
page read and write
1D760000
heap
page read and write
4BA0000
trusted library allocation
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
3040000
direct allocation
page read and write
49EE000
stack
page read and write
14A4000
heap
page read and write
16D6000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
726E000
heap
page read and write
2189313E000
heap
page read and write
49EF000
stack
page read and write
2FD7000
heap
page read and write
439F000
stack
page read and write
67C000
stack
page read and write
1D745000
heap
page read and write
1354000
heap
page read and write
348F000
stack
page read and write
4C71000
heap
page read and write
2E4F000
stack
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
D70000
unkown
page execute and write copy
D60000
unkown
page execute and read and write
3C6E000
stack
page read and write
2E0E000
stack
page read and write
2394E000
heap
page read and write
376E000
stack
page read and write
4761000
heap
page read and write
52CF000
stack
page read and write
F14000
unkown
page execute and write copy
14A4000
heap
page read and write
53285E9000
stack
page read and write
4C71000
heap
page read and write
6CE4F000
unkown
page write copy
1354000
heap
page read and write
372F000
stack
page read and write
588000
heap
page read and write
140B6A000
unkown
page readonly
53285DB000
stack
page read and write
7FE000
stack
page read and write
47AE000
stack
page read and write
16DD000
heap
page read and write
376E000
stack
page read and write
AB2000
unkown
page execute and read and write
21893130000
heap
page read and write
14A4000
heap
page read and write
21892DA0000
heap
page read and write
14A4000
heap
page read and write
7FF6850CE000
unkown
page readonly
48EE000
stack
page read and write
4750000
direct allocation
page read and write
4761000
heap
page read and write
140B87000
unkown
page readonly
1126000
heap
page read and write
3B1E000
stack
page read and write
AB9000
unkown
page write copy
A51000
unkown
page execute and write copy
360E000
stack
page read and write
3C6E000
stack
page read and write
4761000
heap
page read and write
1D72D000
heap
page read and write
1680000
heap
page read and write
3040000
direct allocation
page read and write
3BEF000
stack
page read and write
1D737000
heap
page read and write
14A4000
heap
page read and write
1D76E000
heap
page read and write
424F000
stack
page read and write
4C71000
heap
page read and write
4DC0000
direct allocation
page read and write
21892FAE000
heap
page read and write
21892F9E000
heap
page read and write
14A4000
heap
page read and write
53D0000
direct allocation
page execute and read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
4DC0000
direct allocation
page execute and read and write
ABB000
unkown
page execute and read and write
42AD000
stack
page read and write
3080000
direct allocation
page read and write
4C6F000
stack
page read and write
4C77000
heap
page read and write
23956000
heap
page read and write
362E000
stack
page read and write
4761000
heap
page read and write
4C71000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
AF3000
stack
page read and write
AF8000
stack
page read and write
4A2E000
stack
page read and write
1D735000
heap
page read and write
23941000
heap
page read and write
4C71000
heap
page read and write
8600000
heap
page read and write
1490000
heap
page read and write
2F8F000
stack
page read and write
2FC0000
direct allocation
page read and write
4DB0000
heap
page read and write
1354000
heap
page read and write
16E8000
heap
page read and write
4761000
heap
page read and write
1D760000
heap
page read and write
3D4F000
stack
page read and write
1D1CE000
stack
page read and write
84B000
unkown
page read and write
14A4000
heap
page read and write
4C71000
heap
page read and write
5480000
direct allocation
page execute and read and write
14B000
stack
page read and write
8603000
heap
page read and write
16A9000
heap
page read and write
5430000
direct allocation
page execute and read and write
334F000
stack
page read and write
CD7000
unkown
page execute and read and write
4BDC000
stack
page read and write
1D74F000
heap
page read and write
4DC0000
direct allocation
page read and write
2AC0000
heap
page read and write
97C000
direct allocation
page read and write
23900000
heap
page read and write
4761000
heap
page read and write
21892F97000
heap
page read and write
56B0000
heap
page read and write
36EF000
stack
page read and write
4C71000
heap
page read and write
3C1F000
stack
page read and write
1D2CF000
stack
page read and write
412F000
stack
page read and write
384F000
stack
page read and write
2D0F000
stack
page read and write
438F000
stack
page read and write
4C71000
heap
page read and write
1D751000
heap
page read and write
16D2000
heap
page read and write
7260000
heap
page read and write
1D735000
heap
page read and write
10BB000
heap
page read and write
1D743000
heap
page read and write
3C2F000
stack
page read and write
7FF6850A0000
unkown
page readonly
D6C000
unkown
page execute and read and write
4DC0000
direct allocation
page read and write
137E000
stack
page read and write
44CF000
stack
page read and write
54B0000
direct allocation
page execute and read and write
2F6F000
stack
page read and write
2FC0000
direct allocation
page read and write
30AE000
heap
page read and write
48EE000
stack
page read and write
14A4000
heap
page read and write
5260000
direct allocation
page execute and read and write
4C71000
heap
page read and write
3080000
direct allocation
page read and write
375E000
stack
page read and write
4761000
heap
page read and write
C9E000
stack
page read and write
16DD000
heap
page read and write
4C71000
heap
page read and write
114C000
unkown
page execute and read and write
1310000
heap
page read and write
2A64E000
stack
page read and write
34CE000
stack
page read and write
1430000
heap
page read and write
147A000
heap
page read and write
4761000
heap
page read and write
48DE000
stack
page read and write
4761000
heap
page read and write
1D722000
heap
page read and write
4761000
heap
page read and write
1D746000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
508000
heap
page read and write
5460000
direct allocation
page execute and read and write
30A0000
heap
page read and write
2FC0000
direct allocation
page read and write
140001000
unkown
page execute read
AB9000
unkown
page write copy
4C71000
heap
page read and write
336F000
stack
page read and write
1697000
heap
page read and write
5330000
direct allocation
page read and write
21892F38000
heap
page read and write
4C71000
heap
page read and write
4DC1000
heap
page read and write
C4E000
unkown
page execute and read and write
14A4000
heap
page read and write
1D72F000
heap
page read and write
4C71000
heap
page read and write
1380000
heap
page read and write
1354000
heap
page read and write
12FD000
stack
page read and write
4C71000
heap
page read and write
5328BFD000
stack
page read and write
4761000
heap
page read and write
2A9E1000
heap
page read and write
425F000
stack
page read and write
C55000
heap
page read and write
34AF000
stack
page read and write
14A4000
heap
page read and write
4C2C000
stack
page read and write
4C51000
direct allocation
page read and write
4C71000
heap
page read and write
4DD0000
heap
page read and write
53D0000
direct allocation
page execute and read and write
4EAF000
stack
page read and write
16D5000
heap
page read and write
4761000
heap
page read and write
4C71000
heap
page read and write
147E000
heap
page read and write
140BA0000
unkown
page readonly
C50000
heap
page read and write
14A4000
heap
page read and write
1D84D000
heap
page read and write
14A4000
heap
page read and write
1385000
heap
page read and write
D6F000
unkown
page execute and write copy
52A0000
direct allocation
page execute and read and write
3080000
direct allocation
page read and write
1D748000
heap
page read and write
2F8F000
stack
page read and write
23B80000
trusted library allocation
page read and write
3E9F000
stack
page read and write
48AE000
stack
page read and write
14A4000
heap
page read and write
4761000
heap
page read and write
53E0000
direct allocation
page execute and read and write
1D769000
heap
page read and write
4C71000
heap
page read and write
3D6E000
stack
page read and write
21892F66000
heap
page read and write
382F000
stack
page read and write
1D735000
heap
page read and write
1520000
heap
page read and write
4C71000
heap
page read and write
5250000
direct allocation
page execute and read and write
4761000
heap
page read and write
2A8B000
stack
page read and write
1D760000
heap
page read and write
21893080000
heap
page read and write
374E000
stack
page read and write
4C71000
heap
page read and write
52C1000
direct allocation
page read and write
4C71000
heap
page read and write
1D737000
heap
page read and write
E6F000
unkown
page execute and read and write
14A4000
heap
page read and write
1680000
heap
page read and write
1D57D000
stack
page read and write
1D73C000
heap
page read and write
21892FFF000
heap
page read and write
35DF000
stack
page read and write
5290000
direct allocation
page execute and read and write
4D70000
direct allocation
page execute and read and write
239D3000
heap
page read and write
14A5000
heap
page read and write
B51000
unkown
page execute and write copy
336F000
stack
page read and write
321F000
stack
page read and write
14A4000
heap
page read and write
1410000
heap
page read and write
546F000
stack
page read and write
BB9000
unkown
page write copy
4D50000
direct allocation
page execute and read and write
1D76E000
heap
page read and write
54B0000
direct allocation
page execute and read and write
1D720000
heap
page read and write
21893031000
trusted library allocation
page read and write
8C5000
heap
page read and write
D6F000
unkown
page execute and read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
35EF000
stack
page read and write
14A4000
heap
page read and write
54B0000
direct allocation
page execute and read and write
5420000
direct allocation
page execute and read and write
14EB000
stack
page read and write
4761000
heap
page read and write
CA0000
unkown
page read and write
1D751000
heap
page read and write
3C0F000
stack
page read and write
5328DFE000
stack
page read and write
53D0000
direct allocation
page execute and read and write
152A000
heap
page read and write
D59000
unkown
page execute and read and write
4C71000
heap
page read and write
320F000
stack
page read and write
1D76E000
heap
page read and write
801000
unkown
page execute read
1D749000
heap
page read and write
2FBF000
stack
page read and write
AFE000
stack
page read and write
1409F2000
unkown
page write copy
3AAF000
stack
page read and write
474F000
stack
page read and write
1D76E000
heap
page read and write
16FE000
heap
page read and write
2FC0000
direct allocation
page read and write
44EF000
stack
page read and write
16D2000
heap
page read and write
479E000
stack
page read and write
541F000
stack
page read and write
14A4000
heap
page read and write
6B2E000
stack
page read and write
3080000
direct allocation
page read and write
5250000
direct allocation
page read and write
3080000
direct allocation
page read and write
14A4000
heap
page read and write
370F000
stack
page read and write
422F000
stack
page read and write
1D751000
heap
page read and write
14AE000
stack
page read and write
2FD0000
heap
page read and write
4C71000
heap
page read and write
3020000
heap
page read and write
3E6F000
stack
page read and write
EEA000
unkown
page write copy
14A4000
heap
page read and write
34EE000
stack
page read and write
ED8000
unkown
page execute and read and write
428E000
stack
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
30AB000
heap
page read and write
402E000
stack
page read and write
14A4000
heap
page read and write
1D760000
heap
page read and write
167A000
heap
page read and write
897F000
stack
page read and write
1D751000
heap
page read and write
14A4000
heap
page read and write
E59000
unkown
page execute and read and write
1D74A000
heap
page read and write
1D747000
heap
page read and write
31AF000
stack
page read and write
53A0000
direct allocation
page execute and read and write
1D737000
heap
page read and write
E07000
unkown
page execute and read and write
4D70000
direct allocation
page execute and read and write
386F000
stack
page read and write
4EB1000
heap
page read and write
53288FE000
stack
page read and write
AB9000
unkown
page write copy
346F000
stack
page read and write
4770000
heap
page read and write
3ECE000
stack
page read and write
4DC1000
heap
page read and write
AB2000
unkown
page execute and read and write
4C71000
heap
page read and write
3D8E000
stack
page read and write
140B6A000
unkown
page readonly
4C71000
heap
page read and write
14A4000
heap
page read and write
1354000
heap
page read and write
4761000
heap
page read and write
1500000
heap
page read and write
10F5000
heap
page read and write
5450000
direct allocation
page execute and read and write
EEC000
unkown
page execute and read and write
4C71000
heap
page read and write
4C71000
heap
page read and write
4C71000
heap
page read and write
44DF000
stack
page read and write
61ED3000
direct allocation
page read and write
4C71000
heap
page read and write
6CC71000
unkown
page execute read
4C71000
heap
page read and write
1D760000
heap
page read and write
21892FAD000
heap
page read and write
529E000
stack
page read and write
1D751000
heap
page read and write
5260000
direct allocation
page read and write
21892F30000
heap
page read and write
4C90000
heap
page read and write
14A4000
heap
page read and write
6726000
heap
page read and write
14A4000
heap
page read and write
D2A000
unkown
page execute and read and write
4761000
heap
page read and write
4D6F000
stack
page read and write
2FC0000
direct allocation
page read and write
4DE0000
direct allocation
page execute and read and write
4C71000
heap
page read and write
411F000
stack
page read and write
52F0000
trusted library allocation
page read and write
39CE000
stack
page read and write
4761000
heap
page read and write
1610000
heap
page read and write
215C000
heap
page read and write
140BEB000
unkown
page readonly
324E000
stack
page read and write
5210000
trusted library allocation
page read and write
30DF000
stack
page read and write
4761000
heap
page read and write
33AE000
stack
page read and write
A50000
unkown
page read and write
4750000
direct allocation
page read and write
146E000
stack
page read and write
3C2F000
stack
page read and write
3040000
direct allocation
page read and write
576D000
stack
page read and write
2A9DC000
stack
page read and write
21892FA8000
heap
page read and write
2BCF000
stack
page read and write
1D74A000
heap
page read and write
16AF000
stack
page read and write
4C71000
heap
page read and write
4761000
heap
page read and write
426F000
stack
page read and write
1D72E000
heap
page read and write
1D766000
heap
page read and write
35EE000
stack
page read and write
4761000
heap
page read and write
140A21000
unkown
page readonly
4761000
heap
page read and write
3FCF000
stack
page read and write
140BEB000
unkown
page readonly
4761000
heap
page read and write
EEA000
unkown
page read and write
4761000
heap
page read and write
1D76E000
heap
page read and write
14A4000
heap
page read and write
21892E90000
heap
page read and write
14F0000
heap
page read and write
2D4E000
stack
page read and write
162A000
heap
page read and write
3DAE000
stack
page read and write
21892F49000
heap
page read and write
303E000
stack
page read and write
49DF000
stack
page read and write
14A4000
heap
page read and write
AB9000
unkown
page write copy
5520000
direct allocation
page execute and read and write
1409F1000
unkown
page read and write
1D746000
heap
page read and write
53E0000
direct allocation
page execute and read and write
140BD2000
unkown
page readonly
4C71000
heap
page read and write
1D737000
heap
page read and write
21892F62000
heap
page read and write
1420000
heap
page read and write
14A4000
heap
page read and write
1670000
heap
page read and write
AB9000
unkown
page write copy
1697000
heap
page read and write
7FF685119000
unkown
page readonly
1354000
heap
page read and write
4C71000
heap
page read and write
14A4000
heap
page read and write
54F0000
direct allocation
page execute and read and write
16C1000
heap
page read and write
4DB0000
direct allocation
page execute and read and write
2FC0000
direct allocation
page read and write
1D76E000
heap
page read and write
1D74A000
heap
page read and write
4DC1000
heap
page read and write
1D76E000
heap
page read and write
16FF000
heap
page read and write
6C2F000
stack
page read and write
16E3000
heap
page read and write
53D0000
direct allocation
page execute and read and write
4DC0000
direct allocation
page read and write
1D735000
heap
page read and write
414E000
stack
page read and write
54D0000
direct allocation
page execute and read and write
500000
heap
page read and write
56AD000
stack
page read and write
1D760000
heap
page read and write
1D76E000
heap
page read and write
14A4000
heap
page read and write
462F000
stack
page read and write
361E000
stack
page read and write
166C000
heap
page read and write
4C71000
heap
page read and write
15AE000
stack
page read and write
466E000
stack
page read and write
3080000
direct allocation
page read and write
8C0000
heap
page read and write
4C71000
heap
page read and write
1D766000
heap
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
5200000
trusted library allocation
page read and write
1354000
heap
page read and write
1D43F000
stack
page read and write
3027000
heap
page read and write
4761000
heap
page read and write
4750000
direct allocation
page read and write
5410000
direct allocation
page execute and read and write
3080000
direct allocation
page read and write
4761000
heap
page read and write
1A0000
heap
page read and write
1697000
heap
page read and write
1354000
heap
page read and write
5410000
direct allocation
page execute and read and write
D70000
unkown
page execute and write copy
1D760000
heap
page read and write
1D72D000
heap
page read and write
4750000
direct allocation
page read and write
14A4000
heap
page read and write
8B0C000
stack
page read and write
14A4000
heap
page read and write
39EE000
stack
page read and write
6CE4E000
unkown
page read and write
14A4000
heap
page read and write
8C11000
heap
page read and write
1D76D000
heap
page read and write
14A4000
heap
page read and write
1D766000
heap
page read and write
1D737000
heap
page read and write
52B1000
direct allocation
page read and write
1D751000
heap
page read and write
10B0000
heap
page read and write
4DD1000
heap
page read and write
4DC0000
direct allocation
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
388E000
stack
page read and write
1135000
heap
page read and write
586D000
stack
page read and write
325E000
stack
page read and write
4750000
direct allocation
page read and write
53285D0000
stack
page read and write
34AE000
stack
page read and write
118A000
unkown
page execute and write copy
5430000
direct allocation
page execute and read and write
1325000
unkown
page execute and write copy
4C71000
heap
page read and write
4DC1000
heap
page read and write
3EAE000
stack
page read and write
23BBD000
stack
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
21892F49000
heap
page read and write
218930A0000
heap
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
16EB000
heap
page read and write
5490000
direct allocation
page execute and read and write
49EF000
stack
page read and write
14A4000
heap
page read and write
3040000
direct allocation
page read and write
4B1F000
stack
page read and write
1D758000
heap
page read and write
528E000
stack
page read and write
5470000
direct allocation
page execute and read and write
16DD000
heap
page read and write
1C0000
heap
page read and write
1071000
unkown
page execute and read and write
4761000
heap
page read and write
1D74D000
heap
page read and write
1D754000
heap
page read and write
14A4000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
43AF000
stack
page read and write
5460000
direct allocation
page execute and read and write
385F000
stack
page read and write
4C71000
heap
page read and write
2A80B000
stack
page read and write
8C0C000
stack
page read and write
23943000
heap
page read and write
40EF000
stack
page read and write
5540000
direct allocation
page execute and read and write
4C71000
heap
page read and write
A50000
unkown
page readonly
14A4000
heap
page read and write
3ACF000
stack
page read and write
1D751000
heap
page read and write
14A4000
heap
page read and write
69EE000
stack
page read and write
4C71000
heap
page read and write
4C71000
heap
page read and write
5A00000
heap
page read and write
326F000
stack
page read and write
169F000
heap
page read and write
14A4000
heap
page read and write
3080000
direct allocation
page read and write
4DC0000
heap
page read and write
50B0000
trusted library allocation
page read and write
4B6E000
stack
page read and write
21892F9E000
heap
page read and write
4761000
heap
page read and write
855000
unkown
page readonly
4761000
heap
page read and write
54C0000
direct allocation
page execute and read and write
30CF000
stack
page read and write
1680000
heap
page read and write
416E000
stack
page read and write
7270000
heap
page read and write
140C10000
unkown
page readonly
4C71000
heap
page read and write
148E000
stack
page read and write
AB9000
unkown
page write copy
4761000
heap
page read and write
2B80000
heap
page read and write
462E000
stack
page read and write
23C1B000
heap
page read and write
4DAF000
stack
page read and write
4EB2000
heap
page read and write
14A4000
heap
page read and write
1D5BD000
stack
page read and write
4CAE000
stack
page read and write
4C71000
heap
page read and write
4C71000
heap
page read and write
4BF0000
direct allocation
page read and write
3040000
direct allocation
page read and write
53F0000
direct allocation
page execute and read and write
1014000
unkown
page execute and write copy
5400000
direct allocation
page execute and read and write
44ED000
stack
page read and write
E2A000
unkown
page execute and read and write
1D76B000
heap
page read and write
7FF685115000
unkown
page readonly
14A4000
heap
page read and write
D60000
unkown
page execute and read and write
4C2F000
stack
page read and write
3080000
direct allocation
page read and write
4DC0000
direct allocation
page read and write
CA0000
unkown
page readonly
23A00000
trusted library allocation
page read and write
1D74A000
heap
page read and write
4761000
heap
page read and write
814000
unkown
page execute read
53B0000
direct allocation
page execute and read and write
4761000
heap
page read and write
F12000
unkown
page execute and read and write
1D73B000
heap
page read and write
98A000
direct allocation
page read and write
4DF0000
direct allocation
page execute and read and write
61E01000
direct allocation
page execute read
49AF000
stack
page read and write
1D760000
heap
page read and write
556E000
stack
page read and write
35CF000
stack
page read and write
F5E000
stack
page read and write
5530000
direct allocation
page execute and read and write
7360000
heap
page read and write
4C71000
heap
page read and write
21892E80000
heap
page readonly
4DC0000
direct allocation
page read and write
14A4000
heap
page read and write
4C71000
heap
page read and write
56B4000
heap
page read and write
F14000
unkown
page execute and write copy
D59000
unkown
page execute and read and write
3E8F000
stack
page read and write
15A4000
heap
page read and write
F14000
unkown
page execute and write copy
4DC0000
direct allocation
page read and write
310E000
stack
page read and write
61ED4000
direct allocation
page readonly
50F0000
direct allocation
page read and write
D24000
unkown
page execute and read and write
14A4000
heap
page read and write
851000
unkown
page read and write
A50000
unkown
page readonly
D2A000
unkown
page execute and read and write
7FF6850A1000
unkown
page execute read
14A4000
heap
page read and write
504F000
stack
page read and write
21893000000
heap
page read and write
436F000
stack
page read and write
5510000
direct allocation
page execute and read and write
140000000
unkown
page readonly
23945000
heap
page read and write
ABB000
unkown
page execute and read and write
14A4000
heap
page read and write
539F000
stack
page read and write
16DE000
heap
page read and write
1D743000
heap
page read and write
4761000
heap
page read and write
21892F6C000
heap
page read and write
3ADF000
stack
page read and write
4761000
heap
page read and write
53D0000
direct allocation
page execute and read and write
5440000
direct allocation
page execute and read and write
6AEF000
stack
page read and write
14A4000
heap
page read and write
21894D50000
heap
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
7FF6850A0000
unkown
page readonly
4761000
heap
page read and write
1012000
unkown
page execute and read and write
7FF685110000
unkown
page read and write
1D751000
heap
page read and write
FDC000
stack
page read and write
44EE000
stack
page read and write
14A4000
heap
page read and write
3040000
direct allocation
page read and write
400E000
stack
page read and write
4C71000
heap
page read and write
4DC0000
direct allocation
page read and write
11AA000
stack
page read and write
1665000
heap
page read and write
54E0000
direct allocation
page execute and read and write
1340000
heap
page read and write
2FC0000
direct allocation
page read and write
4750000
direct allocation
page read and write
D59000
unkown
page execute and read and write
2FC0000
direct allocation
page read and write
14A4000
heap
page read and write
2FAE000
stack
page read and write
4C71000
heap
page read and write
6FE000
stack
page read and write
3C2E000
stack
page read and write
5391000
direct allocation
page read and write
21892F97000
heap
page read and write
800000
unkown
page readonly
4780000
heap
page read and write
4C80000
heap
page read and write
38AE000
stack
page read and write
21892FAB000
heap
page read and write
4C71000
heap
page read and write
171E000
stack
page read and write
1407FC000
unkown
page readonly
4761000
heap
page read and write
416E000
stack
page read and write
239C4000
heap
page read and write
486F000
stack
page read and write
C4E000
unkown
page execute and read and write
1354000
heap
page read and write
C00000
heap
page read and write
14A4000
heap
page read and write
4C71000
heap
page read and write
68AE000
stack
page read and write
415E000
stack
page read and write
23960000
heap
page read and write
23920000
heap
page read and write
4750000
direct allocation
page read and write
3B2E000
stack
page read and write
1D751000
heap
page read and write
23C22000
heap
page read and write
460F000
stack
page read and write
1D76E000
heap
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
2FC0000
direct allocation
page read and write
4761000
heap
page read and write
3D2F000
stack
page read and write
1D72F000
heap
page read and write
142E000
stack
page read and write
54B0000
direct allocation
page execute and read and write
873B000
stack
page read and write
1354000
heap
page read and write
10AB000
stack
page read and write
4761000
heap
page read and write
2A4D000
heap
page read and write
14A4000
heap
page read and write
21892F66000
heap
page read and write
14A4000
heap
page read and write
2FC0000
direct allocation
page read and write
1D33E000
stack
page read and write
5328EFB000
stack
page read and write
2FFC000
stack
page read and write
1D76D000
heap
page read and write
4750000
direct allocation
page read and write
1D76E000
heap
page read and write
43EE000
stack
page read and write
4761000
heap
page read and write
4D90000
direct allocation
page execute and read and write
43AE000
stack
page read and write
2AC7000
heap
page read and write
461F000
stack
page read and write
16EB000
heap
page read and write
6CC4D000
unkown
page readonly
51CE000
stack
page read and write
4DC0000
direct allocation
page read and write
451E000
stack
page read and write
14A4000
heap
page read and write
53D0000
direct allocation
page execute and read and write
14A4000
heap
page read and write
53E0000
direct allocation
page execute and read and write
536E000
stack
page read and write
14A5000
heap
page read and write
14A4000
heap
page read and write
6C40000
heap
page read and write
1620000
heap
page read and write
4DD1000
heap
page read and write
2906000
heap
page read and write
14A4000
heap
page read and write
1D743000
heap
page read and write
39AF000
stack
page read and write
2A4F000
stack
page read and write
4C71000
heap
page read and write
15BE000
stack
page read and write
1D751000
heap
page read and write
E6F000
unkown
page execute and write copy
83C000
unkown
page execute read
118A000
unkown
page execute and read and write
1D751000
heap
page read and write
1D751000
heap
page read and write
21894E50000
heap
page read and write
1354000
heap
page read and write
3FDF000
stack
page read and write
43AF000
stack
page read and write
4B2E000
stack
page read and write
117B000
unkown
page execute and read and write
513B000
stack
page read and write
14A4000
heap
page read and write
4C71000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
7FF6850DE000
unkown
page read and write
118B000
unkown
page execute and write copy
303E000
stack
page read and write
168F000
stack
page read and write
2C0E000
stack
page read and write
237B0000
heap
page read and write
1D739000
heap
page read and write
2A830000
heap
page read and write
1D750000
heap
page read and write
BBB000
unkown
page execute and read and write
6CC5E000
unkown
page read and write
2FCE000
stack
page read and write
53E0000
direct allocation
page execute and read and write
1407FC000
unkown
page readonly
466E000
stack
page read and write
1D746000
heap
page read and write
61EB7000
direct allocation
page readonly
14A4000
heap
page read and write
4D2F000
stack
page read and write
1D76A000
heap
page read and write
3EEE000
stack
page read and write
546E000
stack
page read and write
998000
direct allocation
page read and write
14A4000
heap
page read and write
362E000
stack
page read and write
F12000
unkown
page execute and read and write
5400000
direct allocation
page execute and read and write
4D70000
direct allocation
page execute and read and write
14A4000
heap
page read and write
54A0000
direct allocation
page execute and read and write
23940000
heap
page read and write
14A4000
heap
page read and write
4761000
heap
page read and write
35AF000
stack
page read and write
181F000
stack
page read and write
14A4000
heap
page read and write
326E000
stack
page read and write
14A4000
heap
page read and write
1D751000
heap
page read and write
61EB4000
direct allocation
page read and write
398F000
stack
page read and write
4761000
heap
page read and write
14A4000
heap
page read and write
322F000
stack
page read and write
5450000
direct allocation
page execute and read and write
7FF685115000
unkown
page readonly
A50000
unkown
page read and write
23A00000
trusted library allocation
page read and write
4C71000
heap
page read and write
1354000
heap
page read and write
3080000
direct allocation
page read and write
A30000
heap
page read and write
3040000
direct allocation
page read and write
1D760000
heap
page read and write
4761000
heap
page read and write
4DD1000
heap
page read and write
3080000
direct allocation
page read and write
14A4000
heap
page read and write
476F000
stack
page read and write
14A4000
heap
page read and write
47AE000
stack
page read and write
4761000
heap
page read and write
7FF685114000
unkown
page read and write
4DC1000
heap
page read and write
140C10000
unkown
page readonly
402E000
stack
page read and write
21892F6B000
heap
page read and write
16C1000
heap
page read and write
16C0000
heap
page read and write
4761000
heap
page read and write
1D840000
trusted library allocation
page read and write
4C71000
heap
page read and write
14A4000
heap
page read and write
140001000
unkown
page execute read
48AF000
stack
page read and write
4DA0000
heap
page read and write
883C000
stack
page read and write
1D746000
heap
page read and write
53E0000
direct allocation
page execute and read and write
21892F81000
heap
page read and write
4C71000
heap
page read and write
39AE000
stack
page read and write
4C6F000
stack
page read and write
7E0000
heap
page read and write
4D9F000
stack
page read and write
301E000
stack
page read and write
4C5F000
stack
page read and write
2A9E0000
heap
page read and write
5136000
direct allocation
page read and write
1D751000
heap
page read and write
1D72F000
heap
page read and write
4761000
heap
page read and write
D4E000
unkown
page execute and read and write
2189304A000
trusted library allocation
page read and write
1D76B000
heap
page read and write
2E8E000
stack
page read and write
1D747000
heap
page read and write
43EE000
stack
page read and write
2A90000
heap
page read and write
5250000
direct allocation
page read and write
4E0000
heap
page read and write
14A4000
heap
page read and write
3C5E000
stack
page read and write
4F0B000
stack
page read and write
1D72B000
heap
page read and write
5440000
direct allocation
page execute and read and write
4DC0000
direct allocation
page read and write
38AE000
stack
page read and write
1D751000
heap
page read and write
1D08E000
stack
page read and write
4BF0000
direct allocation
page read and write
4C71000
heap
page read and write
4DD0000
direct allocation
page execute and read and write
16D2000
heap
page read and write
4C71000
heap
page read and write
E70000
unkown
page execute and write copy
6CBD1000
unkown
page execute read
7FF6850A1000
unkown
page execute read
472F000
stack
page read and write
1D04F000
stack
page read and write
6CE55000
unkown
page readonly
4DC0000
direct allocation
page read and write
372E000
stack
page read and write
311E000
stack
page read and write
1D755000
heap
page read and write
21892F7A000
heap
page read and write
4761000
heap
page read and write
162E000
heap
page read and write
3AEF000
stack
page read and write
465E000
stack
page read and write
2ACD000
heap
page read and write
4C71000
heap
page read and write
4DC0000
direct allocation
page read and write
4D80000
direct allocation
page execute and read and write
9A4000
heap
page read and write
34AF000
stack
page read and write
54B0000
direct allocation
page execute and read and write
1572000
heap
page read and write
974000
direct allocation
page read and write
ABB000
unkown
page execute and read and write
5C5C000
stack
page read and write
9A0000
heap
page read and write
2E6E000
stack
page read and write
A51000
unkown
page execute and write copy
23C1A000
heap
page read and write
1D76E000
heap
page read and write
14A4000
heap
page read and write
2385F000
heap
page read and write
2395A000
heap
page read and write
14A4000
heap
page read and write
4C71000
heap
page read and write
D2A000
unkown
page execute and read and write
2FC0000
direct allocation
page read and write
4C71000
heap
page read and write
4EB1000
heap
page read and write
50F0000
direct allocation
page read and write
167E000
heap
page read and write
1D755000
heap
page read and write
412F000
stack
page read and write
452E000
stack
page read and write
412E000
stack
page read and write
14A4000
heap
page read and write
2FB0000
heap
page read and write
14A4000
heap
page read and write
3080000
direct allocation
page read and write
D60000
unkown
page execute and read and write
4761000
heap
page read and write
14A4000
heap
page read and write
4C71000
heap
page read and write
7FF6850E5000
unkown
page read and write
1D751000
heap
page read and write
51B000
heap
page read and write
2FC0000
direct allocation
page read and write
21892EB0000
heap
page read and write
14A4000
heap
page read and write
14A0000
heap
page read and write
14A4000
heap
page read and write
1D76E000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
4750000
direct allocation
page read and write
FAC000
stack
page read and write
4D70000
direct allocation
page execute and read and write
14A4000
heap
page read and write
4761000
heap
page read and write
3DAE000
stack
page read and write
429E000
stack
page read and write
1D751000
heap
page read and write
518E000
stack
page read and write
4C70000
heap
page read and write
386F000
stack
page read and write
6CE0F000
unkown
page readonly
1D749000
heap
page read and write
1324000
unkown
page execute and read and write
D6F000
unkown
page execute and write copy
4E00000
direct allocation
page execute and read and write
7FF6850CE000
unkown
page readonly
14A4000
heap
page read and write
1D755000
heap
page read and write
4761000
heap
page read and write
1409F1000
unkown
page write copy
14A4000
heap
page read and write
21894D54000
heap
page read and write
396F000
stack
page read and write
140BA0000
unkown
page readonly
545000
heap
page read and write
5470000
direct allocation
page execute and read and write
538F000
stack
page read and write
335F000
stack
page read and write
339E000
stack
page read and write
4C71000
heap
page read and write
BB9000
unkown
page write copy
AB2000
unkown
page execute and read and write
4D40000
direct allocation
page execute and read and write
4B6E000
stack
page read and write
4DAE000
stack
page read and write
3B2E000
stack
page read and write
2BD6000
heap
page read and write
3080000
direct allocation
page read and write
7FF685118000
unkown
page write copy
39DE000
stack
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
A2F000
stack
page read and write
1D751000
heap
page read and write
590000
heap
page read and write
2165000
heap
page read and write
53F0000
direct allocation
page execute and read and write
14A4000
heap
page read and write
1672000
heap
page read and write
1350000
heap
page read and write
1D74B000
heap
page read and write
4C71000
heap
page read and write
6720000
heap
page read and write
16EB000
heap
page read and write
3FEF000
stack
page read and write
4761000
heap
page read and write
489F000
stack
page read and write
3D6F000
stack
page read and write
D55000
unkown
page execute and read and write
16E8000
heap
page read and write
5328CFE000
stack
page read and write
E60000
unkown
page execute and read and write
4C71000
heap
page read and write
1683000
heap
page read and write
167E000
heap
page read and write
61E00000
direct allocation
page execute and read and write
464E000
stack
page read and write
4C71000
heap
page read and write
1460000
heap
page read and write
14A4000
heap
page read and write
190000
heap
page read and write
4B5E000
stack
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
23A6E000
stack
page read and write
53E0000
direct allocation
page execute and read and write
61ECC000
direct allocation
page read and write
6CC62000
unkown
page readonly
3040000
direct allocation
page read and write
1174000
unkown
page execute and read and write
316E000
stack
page read and write
5280000
direct allocation
page execute and read and write
3C4E000
stack
page read and write
14A4000
heap
page read and write
D70000
unkown
page execute and write copy
3060000
heap
page read and write
14A4000
heap
page read and write
167E000
heap
page read and write
53B0000
direct allocation
page execute and read and write
43DE000
stack
page read and write
1D47D000
stack
page read and write
14A4000
heap
page read and write
5B5B000
stack
page read and write
1D737000
heap
page read and write
3EDE000
stack
page read and write
3FEF000
stack
page read and write
4D70000
direct allocation
page execute and read and write
410F000
stack
page read and write
307E000
stack
page read and write
4EB1000
heap
page read and write
83F000
unkown
page read and write
5260000
direct allocation
page read and write
4DC1000
heap
page read and write
4750000
direct allocation
page read and write
4C71000
heap
page read and write
2E8E000
stack
page read and write
5480000
direct allocation
page execute and read and write
2AA0000
heap
page read and write
983000
direct allocation
page read and write
14A4000
heap
page read and write
1470000
heap
page read and write
7BC000
stack
page read and write
349F000
stack
page read and write
6725000
heap
page read and write
1354000
heap
page read and write
4A2E000
stack
page read and write
2ACB000
heap
page read and write
21894E50000
trusted library allocation
page read and write
10F7000
heap
page read and write
1D76A000
heap
page read and write
853000
unkown
page readonly
23948000
heap
page read and write
4761000
heap
page read and write
4A1E000
stack
page read and write
386E000
stack
page read and write
BB2000
unkown
page execute and read and write
42AE000
stack
page read and write
61ECD000
direct allocation
page readonly
372F000
stack
page read and write
14A4000
heap
page read and write
53C0000
direct allocation
page execute and read and write
4C71000
heap
page read and write
166A000
heap
page read and write
23C23000
heap
page read and write
2FDE000
stack
page read and write
4761000
heap
page read and write
77D000
stack
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
69AF000
stack
page read and write
D6F000
unkown
page execute and read and write
4B2F000
stack
page read and write
476F000
stack
page read and write
A50000
unkown
page readonly
21892F9E000
heap
page read and write
160E000
stack
page read and write
4C71000
heap
page read and write
426E000
stack
page read and write
21892F7D000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
1684000
heap
page read and write
3EAF000
stack
page read and write
1D751000
heap
page read and write
3040000
direct allocation
page read and write
1D737000
heap
page read and write
16E2000
heap
page read and write
1673000
heap
page read and write
16EB000
heap
page read and write
14A4000
heap
page read and write
50F0000
direct allocation
page read and write
3080000
direct allocation
page read and write
14A4000
heap
page read and write
4761000
heap
page read and write
8C10000
heap
page read and write
C4E000
unkown
page execute and read and write
312F000
stack
page read and write
239A3000
heap
page read and write
45EF000
stack
page read and write
169C000
heap
page read and write
5280000
direct allocation
page execute and read and write
16E8000
heap
page read and write
14A4000
heap
page read and write
16E4000
heap
page read and write
35EF000
stack
page read and write
1D751000
heap
page read and write
16EB000
heap
page read and write
1D760000
heap
page read and write
4C71000
heap
page read and write
4C71000
heap
page read and write
450E000
stack
page read and write
14A4000
heap
page read and write
21892F7A000
heap
page read and write
6CBD0000
unkown
page readonly
4C71000
heap
page read and write
10AE000
stack
page read and write
23900000
trusted library allocation
page read and write
4750000
direct allocation
page read and write
53285B2000
stack
page read and write
1D737000
heap
page read and write
3EEE000
stack
page read and write
4D60000
direct allocation
page execute and read and write
6CE50000
unkown
page read and write
14A5000
heap
page read and write
53289FE000
stack
page read and write
3FAF000
stack
page read and write
D6F000
unkown
page execute and read and write
4761000
heap
page read and write
475F000
stack
page read and write
55AE000
stack
page read and write
21893135000
heap
page read and write
14A4000
heap
page read and write
CA1000
unkown
page execute and write copy
3D9E000
stack
page read and write
14A4000
heap
page read and write
16FE000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
4750000
direct allocation
page read and write
43CE000
stack
page read and write
140B87000
unkown
page readonly
B50000
unkown
page readonly
39AF000
stack
page read and write
426F000
stack
page read and write
1D6BC000
stack
page read and write
3040000
direct allocation
page read and write
5270000
direct allocation
page execute and read and write
16D2000
heap
page read and write
14A4000
heap
page read and write
14A4000
heap
page read and write
3067000
heap
page read and write
4761000
heap
page read and write
A51000
unkown
page execute and write copy
14A5000
heap
page read and write
3D5F000
stack
page read and write
528E000
stack
page read and write
23C28000
heap
page read and write
1D76E000
heap
page read and write
239B1000
heap
page read and write
14A4000
heap
page read and write
5420000
direct allocation
page execute and read and write
4DC0000
direct allocation
page read and write
B50000
unkown
page read and write
14A4000
heap
page read and write
4C71000
heap
page read and write
110E000
heap
page read and write
3040000
direct allocation
page read and write
452E000
stack
page read and write
53285C0000
stack
page read and write
32AF000
stack
page read and write
14A4000
heap
page read and write
4750000
direct allocation
page read and write
2FC0000
direct allocation
page read and write
371F000
stack
page read and write
1697000
heap
page read and write
338E000
stack
page read and write
5550000
direct allocation
page execute and read and write
3FEE000
stack
page read and write
1D76B000
heap
page read and write
1D76E000
heap
page read and write
1589000
heap
page read and write
1D766000
heap
page read and write
3EAF000
stack
page read and write
4B2F000
stack
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
4761000
heap
page read and write
53D0000
direct allocation
page execute and read and write
12FD000
stack
page read and write
1D74A000
heap
page read and write
16FE000
heap
page read and write
401E000
stack
page read and write
6CC70000
unkown
page readonly
10E0000
heap
page read and write
33AF000
stack
page read and write
4C9E000
stack
page read and write
531E000
stack
page read and write
7FF6850DE000
unkown
page write copy
991000
direct allocation
page read and write
14A4000
heap
page read and write
54B0000
direct allocation
page execute and read and write
4D70000
direct allocation
page execute and read and write
462E000
stack
page read and write
53E0000
direct allocation
page execute and read and write
4761000
heap
page read and write
3AEE000
stack
page read and write
1D751000
heap
page read and write
A50000
unkown
page read and write
B20000
heap
page read and write
16D4000
heap
page read and write
4C71000
heap
page read and write
14A4000
heap
page read and write
39EE000
stack
page read and write
14A4000
heap
page read and write
34EE000
stack
page read and write
389E000
stack
page read and write
52B0000
direct allocation
page execute and read and write
7261000
heap
page read and write
14A4000
heap
page read and write
D6F000
unkown
page execute and write copy
140000000
unkown
page readonly
4761000
heap
page read and write
14A4000
heap
page read and write
61ED0000
direct allocation
page read and write
16DC000
heap
page read and write
There are 1346 hidden memdumps, click here to show them.