IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsHCAFIJDGHC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BKFBAKFC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\CAKEBFCF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\EHJDHJKFIECAAKFIJJKJKFHJKE
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\FBGIDHCAAKEBAKFIIIEB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\FHIECBAFBFHIJKFIJDAK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\KJJJKFIIIJJJECAAEHDB
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\ProgramData\KKEHIEBKJKFIEBGDGDAAECGHDH
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\19eef773-efed-4fda-8062-a6089d486fca.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\229e8aaa-cd51-4c0c-a28a-d89c7d41670e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\25c2205f-846d-44f2-9230-f862a0db9e3b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74dd3fd0-d2bf-4bfa-bb21-358cf1fd9ddc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\80fc5516-794b-412a-aaf8-da0753cf6fb8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8ab34f6c-e2d4-4433-b8ac-612dbb97c979.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\99bd8f0b-c426-41dd-933c-f2cbbd6ca396.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\0b00206e-8b72-426e-a691-dcf183e52932.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6741005E-14CC.pma
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2048.000000, slope 17753217332035315519916605440.000000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\23bcc94c-d659-4f7e-ad14-3910914944e9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\391c8aff-6633-4761-af81-26791721afa5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\538222ab-ad76-4f76-8c02-631c283d4fbf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\58ad9a9b-5a35-404b-9731-edd455d7d434.tmp
Unicode text, UTF-8 text, with very long lines (17340), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\86edf17d-2fa1-426a-b9a7-18d61975820a.tmp
Unicode text, UTF-8 text, with very long lines (17505), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\00bebce9-093f-4704-914a-83b228979897.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\127e8cb7-30de-492c-b97f-ec84a733e344.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\98a0268e-9d85-4a1f-b63a-ea63165e4d68.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF39079.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a6d0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a917ed2b-1257-4739-82c9-936316494e78.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ff8de70c-fcbb-47b4-9624-38b6e9f26660.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3d86f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41828.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF48d77.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3cde0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF40d1c.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376786785330955
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3a6d0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b93719a0-dd9d-4075-9161-7591bdc82327.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\efb8317d-ddfb-44e5-81df-be7465976401.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f705071f-18cc-4a40-b27d-c2d806188f13.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a9bc8b84-ab65-40c3-91f1-e7ef09e052dc.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b73400d3-96ce-4972-9ea5-7304ab6e342e.tmp
Unicode text, UTF-8 text, with very long lines (17505), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cdaeb3c2-524d-407c-95da-02b7e02c3235.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ef3b6f94-79d4-4602-945c-70e7da77fa8b.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37a80.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37a90.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37c45.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a336.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3e83e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48d29.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ecec.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ff4f47a3-1ddf-40f9-83bc-f7ce103520f0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\76175aed-b864-41dc-980f-9c4c9da51466.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\7adda844-4727-4608-a6ba-14e1cfa77438.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\8e645387-e094-48ab-8d57-253caa5f8a73.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\a88bdb72-ef16-413a-bcfa-3fe50b36c5a2.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\aa6ebee6-2ec5-456c-8014-307bf630f625.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\dcc0bead-4db5-47bc-bf0d-c43f46c68ee2.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\e155e8eb-d8c3-4a7d-b392-698eb5da465c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_1219239554\e155e8eb-d8c3-4a7d-b392-698eb5da465c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_283674801\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_283674801\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_283674801\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_283674801\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5324_283674801\a88bdb72-ef16-413a-bcfa-3fe50b36c5a2.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 21:06:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 21:06:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 21:06:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 21:06:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 22 21:06:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 462
ASCII text, with very long lines (803)
downloaded
Chrome Cache Entry: 463
ASCII text
downloaded
Chrome Cache Entry: 464
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 465
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 466
SVG Scalable Vector Graphics image
downloaded
There are 276 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=1992,i,11116449374999866052,6667238592882997596,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2108,i,16945765507413660770,14128624354131785041,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2032,i,18235995259734345165,12719707871495107265,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6732 --field-trial-handle=2032,i,18235995259734345165,12719707871495107265,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6940 --field-trial-handle=2032,i,18235995259734345165,12719707871495107265,262144 /prefetch:8
malicious
C:\Users\user\DocumentsHCAFIJDGHC.exe
"C:\Users\user\DocumentsHCAFIJDGHC.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2432 --field-trial-handle=2032,i,18235995259734345165,12719707871495107265,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsHCAFIJDGHC.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpF#
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://ntp.msn.com/_default
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
unknown
https://www.last.fm/
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll=
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://sb.scorecardresearch.com/
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
https://sb.scorecardresearch.com/b?rn=1732313197626&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1981927DEF30640D17DC8742EE526551&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.165.220.57
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://c.msn.com/c.gif?rnd=1732313197626&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=7dd1da5736714f8ca4abe9d156210cf4&activityId=7dd1da5736714f8ca4abe9d156210cf4&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=2F5A781EBD344B789849D40870A32EB8&MUID=1981927DEF30640D17DC8742EE526551
20.110.205.119
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://c.msn.com/c.gif?rnd=1732313197626&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=7dd1da5736714f8ca4abe9d156210cf4&activityId=7dd1da5736714f8ca4abe9d156210cf4&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.110.205.119
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.68
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
http://185.215.113.16/mine/random.exe(X
unknown
http://185.215.113.206lfons
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://drive-daily-5.corp.google.com/
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732313204674&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.141.63
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://sb.scorecardresearch.com/b2?rn=1732313197626&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1981927DEF30640D17DC8742EE526551&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.238.49.74
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732313203734&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.141.63
https://outlook.live.com/mail/0/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/c4becf79229cb002.phpp
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tidal.com/
unknown
https://ntp.msn.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732313203730&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.141.63
https://browser.events.data.msn.cn/
unknown
https://gaana.com/
unknown
https://drive-staging.corp.google.com/
unknown
https://outlook.live.com/mail/compose?isExtension=true
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.43/Zu7JuNko/index.php%
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpbJ
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
unknown
https://ntp.msn.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpt#
unknown
http://www.sqlite.org/copyright.html.
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732313197623&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.141.63
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.57
www.google.com
142.250.181.68
googlehosted.l.googleusercontent.com
172.217.19.225
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
deff.nelreports.net
unknown
ntp.msn.com
unknown
api.msn.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.5
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.40
unknown
United States
23.96.180.189
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
192.168.2.4
unknown
unknown
52.182.141.63
unknown
United States
18.238.49.74
unknown
United States
104.126.116.98
unknown
United States
23.209.72.17
unknown
United States
142.250.181.68
www.google.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
23.198.214.144
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
18.165.220.57
sb.scorecardresearch.com
United States
185.215.113.16
unknown
Portugal
104.126.116.43
unknown
United States
239.255.255.250
unknown
Reserved
104.117.182.18
unknown
United States
52.228.161.161
unknown
United States
127.0.0.1
unknown
unknown
There are 14 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197782
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197782
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197782
WindowTabManagerFileMappingId
There are 94 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
EE1000
unkown
page execute and read and write
 malicious
51A0000
direct allocation
page read and write
 malicious
52A0000
direct allocation
page read and write
 malicious
8E1000
unkown
page execute and read and write
 malicious
4900000
direct allocation
page read and write
 malicious
951000
unkown
page execute and read and write
 malicious
71E000
heap
page read and write
 malicious
4B20000
direct allocation
page read and write
 malicious
8E1000
unkown
page execute and read and write
 malicious
8E1000
unkown
page execute and read and write
 malicious
4EB0000
direct allocation
page read and write
 malicious
4FD000
stack
page read and write
3130000
direct allocation
page read and write
951000
unkown
page execute and write copy
4E21000
heap
page read and write
1424000
heap
page read and write
1424000
heap
page read and write
267F000
stack
page read and write
15CB000
stack
page read and write
929D000
heap
page read and write
5010000
direct allocation
page execute and read and write
46A1000
heap
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
1D2A3000
heap
page read and write
46A1000
heap
page read and write
5C4000
heap
page read and write
1635000
heap
page read and write
441F000
stack
page read and write
46A1000
heap
page read and write
4B10000
direct allocation
page execute and read and write
167A000
heap
page read and write
1444000
heap
page read and write
37DE000
stack
page read and write
46A1000
heap
page read and write
6B5E000
heap
page read and write
1424000
heap
page read and write
16F1000
heap
page read and write
1444000
heap
page read and write
4CD0000
direct allocation
page execute and read and write
573E000
stack
page read and write
1D2AA000
heap
page read and write
3A1F000
stack
page read and write
8E0000
unkown
page read and write
1D2A2000
heap
page read and write
1444000
heap
page read and write
365F000
stack
page read and write
46A1000
heap
page read and write
C4F000
unkown
page execute and read and write
3B5F000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
46A1000
heap
page read and write
6776000
heap
page read and write
4E21000
heap
page read and write
351F000
stack
page read and write
1444000
heap
page read and write
1D28A000
heap
page read and write
15E0000
direct allocation
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
38DF000
stack
page read and write
1D28B000
heap
page read and write
1444000
heap
page read and write
397E000
stack
page read and write
46A1000
heap
page read and write
1D294000
heap
page read and write
4B56000
direct allocation
page read and write
6B51000
heap
page read and write
1D272000
heap
page read and write
1424000
heap
page read and write
5C7E000
stack
page read and write
6C755000
unkown
page readonly
329E000
stack
page read and write
5480000
direct allocation
page execute and read and write
1D295000
heap
page read and write
1444000
heap
page read and write
1060000
heap
page read and write
3130000
direct allocation
page read and write
8A0000
direct allocation
page read and write
F80000
heap
page read and write
5360000
direct allocation
page execute and read and write
46A1000
heap
page read and write
441F000
stack
page read and write
1D291000
heap
page read and write
315F000
stack
page read and write
1D271000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
46A1000
heap
page read and write
4CBE000
stack
page read and write
1444000
heap
page read and write
1424000
heap
page read and write
1065000
heap
page read and write
6CCE000
stack
page read and write
6C70F000
unkown
page readonly
169C000
heap
page read and write
D95000
unkown
page execute and read and write
46A1000
heap
page read and write
1D295000
heap
page read and write
1444000
heap
page read and write
5030000
direct allocation
page execute and read and write
37DE000
stack
page read and write
3BBF000
stack
page read and write
16C4000
heap
page read and write
1440000
heap
page read and write
4B9F000
stack
page read and write
59E000
stack
page read and write
4B6B000
stack
page read and write
1424000
heap
page read and write
23646000
heap
page read and write
1424000
heap
page read and write
2C7F000
stack
page read and write
1D313000
heap
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
46A1000
heap
page read and write
1D2AF000
heap
page read and write
1D2AD000
heap
page read and write
1645000
heap
page read and write
1D291000
heap
page read and write
46A1000
heap
page read and write
D97000
unkown
page execute and write copy
51DE000
stack
page read and write
1444000
heap
page read and write
EE1000
unkown
page execute and write copy
3C9F000
stack
page read and write
53F0000
direct allocation
page execute and read and write
43DF000
stack
page read and write
429F000
stack
page read and write
234BE000
heap
page read and write
61ECC000
direct allocation
page read and write
16D1000
heap
page read and write
1D27B000
heap
page read and write
4E21000
heap
page read and write
4A80000
direct allocation
page execute and read and write
5470000
direct allocation
page execute and read and write
331E000
stack
page read and write
46A1000
heap
page read and write
1424000
heap
page read and write
8A0000
direct allocation
page read and write
8E0000
unkown
page read and write
4E21000
heap
page read and write
BF7000
unkown
page execute and write copy
16E6000
heap
page read and write
1D0ED000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
2F1F000
stack
page read and write
351E000
stack
page read and write
301F000
stack
page read and write
3E3F000
stack
page read and write
4CC0000
direct allocation
page execute and read and write
8B7000
heap
page read and write
341E000
stack
page read and write
542C000
stack
page read and write
1D295000
heap
page read and write
5AEF000
stack
page read and write
C66000
unkown
page execute and read and write
1444000
heap
page read and write
1424000
heap
page read and write
1444000
heap
page read and write
2CFE000
stack
page read and write
1D298000
heap
page read and write
F1B000
stack
page read and write
5EDE000
stack
page read and write
1444000
heap
page read and write
700000
direct allocation
page read and write
441E000
stack
page read and write
5020000
direct allocation
page execute and read and write
3E1E000
stack
page read and write
C1E000
unkown
page execute and read and write
15E0000
direct allocation
page read and write
2E1F000
stack
page read and write
46A1000
heap
page read and write
3C5F000
stack
page read and write
15E0000
direct allocation
page read and write
5420000
direct allocation
page execute and read and write
1D28E000
heap
page read and write
4EB0000
direct allocation
page read and write
805000
heap
page read and write
485E000
stack
page read and write
433F000
stack
page read and write
52F0000
direct allocation
page execute and read and write
1CCFF000
stack
page read and write
8A0000
direct allocation
page read and write
3130000
direct allocation
page read and write
46A1000
heap
page read and write
34DF000
stack
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
112A000
unkown
page read and write
4A31000
heap
page read and write
160A000
heap
page read and write
41DE000
stack
page read and write
4E30000
heap
page read and write
1D295000
heap
page read and write
4E21000
heap
page read and write
499E000
stack
page read and write
393F000
stack
page read and write
165C000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
3D3E000
stack
page read and write
103E000
stack
page read and write
942000
unkown
page execute and read and write
1424000
heap
page read and write
3DDE000
stack
page read and write
1050000
direct allocation
page read and write
1444000
heap
page read and write
32DE000
stack
page read and write
13EE000
stack
page read and write
949000
unkown
page write copy
3CDE000
stack
page read and write
1444000
heap
page read and write
670E000
stack
page read and write
530000
heap
page read and write
61E01000
direct allocation
page execute read
4481000
heap
page read and write
447F000
stack
page read and write
5490000
direct allocation
page execute and read and write
16D1000
heap
page read and write
361F000
stack
page read and write
46A1000
heap
page read and write
23460000
heap
page read and write
5C4000
heap
page read and write
7AA000
heap
page read and write
6C54D000
unkown
page readonly
4E21000
heap
page read and write
53B0000
direct allocation
page execute and read and write
3D9F000
stack
page read and write
5330000
direct allocation
page execute and read and write
4CB0000
direct allocation
page execute and read and write
1D28D000
heap
page read and write
949000
unkown
page write copy
329F000
stack
page read and write
61ECD000
direct allocation
page readonly
365F000
stack
page read and write
4A80000
direct allocation
page execute and read and write
13CF000
unkown
page execute and read and write
1424000
heap
page read and write
45DE000
stack
page read and write
4E21000
heap
page read and write
BDF000
unkown
page execute and read and write
1444000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
166E000
heap
page read and write
D97000
unkown
page execute and write copy
235E0000
heap
page read and write
1444000
heap
page read and write
1D283000
heap
page read and write
BF6000
unkown
page execute and read and write
1444000
heap
page read and write
1444000
heap
page read and write
10F0000
heap
page read and write
23550000
heap
page read and write
8E0000
unkown
page readonly
1D295000
heap
page read and write
4A9E000
stack
page read and write
1D291000
heap
page read and write
1D2B0000
heap
page read and write
3A7F000
stack
page read and write
1050000
direct allocation
page read and write
5320000
direct allocation
page execute and read and write
52DE000
stack
page read and write
4E21000
heap
page read and write
1D3B0000
trusted library allocation
page read and write
1050000
direct allocation
page read and write
493E000
stack
page read and write
1D26F000
heap
page read and write
46A1000
heap
page read and write
5300000
direct allocation
page execute and read and write
1CBBF000
stack
page read and write
1CD5E000
stack
page read and write
1424000
heap
page read and write
1D2A2000
heap
page read and write
26BE000
stack
page read and write
8E0000
unkown
page read and write
16C7000
heap
page read and write
4BDF000
stack
page read and write
1CEAE000
stack
page read and write
2C5F000
stack
page read and write
46A1000
heap
page read and write
1D295000
heap
page read and write
2D10000
heap
page read and write
4E21000
heap
page read and write
391F000
stack
page read and write
4C80000
direct allocation
page execute and read and write
1444000
heap
page read and write
6C750000
unkown
page read and write
1D2B0000
heap
page read and write
36FE000
stack
page read and write
1D2A3000
heap
page read and write
35BE000
stack
page read and write
15E0000
direct allocation
page read and write
405E000
stack
page read and write
5C4000
heap
page read and write
1424000
heap
page read and write
4E21000
heap
page read and write
5070000
direct allocation
page execute and read and write
1444000
heap
page read and write
4B20000
direct allocation
page read and write
1D2A2000
heap
page read and write
375F000
stack
page read and write
471E000
stack
page read and write
1424000
heap
page read and write
2D00000
heap
page read and write
29DB000
stack
page read and write
90F000
stack
page read and write
36BF000
stack
page read and write
AC9000
unkown
page execute and read and write
5420000
direct allocation
page execute and read and write
59EE000
stack
page read and write
5340000
direct allocation
page execute and read and write
4900000
direct allocation
page read and write
1444000
heap
page read and write
10AE000
stack
page read and write
1444000
heap
page read and write
2F9E000
stack
page read and write
1424000
heap
page read and write
2EDF000
stack
page read and write
5C3E000
stack
page read and write
5C4000
heap
page read and write
4E21000
heap
page read and write
4AB0000
direct allocation
page execute and read and write
1D27D000
heap
page read and write
2B57000
heap
page read and write
257E000
stack
page read and write
BE6000
unkown
page execute and read and write
1444000
heap
page read and write
495E000
stack
page read and write
1D295000
heap
page read and write
1424000
heap
page read and write
4AA0000
direct allocation
page execute and read and write
1444000
heap
page read and write
1444000
heap
page read and write
5440000
direct allocation
page execute and read and write
1D27B000
heap
page read and write
5320000
direct allocation
page execute and read and write
2D9F000
stack
page read and write
1D295000
heap
page read and write
5030000
direct allocation
page execute and read and write
1444000
heap
page read and write
1424000
heap
page read and write
FFE000
stack
page read and write
3CDF000
stack
page read and write
1424000
heap
page read and write
3A9E000
stack
page read and write
1424000
heap
page read and write
46A1000
heap
page read and write
409E000
stack
page read and write
1424000
heap
page read and write
1444000
heap
page read and write
7848000
heap
page read and write
1444000
heap
page read and write
5DDE000
stack
page read and write
46A1000
heap
page read and write
1444000
heap
page read and write
481E000
stack
page read and write
1444000
heap
page read and write
4A1F000
stack
page read and write
28FF000
stack
page read and write
50C0000
direct allocation
page execute and read and write
1444000
heap
page read and write
3DDF000
stack
page read and write
4D20000
heap
page read and write
2CBE000
stack
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
950000
unkown
page read and write
16E6000
heap
page read and write
46A1000
heap
page read and write
319F000
stack
page read and write
465F000
stack
page read and write
1444000
heap
page read and write
1D295000
heap
page read and write
1D28B000
heap
page read and write
312F000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1D295000
heap
page read and write
3CDE000
stack
page read and write
38DF000
stack
page read and write
46A1000
heap
page read and write
1D27B000
heap
page read and write
154E000
stack
page read and write
6C562000
unkown
page readonly
3ABD000
stack
page read and write
46A1000
heap
page read and write
1D2A7000
heap
page read and write
74C000
stack
page read and write
67D000
stack
page read and write
4E21000
heap
page read and write
141D000
stack
page read and write
481F000
stack
page read and write
1110000
heap
page read and write
139E000
unkown
page execute and read and write
6C74F000
unkown
page write copy
1D295000
heap
page read and write
2A19C000
stack
page read and write
52A0000
direct allocation
page read and write
3130000
direct allocation
page read and write
1444000
heap
page read and write
700000
direct allocation
page read and write
423E000
stack
page read and write
1050000
direct allocation
page read and write
E07000
unkown
page execute and write copy
4E21000
heap
page read and write
2351E000
heap
page read and write
431F000
stack
page read and write
1D2A2000
heap
page read and write
6760000
heap
page read and write
23529000
heap
page read and write
C56000
unkown
page execute and read and write
1D287000
heap
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
FAC000
unkown
page execute and read and write
927C000
stack
page read and write
61ED3000
direct allocation
page read and write
9BB000
unkown
page execute and read and write
1D279000
heap
page read and write
1BC000
stack
page read and write
41DE000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
3A5E000
stack
page read and write
469F000
stack
page read and write
46A1000
heap
page read and write
7EC000
heap
page read and write
3F5E000
stack
page read and write
333E000
stack
page read and write
23501000
heap
page read and write
1444000
heap
page read and write
4900000
direct allocation
page read and write
8A0000
direct allocation
page read and write
383E000
stack
page read and write
51A0000
direct allocation
page read and write
169C000
heap
page read and write
D97000
unkown
page execute and write copy
949000
unkown
page write copy
33DE000
stack
page read and write
5C4000
heap
page read and write
1654000
heap
page read and write
47DE000
stack
page read and write
319C000
stack
page read and write
61EB7000
direct allocation
page readonly
4E21000
heap
page read and write
16F1000
heap
page read and write
455E000
stack
page read and write
1050000
direct allocation
page read and write
10EE000
stack
page read and write
46A1000
heap
page read and write
46A1000
heap
page read and write
133D000
stack
page read and write
6C4D0000
unkown
page readonly
355E000
stack
page read and write
46A1000
heap
page read and write
16CF000
heap
page read and write
1D28B000
heap
page read and write
46A1000
heap
page read and write
D95000
unkown
page execute and read and write
1424000
heap
page read and write
8B0000
heap
page read and write
3BDE000
stack
page read and write
EE0000
unkown
page read and write
1D294000
heap
page read and write
15E0000
direct allocation
page read and write
46DE000
stack
page read and write
15D0000
heap
page read and write
32DE000
stack
page read and write
4E21000
heap
page read and write
315B000
heap
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
41FF000
stack
page read and write
3130000
direct allocation
page read and write
1444000
heap
page read and write
339F000
stack
page read and write
46A1000
heap
page read and write
4C6F000
stack
page read and write
351F000
stack
page read and write
365E000
stack
page read and write
4A80000
direct allocation
page execute and read and write
1444000
heap
page read and write
4480000
heap
page read and write
165D000
heap
page read and write
15E0000
direct allocation
page read and write
307F000
stack
page read and write
23560000
trusted library allocation
page read and write
46A1000
heap
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
234C1000
heap
page read and write
1682000
heap
page read and write
1424000
heap
page read and write
234AC000
heap
page read and write
BF7000
unkown
page execute and write copy
1444000
heap
page read and write
C67000
unkown
page execute and write copy
1D24D000
stack
page read and write
311F000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1445000
heap
page read and write
2363E000
heap
page read and write
50B0000
direct allocation
page execute and read and write
421E000
stack
page read and write
1444000
heap
page read and write
6ABF000
stack
page read and write
94B000
unkown
page execute and read and write
BAE000
unkown
page execute and read and write
13DF000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
15E0000
direct allocation
page read and write
1D271000
heap
page read and write
5420000
direct allocation
page execute and read and write
949000
unkown
page write copy
56FF000
stack
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
71A000
heap
page read and write
234E1000
heap
page read and write
1444000
heap
page read and write
5320000
direct allocation
page execute and read and write
1050000
direct allocation
page read and write
395E000
stack
page read and write
3B9E000
stack
page read and write
1D2AB000
heap
page read and write
2B5E000
heap
page read and write
343F000
stack
page read and write
4E21000
heap
page read and write
1D266000
heap
page read and write
4E21000
heap
page read and write
3FBE000
stack
page read and write
184E000
stack
page read and write
369F000
stack
page read and write
1583000
unkown
page execute and read and write
3E7E000
stack
page read and write
445F000
stack
page read and write
46A1000
heap
page read and write
8C0000
heap
page read and write
46A1000
heap
page read and write
2B7F000
stack
page read and write
5030000
direct allocation
page execute and read and write
4E21000
heap
page read and write
5D7C000
stack
page read and write
23525000
heap
page read and write
4F11000
direct allocation
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
37FF000
stack
page read and write
3DDF000
stack
page read and write
4E21000
heap
page read and write
3CFE000
stack
page read and write
5B3E000
stack
page read and write
1424000
heap
page read and write
1424000
heap
page read and write
16F1000
heap
page read and write
1D2A2000
heap
page read and write
700000
direct allocation
page read and write
6DCE000
stack
page read and write
13F0000
heap
page read and write
5310000
direct allocation
page execute and read and write
1444000
heap
page read and write
5301000
direct allocation
page read and write
1444000
heap
page read and write
50D0000
direct allocation
page execute and read and write
42DE000
stack
page read and write
158E000
stack
page read and write
1444000
heap
page read and write
169C000
heap
page read and write
3A5E000
stack
page read and write
42DF000
stack
page read and write
4F8000
stack
page read and write
1444000
heap
page read and write
BF7000
unkown
page execute and write copy
169C000
heap
page read and write
1D28B000
heap
page read and write
1D2A7000
heap
page read and write
4A9F000
stack
page read and write
7B2000
heap
page read and write
1D2A2000
heap
page read and write
4A90000
direct allocation
page execute and read and write
597E000
stack
page read and write
BF6000
unkown
page execute and write copy
419E000
stack
page read and write
5420000
direct allocation
page execute and read and write
1D2A2000
heap
page read and write
61ED0000
direct allocation
page read and write
1D27B000
heap
page read and write
16E6000
heap
page read and write
1444000
heap
page read and write
301F000
stack
page read and write
C66000
unkown
page execute and write copy
3130000
direct allocation
page read and write
33DF000
stack
page read and write
16C7000
heap
page read and write
BF6000
unkown
page execute and read and write
949000
unkown
page write copy
1D27F000
heap
page read and write
111B000
heap
page read and write
942000
unkown
page execute and read and write
4E21000
heap
page read and write
165A000
heap
page read and write
15E0000
direct allocation
page read and write
1D2AB000
heap
page read and write
32FF000
stack
page read and write
3A1E000
stack
page read and write
4E21000
heap
page read and write
46A1000
heap
page read and write
4E21000
heap
page read and write
4A70000
direct allocation
page execute and read and write
23460000
trusted library allocation
page read and write
174E000
stack
page read and write
2CFE000
stack
page read and write
1444000
heap
page read and write
7840000
heap
page read and write
A0F000
stack
page read and write
84D000
stack
page read and write
2F3F000
stack
page read and write
710000
heap
page read and write
33DF000
stack
page read and write
4E21000
heap
page read and write
55BB000
stack
page read and write
48C0000
trusted library allocation
page read and write
5090000
direct allocation
page execute and read and write
46A1000
heap
page read and write
1444000
heap
page read and write
1050000
direct allocation
page read and write
700000
direct allocation
page read and write
1444000
heap
page read and write
1424000
heap
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
674E000
stack
page read and write
4A80000
direct allocation
page execute and read and write
3F1F000
stack
page read and write
1424000
heap
page read and write
587E000
stack
page read and write
46A1000
heap
page read and write
52DF000
stack
page read and write
3F9E000
stack
page read and write
12C0000
unkown
page execute and read and write
355F000
stack
page read and write
1444000
heap
page read and write
3130000
direct allocation
page read and write
1050000
direct allocation
page read and write
1CC000
stack
page read and write
9B9000
unkown
page write copy
1444000
heap
page read and write
5C4000
heap
page read and write
4E21000
heap
page read and write
5080000
direct allocation
page execute and read and write
46A1000
heap
page read and write
1118000
unkown
page execute and read and write
1424000
heap
page read and write
BAE000
unkown
page execute and read and write
9280000
heap
page read and write
46A1000
heap
page read and write
4E21000
heap
page read and write
165C000
heap
page read and write
6E0B000
stack
page read and write
8E1000
unkown
page execute and write copy
4A60000
direct allocation
page execute and read and write
1445000
heap
page read and write
3130000
direct allocation
page read and write
8A0000
direct allocation
page read and write
1424000
heap
page read and write
302E000
stack
page read and write
3E5E000
stack
page read and write
1D2B0000
heap
page read and write
1444000
heap
page read and write
389F000
stack
page read and write
4A5F000
stack
page read and write
6C74E000
unkown
page read and write
1444000
heap
page read and write
46A1000
heap
page read and write
315D000
heap
page read and write
1424000
heap
page read and write
491F000
stack
page read and write
1D295000
heap
page read and write
1D28F000
heap
page read and write
1424000
heap
page read and write
4FE000
stack
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
4E60000
trusted library allocation
page read and write
391E000
stack
page read and write
1D295000
heap
page read and write
15FF000
stack
page read and write
1D279000
heap
page read and write
1D295000
heap
page read and write
4E20000
heap
page read and write
1444000
heap
page read and write
F95000
unkown
page execute and read and write
1D2AB000
heap
page read and write
161B000
heap
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
2E3E000
stack
page read and write
3F5E000
stack
page read and write
4B20000
direct allocation
page read and write
1D2AA000
heap
page read and write
164F000
heap
page read and write
5320000
direct allocation
page execute and read and write
6C571000
unkown
page execute read
F17000
unkown
page execute and read and write
530000
heap
page read and write
5320000
direct allocation
page execute and read and write
D95000
unkown
page execute and read and write
1D2A2000
heap
page read and write
445D000
stack
page read and write
46A1000
heap
page read and write
46A1000
heap
page read and write
1424000
heap
page read and write
3B9F000
stack
page read and write
4D21000
heap
page read and write
5450000
direct allocation
page execute and read and write
5350000
direct allocation
page execute and read and write
6C570000
unkown
page readonly
4BDE000
stack
page read and write
1D2A8000
heap
page read and write
46A1000
heap
page read and write
1D2B0000
heap
page read and write
4C90000
direct allocation
page execute and read and write
1444000
heap
page read and write
1CBFE000
stack
page read and write
1050000
direct allocation
page read and write
3130000
direct allocation
page read and write
1424000
heap
page read and write
EE0000
unkown
page readonly
8B0000
heap
page read and write
4E21000
heap
page read and write
1050000
direct allocation
page read and write
40DE000
stack
page read and write
1444000
heap
page read and write
1424000
heap
page read and write
2F7E000
stack
page read and write
5260000
trusted library allocation
page read and write
1444000
heap
page read and write
449E000
stack
page read and write
4E21000
heap
page read and write
BE6000
unkown
page execute and read and write
345E000
stack
page read and write
53C0000
direct allocation
page execute and read and write
37DF000
stack
page read and write
3157000
heap
page read and write
4961000
direct allocation
page read and write
23644000
heap
page read and write
3A5F000
stack
page read and write
3130000
direct allocation
page read and write
46A1000
heap
page read and write
4E21000
heap
page read and write
4E21000
heap
page read and write
1424000
heap
page read and write
4D1E000
stack
page read and write
1424000
heap
page read and write
1D2A2000
heap
page read and write
1424000
heap
page read and write
1600000
heap
page read and write
1D2B0000
heap
page read and write
23560000
trusted library allocation
page read and write
46A0000
heap
page read and write
46A1000
heap
page read and write
46A1000
heap
page read and write
1427000
heap
page read and write
1444000
heap
page read and write
357F000
stack
page read and write
1444000
heap
page read and write
46A1000
heap
page read and write
610000
heap
page read and write
1050000
direct allocation
page read and write
1444000
heap
page read and write
BE6000
unkown
page execute and read and write
1D295000
heap
page read and write
1444000
heap
page read and write
5040000
direct allocation
page execute and read and write
1445000
heap
page read and write
4E21000
heap
page read and write
5160000
trusted library allocation
page read and write
6B50000
heap
page read and write
1444000
heap
page read and write
6B60000
heap
page read and write
3B9E000
stack
page read and write
234A2000
heap
page read and write
234A4000
heap
page read and write
4FEF000
stack
page read and write
1444000
heap
page read and write
112A000
unkown
page write copy
1D2B0000
heap
page read and write
1D28B000
heap
page read and write
5390000
direct allocation
page execute and read and write
40BF000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
31BF000
stack
page read and write
30BE000
stack
page read and write
4D21000
heap
page read and write
4AE0000
direct allocation
page execute and read and write
5030000
direct allocation
page execute and read and write
5C4000
heap
page read and write
4E21000
heap
page read and write
583F000
stack
page read and write
3F7F000
stack
page read and write
2363C000
heap
page read and write
685000
heap
page read and write
1D28F000
heap
page read and write
233C5000
heap
page read and write
F64000
unkown
page execute and read and write
1424000
heap
page read and write
763000
heap
page read and write
1050000
direct allocation
page read and write
3130000
direct allocation
page read and write
46DF000
stack
page read and write
1D2B0000
heap
page read and write
3E1F000
stack
page read and write
1444000
heap
page read and write
341F000
stack
page read and write
53DF000
stack
page read and write
1420000
heap
page read and write
6CE000
stack
page read and write
2BBE000
stack
page read and write
1CA7F000
stack
page read and write
1D262000
heap
page read and write
1444000
heap
page read and write
697F000
stack
page read and write
1444000
heap
page read and write
1D2A6000
heap
page read and write
32DF000
stack
page read and write
164C000
heap
page read and write
3F1E000
stack
page read and write
2ADF000
stack
page read and write
3130000
direct allocation
page read and write
700000
direct allocation
page read and write
1444000
heap
page read and write
1D295000
heap
page read and write
369E000
stack
page read and write
1424000
heap
page read and write
1600000
heap
page read and write
1444000
heap
page read and write
3130000
direct allocation
page read and write
5460000
direct allocation
page execute and read and write
329F000
stack
page read and write
142E000
heap
page read and write
54B0000
direct allocation
page execute and read and write
700000
direct allocation
page read and write
13C8000
unkown
page execute and read and write
46A1000
heap
page read and write
687F000
stack
page read and write
12FA000
stack
page read and write
305E000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
DDE000
stack
page read and write
5050000
direct allocation
page execute and read and write
46A1000
heap
page read and write
4A80000
direct allocation
page execute and read and write
4E21000
heap
page read and write
BF6000
unkown
page execute and write copy
4B20000
direct allocation
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
1424000
heap
page read and write
415F000
stack
page read and write
169C000
heap
page read and write
1677000
heap
page read and write
3B5F000
stack
page read and write
4E21000
heap
page read and write
2CBF000
stack
page read and write
31DE000
stack
page read and write
15E0000
direct allocation
page read and write
451F000
stack
page read and write
1D287000
heap
page read and write
94B000
unkown
page execute and read and write
1444000
heap
page read and write
1444000
heap
page read and write
700000
direct allocation
page read and write
1D264000
heap
page read and write
5420000
direct allocation
page execute and read and write
1D287000
heap
page read and write
46A1000
heap
page read and write
5410000
direct allocation
page execute and read and write
50A0000
direct allocation
page execute and read and write
3E1E000
stack
page read and write
23460000
trusted library allocation
page read and write
405F000
stack
page read and write
1444000
heap
page read and write
16E9000
heap
page read and write
61E00000
direct allocation
page execute and read and write
419F000
stack
page read and write
234A1000
heap
page read and write
379F000
stack
page read and write
319E000
stack
page read and write
459E000
stack
page read and write
1D2A3000
heap
page read and write
355E000
stack
page read and write
5370000
direct allocation
page execute and read and write
1D2AB000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1424000
heap
page read and write
9281000
heap
page read and write
1050000
direct allocation
page read and write
6770000
heap
page read and write
942000
unkown
page execute and read and write
165A000
heap
page read and write
5C4000
heap
page read and write
4E21000
heap
page read and write
1D295000
heap
page read and write
4E35000
heap
page read and write
4E21000
heap
page read and write
917C000
stack
page read and write
700000
direct allocation
page read and write
1444000
heap
page read and write
15E0000
direct allocation
page read and write
8A0000
direct allocation
page read and write
1444000
heap
page read and write
2B50000
heap
page read and write
2A7E000
stack
page read and write
1444000
heap
page read and write
4CDF000
stack
page read and write
46A1000
heap
page read and write
2B20000
heap
page read and write
1D28B000
heap
page read and write
1444000
heap
page read and write
8A0000
direct allocation
page read and write
160E000
heap
page read and write
B39000
unkown
page execute and read and write
1380000
heap
page read and write
1424000
heap
page read and write
16F1000
heap
page read and write
13DE000
unkown
page execute and write copy
1050000
direct allocation
page read and write
6C50000
heap
page read and write
4AC0000
direct allocation
page execute and read and write
4E21000
heap
page read and write
46A1000
heap
page read and write
46A1000
heap
page read and write
AC9000
unkown
page execute and read and write
1D3BA000
heap
page read and write
3C9E000
stack
page read and write
61EB4000
direct allocation
page read and write
8A0000
direct allocation
page read and write
36DE000
stack
page read and write
F90000
heap
page read and write
1444000
heap
page read and write
41DF000
stack
page read and write
5420000
direct allocation
page execute and read and write
1444000
heap
page read and write
55A4000
heap
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
4481000
heap
page read and write
1D2A2000
heap
page read and write
46A1000
heap
page read and write
27FE000
stack
page read and write
1444000
heap
page read and write
459E000
stack
page read and write
1444000
heap
page read and write
2A3F000
stack
page read and write
234A6000
heap
page read and write
5201000
direct allocation
page read and write
1444000
heap
page read and write
4EB0000
direct allocation
page read and write
1686000
heap
page read and write
3EDF000
stack
page read and write
4E21000
heap
page read and write
13DE000
unkown
page execute and read and write
4B00000
direct allocation
page execute and read and write
1D260000
heap
page read and write
1444000
heap
page read and write
46A1000
heap
page read and write
1424000
heap
page read and write
46A1000
heap
page read and write
379E000
stack
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
5260000
heap
page read and write
4A50000
direct allocation
page execute and read and write
479F000
stack
page read and write
5C4000
heap
page read and write
46A1000
heap
page read and write
46A1000
heap
page read and write
949000
unkown
page write copy
369E000
stack
page read and write
2B1E000
stack
page read and write
52A0000
direct allocation
page read and write
4E21000
heap
page read and write
1444000
heap
page read and write
680000
heap
page read and write
8A0000
direct allocation
page read and write
381E000
stack
page read and write
1D27B000
heap
page read and write
4481000
heap
page read and write
3B5E000
stack
page read and write
47A0000
trusted library allocation
page read and write
309F000
stack
page read and write
46A1000
heap
page read and write
1444000
heap
page read and write
776000
heap
page read and write
46A1000
heap
page read and write
455E000
stack
page read and write
5400000
direct allocation
page execute and read and write
4E21000
heap
page read and write
1444000
heap
page read and write
5380000
direct allocation
page execute and read and write
1424000
heap
page read and write
1CE5F000
stack
page read and write
4E21000
heap
page read and write
7040000
trusted library allocation
page read and write
1D28C000
heap
page read and write
8A0000
direct allocation
page read and write
54A0000
direct allocation
page execute and read and write
1444000
heap
page read and write
1D2AB000
heap
page read and write
3B1F000
stack
page read and write
46A1000
heap
page read and write
5060000
direct allocation
page execute and read and write
6B60000
heap
page read and write
27BF000
stack
page read and write
1D2B0000
heap
page read and write
1D2AE000
heap
page read and write
4AD0000
direct allocation
page execute and read and write
2D17000
heap
page read and write
BDF000
unkown
page execute and read and write
13DF000
unkown
page execute and write copy
315E000
stack
page read and write
6C4D1000
unkown
page execute read
1CFED000
stack
page read and write
6F0C000
stack
page read and write
46A1000
heap
page read and write
2F1E000
stack
page read and write
48DF000
stack
page read and write
1680000
heap
page read and write
469E000
stack
page read and write
2B5B000
heap
page read and write
4E21000
heap
page read and write
4E21000
heap
page read and write
46A1000
heap
page read and write
1444000
heap
page read and write
4A80000
direct allocation
page execute and read and write
1D2B0000
heap
page read and write
1047000
unkown
page execute and read and write
4ADE000
stack
page read and write
3D1E000
stack
page read and write
1D28D000
heap
page read and write
123C000
stack
page read and write
4F3000
stack
page read and write
1424000
heap
page read and write
23512000
heap
page read and write
46A1000
heap
page read and write
419F000
stack
page read and write
1D28A000
heap
page read and write
1D2B0000
heap
page read and write
1584000
unkown
page execute and write copy
4E21000
heap
page read and write
1424000
heap
page read and write
1444000
heap
page read and write
455F000
stack
page read and write
1444000
heap
page read and write
700000
direct allocation
page read and write
4E21000
heap
page read and write
15E0000
direct allocation
page read and write
405F000
stack
page read and write
112C000
unkown
page execute and read and write
409F000
stack
page read and write
9B9000
unkown
page write copy
8E1000
unkown
page execute and write copy
1445000
heap
page read and write
15E0000
direct allocation
page read and write
409E000
stack
page read and write
4B20000
direct allocation
page execute and read and write
4E21000
heap
page read and write
700000
direct allocation
page read and write
46A1000
heap
page read and write
2DDE000
stack
page read and write
1445000
heap
page read and write
46A1000
heap
page read and write
5C0000
heap
page read and write
359E000
stack
page read and write
5C4000
heap
page read and write
1444000
heap
page read and write
BAE000
unkown
page execute and read and write
1610000
heap
page read and write
8E0000
unkown
page readonly
3150000
heap
page read and write
1D28B000
heap
page read and write
347E000
stack
page read and write
94B000
unkown
page execute and read and write
341E000
stack
page read and write
BF6000
unkown
page execute and write copy
293E000
stack
page read and write
1CFAD000
stack
page read and write
950000
unkown
page readonly
92A0000
heap
page read and write
1444000
heap
page read and write
1D28A000
heap
page read and write
165F000
heap
page read and write
61ED4000
direct allocation
page readonly
8E0000
unkown
page readonly
46A1000
heap
page read and write
1D2AB000
heap
page read and write
2332C000
heap
page read and write
445E000
stack
page read and write
4E21000
heap
page read and write
4A20000
heap
page read and write
469F000
stack
page read and write
1D289000
heap
page read and write
7A0000
heap
page read and write
4A3F000
stack
page read and write
379F000
stack
page read and write
435E000
stack
page read and write
46A1000
heap
page read and write
4E21000
heap
page read and write
1D27B000
heap
page read and write
5430000
direct allocation
page execute and read and write
495F000
stack
page read and write
3130000
direct allocation
page read and write
1D295000
heap
page read and write
1424000
heap
page read and write
38DE000
stack
page read and write
700000
direct allocation
page read and write
DE0000
heap
page read and write
1444000
heap
page read and write
8A0000
direct allocation
page read and write
235A0000
trusted library allocation
page read and write
8A0000
direct allocation
page read and write
4A21000
heap
page read and write
325F000
stack
page read and write
55FE000
stack
page read and write
5030000
direct allocation
page execute and read and write
2C9E000
stack
page read and write
4E21000
heap
page read and write
4C1E000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
2364A000
heap
page read and write
165C000
heap
page read and write
391E000
stack
page read and write
491E000
stack
page read and write
9B2000
unkown
page execute and read and write
700000
direct allocation
page read and write
4E21000
heap
page read and write
39DF000
stack
page read and write
234B8000
heap
page read and write
760000
heap
page read and write
46A1000
heap
page read and write
1444000
heap
page read and write
8A0000
direct allocation
page read and write
1D2A2000
heap
page read and write
42DF000
stack
page read and write
1444000
heap
page read and write
2A29C000
stack
page read and write
1D14E000
stack
page read and write
4AF0000
direct allocation
page execute and read and write
520000
heap
page read and write
4E21000
heap
page read and write
8A0000
direct allocation
page read and write
165C000
heap
page read and write
6C55E000
unkown
page read and write
1D295000
heap
page read and write
1424000
heap
page read and write
1D2B0000
heap
page read and write
1444000
heap
page read and write
DDE000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
51A0000
direct allocation
page read and write
4D21000
heap
page read and write
1444000
heap
page read and write
23480000
heap
page read and write
234B5000
heap
page read and write
1420000
heap
page read and write
53A0000
direct allocation
page execute and read and write
700000
direct allocation
page read and write
4E21000
heap
page read and write
437E000
stack
page read and write
459F000
stack
page read and write
15E0000
direct allocation
page read and write
31FE000
stack
page read and write
6F0000
heap
page read and write
5320000
direct allocation
page execute and read and write
7AE000
heap
page read and write
1444000
heap
page read and write
3BFE000
stack
page read and write
4E21000
heap
page read and write
15E0000
direct allocation
page read and write
5000000
direct allocation
page execute and read and write
700000
direct allocation
page read and write
4E1F000
stack
page read and write
401F000
stack
page read and write
4E40000
heap
page read and write
3A1F000
stack
page read and write
4E21000
heap
page read and write
1D2B0000
heap
page read and write
79F000
stack
page read and write
4EEE000
stack
page read and write
8E1000
unkown
page execute and write copy
69BE000
stack
page read and write
1444000
heap
page read and write
3C9F000
stack
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
BF6000
unkown
page execute and read and write
47DF000
stack
page read and write
790000
heap
page read and write
431E000
stack
page read and write
1444000
heap
page read and write
1445000
heap
page read and write
6775000
heap
page read and write
1424000
heap
page read and write
16BD000
heap
page read and write
1424000
heap
page read and write
1424000
heap
page read and write
5030000
direct allocation
page execute and read and write
4D30000
heap
page read and write
5C4000
heap
page read and write
1D295000
heap
page read and write
431E000
stack
page read and write
46B0000
heap
page read and write
40FE000
stack
page read and write
AC9000
unkown
page execute and read and write
16BE000
heap
page read and write
EDF000
stack
page read and write
2DFF000
stack
page read and write
3F1F000
stack
page read and write
46A1000
heap
page read and write
1444000
heap
page read and write
46A1000
heap
page read and write
3F5F000
stack
page read and write
4E21000
heap
page read and write
BDF000
unkown
page execute and read and write
E05000
unkown
page execute and read and write
4D1F000
stack
page read and write
4D21000
heap
page read and write
55A0000
heap
page read and write
1444000
heap
page read and write
4E21000
heap
page read and write
1CABE000
stack
page read and write
46A1000
heap
page read and write
1D295000
heap
page read and write
There are 1238 hidden memdumps, click here to show them.