IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsEBKEHJJDAA.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFBFHDBKJEGHJJJKFIIJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\BGIDBKKK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\DGHDHIDGHIDGIECBKKJJ
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\FIIIIDGHJEBFBGDHDGIIIIJDHJ
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\IJJJEBFHDBGIECBFCBKJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KFHJJJKK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KKECBFCGIEGCBGCAECGCBAKECB
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\120ca4d6-4eb6-4cf6-818d-e6c519822138.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\13c8ddd3-8ce4-4343-b019-cd5bd91f8f78.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8ed512fb-eaf5-4757-bf33-0637420b2967.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9025f459-6f2b-4c62-a03e-80a0bea7f0d2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\48fa7ca3-935c-400e-9bd3-bcb7f0ed04f5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67413610-2284.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1496a46c-e3ac-4fe7-9562-5e1b7e510724.tmp
Unicode text, UTF-8 text, with very long lines (17501), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32224e63-fedc-472f-8d4f-1a56f7a60ce4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4394fcbc-f7df-4259-bb92-25e2ee60cd21.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4cb4aa80-6612-4a4a-a375-b8d628146909.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5f323172-86f6-4d3a-bfb5-8464c6eb7d19.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\61cdf74d-1fbb-47ed-b0f0-f8ba792213e9.tmp
Unicode text, UTF-8 text, with very long lines (16743), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7d1dd687-bc00-482f-8450-278c607443d3.tmp
Unicode text, UTF-8 text, with very long lines (17501), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\94a68fc7-73b2-4c7f-ab80-60ac876fa570.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\27966e8a-5293-4415-a9a8-38320bd29ae1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2839bdab-14e9-42c5-9c56-94c44f7ebc9b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4c04f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ad77.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c4e7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a2c7d6a9-de92-46b8-a64d-fe5495e3d0fc.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d332ef65-6504-43f2-9fb9-05af441e19c8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d86d4a4d-a634-4d52-9e7e-836789e4353c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dd2a4ebd-5fa0-433f-90b1-0eab0ab549e6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3fb39.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43b50.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b0dd.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3fb39.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4318c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF44477.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376800531425945
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\78112eae-f790-4ef2-b198-352f5024b2da.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\89150fd4-4520-4666-a589-587aab965d97.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\92b57bf3-b852-459c-812a-70ac335c9319.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3c4e7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\da028ad3-2e94-4df7-9549-fc45ed8b1d32.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a03b018e-9540-458e-8515-4ddfc4595f0e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dac70c77-18bb-4ace-b934-1b015cf98f58.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39b57.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39fac.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c68d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF404de.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b0af.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50f1a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a04cd674-4d48-4792-886a-676451bcfbc6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a7b2f201-9762-4374-b482-313abee8a46b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cd3d1ce8-c37f-43ae-acc8-0242b24a52ee.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ff6b2710-8589-423f-9665-e73d3d3d5d7c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\1008317001\4965008c28.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\4f7dea7e-e515-424b-b155-d9948e252078.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\5f50ed69-7df7-4eeb-a9b3-2c20fc22a51b.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\653560fa-c9a2-4e1e-a8bc-73ad313eb8cd.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\6575d89b-fc24-4466-b5cc-8cd62166da9d.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\b8ba2bcd-7caf-4aa1-b0eb-b7cbe9409102.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\c8429298-8268-4f71-9acd-2155018d82c0.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\f658a329-3c89-43ae-a3dc-7f0d9107dca0.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_1815127892\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_1815127892\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_1815127892\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_1815127892\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_1815127892\f658a329-3c89-43ae-a3dc-7f0d9107dca0.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\653560fa-c9a2-4e1e-a8bc-73ad313eb8cd.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8836_374404407\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 578
ASCII text, with very long lines (793)
downloaded
Chrome Cache Entry: 579
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 580
ASCII text
downloaded
Chrome Cache Entry: 581
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 582
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 583
SVG Scalable Vector Graphics image
downloaded
There are 279 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2180,i,13176118876904001922,10244841631199679070,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2232,i,8971129081946804549,660642192054398169,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2356,i,10212697142865505211,11622067615913473481,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6516 --field-trial-handle=2356,i,10212697142865505211,11622067615913473481,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6640 --field-trial-handle=2356,i,10212697142865505211,11622067615913473481,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2356,i,10212697142865505211,11622067615913473481,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2356,i,10212697142865505211,11622067615913473481,262144 /prefetch:8
malicious
C:\Users\user\DocumentsEBKEHJJDAA.exe
"C:\Users\user\DocumentsEBKEHJJDAA.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6744 --field-trial-handle=2356,i,10212697142865505211,11622067615913473481,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsEBKEHJJDAA.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://deff.nelreports.net/api/report?cat=msn
23.44.136.149
https://ntp.msn.cn/edge/ntp
unknown
https://deff.nelreports.net/api/report
unknown
http://31.41.244.11/files/random.exe1
unknown
https://docs.google.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239340418588_1PJ4HLSB51V9JOSDD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://www.youtube.com
unknown
http://31.41.244.11/
unknown
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732326943672&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
13.69.109.130
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpfi
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239399230515_1O5S4SCQK1NL15G8R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://web.telegram.org/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239401309282_1PNNGZBU9L4ID4Q55&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://drive-daily-5.corp.google.com/
unknown
http://31.41.244.11/files/random.exe3b31dt%
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
23.44.136.141
http://31.41.244.11/84ed8
unknown
https://sb.scorecardresearch.com/b2?rn=1732326943674&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=25272F1794486D883F453A57953A6C20&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.164.96.83
http://185.215.113.16/mine/random.exel
unknown
https://assets2.msn.com
unknown
https://chromewebstore.google.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://chrome.google.com/webstore/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
http://185.215.113.16/mine/random.exez
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
http://185.215.113.206/c4becf79229cb002.phpg
unknown
https://ntp.msn.com/edge/ntp
unknown
http://185.215.113.206/c4becf79229cb002.phpk
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tidal.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://ntp.msn.com
unknown
http://185.215.113.206/c4becf79229cb002.phpw
unknown
https://gaana.com/
unknown
https://outlook.live.com/mail/compose?isExtension=true
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
unknown
http://31.41.244.11/files/random.exe5062coded1
unknown
https://apis.google.com
unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline
unknown
https://word.new?from=EdgeM365Shoreline
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://mail.google.com/mail/mu/mp/266/#tl/Inbox
unknown
https://drive-autopush.corp.google.com/
unknown
https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
unknown
https://open.spotify.com
unknown
https://twitter.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732326952488&w=0&anoncknm=app_anon&NoResponseBody=true
13.69.109.130
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239385875221_117D6BR0FMTM7OD16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://m.vk.com/
unknown
http://185.215.113.43/Zu7JuNko/index.phpt
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.217.21.36
http://31.41.244.11/files/random.exe1008317001
unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
https://drive-daily-6.corp.google.com/
unknown
https://drive-daily-0.corp.google.com/
unknown
https://www.iheart.com/podcast/
unknown
https://music.yandex.com
unknown
https://clients2.googleusercontent.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732326952602&w=0&anoncknm=app_anon&NoResponseBody=true
13.69.109.130
http://185.215.113.43/Zu7JuNko/index.phpo
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://drive-daily-3.corp.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/sqlite3.dll0
unknown
https://c.msn.com/
unknown
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll:
unknown
http://31.41.244.11/files/random.exe6%
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
172.217.17.46
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.110
www.google.com
172.217.21.36
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
172.217.19.225
ax-0001.ax-msedge.net
150.171.27.10
fp2e7a.wpc.phicdn.net
192.229.221.95
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
deff.nelreports.net
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
13.107.246.40
unknown
United States
23.96.180.189
unknown
United States
13.69.109.130
unknown
United States
192.168.2.7
unknown
unknown
172.217.19.225
googlehosted.l.googleusercontent.com
United States
162.159.61.3
unknown
United States
23.209.72.38
unknown
United States
23.40.179.38
unknown
United States
172.217.21.36
www.google.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
31.41.244.11
unknown
Russian Federation
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
185.215.113.16
unknown
Portugal
23.57.90.163
unknown
United States
23.44.136.141
unknown
United States
239.255.255.250
unknown
Reserved
18.164.96.83
unknown
United States
104.117.182.56
unknown
United States
23.209.72.43
unknown
United States
23.44.136.149
unknown
United States
18.165.220.110
sb.scorecardresearch.com
United States
127.0.0.1
unknown
unknown
There are 18 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197730
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197730
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197730
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197730
WindowTabManagerFileMappingId
There are 145 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5180000
direct allocation
page read and write
 malicious
4DD0000
direct allocation
page read and write
 malicious
151000
unkown
page execute and read and write
 malicious
681000
unkown
page execute and read and write
 malicious
5130000
direct allocation
page read and write
 malicious
D41000
unkown
page execute and read and write
 malicious
D41000
unkown
page execute and read and write
 malicious
D41000
unkown
page execute and read and write
 malicious
5350000
direct allocation
page read and write
 malicious
4E60000
direct allocation
page read and write
 malicious
103E000
heap
page read and write
 malicious
FC4000
heap
page read and write
2D87000
heap
page read and write
338E000
stack
page read and write
F94000
heap
page read and write
1020000
direct allocation
page read and write
4951000
heap
page read and write
1274000
heap
page read and write
1D435000
heap
page read and write
4D01000
heap
page read and write
303F000
stack
page read and write
4951000
heap
page read and write
1D44C000
heap
page read and write
2CFF000
stack
page read and write
1274000
heap
page read and write
3AAF000
stack
page read and write
FC4000
heap
page read and write
1020000
direct allocation
page read and write
6820000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
2363F000
heap
page read and write
1234000
heap
page read and write
13E0000
direct allocation
page read and write
D40000
unkown
page readonly
54D0000
direct allocation
page execute and read and write
4D01000
heap
page read and write
D30000
heap
page read and write
F94000
heap
page read and write
698C000
stack
page read and write
484E000
stack
page read and write
4FE0000
direct allocation
page execute and read and write
1CD8E000
stack
page read and write
31BE000
stack
page read and write
F94000
heap
page read and write
448E000
stack
page read and write
64D000
unkown
page execute and write copy
FC4000
heap
page read and write
4951000
heap
page read and write
4D01000
heap
page read and write
416F000
stack
page read and write
104F000
unkown
page execute and read and write
F95000
heap
page read and write
F94000
heap
page read and write
115E000
heap
page read and write
3030000
heap
page read and write
436F000
stack
page read and write
472E000
stack
page read and write
4951000
heap
page read and write
317F000
stack
page read and write
368F000
stack
page read and write
32AE000
stack
page read and write
1030000
heap
page read and write
1D450000
heap
page read and write
4951000
heap
page read and write
1274000
heap
page read and write
1274000
heap
page read and write
F94000
heap
page read and write
1090000
direct allocation
page read and write
1172000
heap
page read and write
1274000
heap
page read and write
1D450000
heap
page read and write
F94000
heap
page read and write
414E000
stack
page read and write
FC4000
heap
page read and write
388000
unkown
page execute and read and write
1D427000
heap
page read and write
663E000
stack
page read and write
1D450000
heap
page read and write
40BE000
stack
page read and write
43CE000
stack
page read and write
4951000
heap
page read and write
1D52D000
heap
page read and write
3CBF000
stack
page read and write
15DF000
stack
page read and write
51BC000
stack
page read and write
4D01000
heap
page read and write
13E0000
direct allocation
page read and write
4951000
heap
page read and write
15CF000
stack
page read and write
1274000
heap
page read and write
F94000
heap
page read and write
10A0000
heap
page read and write
460F000
stack
page read and write
1D444000
heap
page read and write
334F000
stack
page read and write
398F000
stack
page read and write
1D41D000
heap
page read and write
4951000
heap
page read and write
2A5CC000
stack
page read and write
F50000
heap
page read and write
2DB7000
heap
page read and write
F95000
heap
page read and write
1020000
direct allocation
page read and write
3FAF000
stack
page read and write
53B1000
direct allocation
page read and write
49D0000
heap
page read and write
1D435000
heap
page read and write
F94000
heap
page read and write
52D0000
direct allocation
page execute and read and write
635000
unkown
page execute and read and write
2D90000
direct allocation
page read and write
3050000
direct allocation
page read and write
1D41B000
heap
page read and write
4D01000
heap
page read and write
3E4E000
stack
page read and write
4951000
heap
page read and write
5280000
direct allocation
page execute and read and write
4951000
heap
page read and write
4D01000
heap
page read and write
5300000
direct allocation
page execute and read and write
4D01000
heap
page read and write
DAB000
unkown
page execute and read and write
116D000
heap
page read and write
23639000
heap
page read and write
3D0E000
stack
page read and write
4951000
heap
page read and write
49CF000
stack
page read and write
F94000
heap
page read and write
61ECD000
direct allocation
page readonly
3B2F000
stack
page read and write
54E0000
direct allocation
page execute and read and write
4961000
heap
page read and write
35AF000
stack
page read and write
5310000
direct allocation
page execute and read and write
4D01000
heap
page read and write
438F000
stack
page read and write
1188000
heap
page read and write
5040000
direct allocation
page execute and read and write
4FE0000
direct allocation
page execute and read and write
5300000
direct allocation
page execute and read and write
4CB0000
heap
page read and write
4D06000
heap
page read and write
457F000
stack
page read and write
FC4000
heap
page read and write
326F000
stack
page read and write
F94000
heap
page read and write
4F70000
direct allocation
page execute and read and write
1166000
heap
page read and write
2ABE000
stack
page read and write
3060000
heap
page read and write
1274000
heap
page read and write
4951000
heap
page read and write
62F0000
heap
page read and write
681000
unkown
page execute and write copy
4D6F000
stack
page read and write
4D01000
heap
page read and write
3BBE000
stack
page read and write
F94000
heap
page read and write
4D01000
heap
page read and write
4D01000
heap
page read and write
F94000
heap
page read and write
4D01000
heap
page read and write
4D01000
heap
page read and write
F94000
heap
page read and write
12D0000
heap
page read and write
3EEF000
stack
page read and write
61ED4000
direct allocation
page readonly
DA9000
unkown
page write copy
4D01000
heap
page read and write
4EB0000
direct allocation
page read and write
F94000
heap
page read and write
32BF000
stack
page read and write
2FAF000
stack
page read and write
F94000
heap
page read and write
13F4000
heap
page read and write
FC4000
heap
page read and write
23634000
heap
page read and write
F94000
heap
page read and write
1D435000
heap
page read and write
348F000
stack
page read and write
F94000
heap
page read and write
1234000
heap
page read and write
4ABE000
stack
page read and write
235F0000
heap
page read and write
4D01000
heap
page read and write
4B6F000
stack
page read and write
FC4000
heap
page read and write
6770000
heap
page read and write
5300000
direct allocation
page execute and read and write
CFD000
stack
page read and write
FC4000
heap
page read and write
61ED3000
direct allocation
page read and write
1D42E000
heap
page read and write
4E0C000
stack
page read and write
4D10000
heap
page read and write
308E000
stack
page read and write
1274000
heap
page read and write
2D3E000
stack
page read and write
F94000
heap
page read and write
235D0000
heap
page read and write
36EF000
stack
page read and write
4951000
heap
page read and write
D40000
unkown
page readonly
4D01000
heap
page read and write
362F000
stack
page read and write
61ED0000
direct allocation
page read and write
1274000
heap
page read and write
49E1000
heap
page read and write
64C000
unkown
page execute and read and write
F94000
heap
page read and write
3D6E000
stack
page read and write
205000
unkown
page execute and read and write
CFD000
stack
page read and write
F94000
heap
page read and write
187000
unkown
page execute and read and write
434E000
stack
page read and write
4EB0000
direct allocation
page read and write
458F000
stack
page read and write
4951000
heap
page read and write
1234000
heap
page read and write
1274000
heap
page read and write
1274000
heap
page read and write
F94000
heap
page read and write
34CE000
stack
page read and write
F94000
heap
page read and write
13E0000
direct allocation
page read and write
6CBC0000
unkown
page read and write
1D15E000
stack
page read and write
3A2E000
stack
page read and write
2D90000
direct allocation
page read and write
3F8E000
stack
page read and write
F94000
heap
page read and write
2EFF000
stack
page read and write
116D000
heap
page read and write
1020000
direct allocation
page read and write
4951000
heap
page read and write
1274000
heap
page read and write
4EB0000
direct allocation
page read and write
8F41000
heap
page read and write
13F4000
heap
page read and write
10EA000
heap
page read and write
18CF000
stack
page read and write
3B8F000
stack
page read and write
4D01000
heap
page read and write
497E000
stack
page read and write
F94000
heap
page read and write
2D8E000
heap
page read and write
13F4000
heap
page read and write
4A6E000
stack
page read and write
10EF000
heap
page read and write
F94000
heap
page read and write
52A0000
direct allocation
page execute and read and write
F32000
unkown
page execute and read and write
52E0000
direct allocation
page execute and read and write
538E000
stack
page read and write
4D01000
heap
page read and write
FC4000
heap
page read and write
105C000
unkown
page execute and write copy
1D41F000
heap
page read and write
1172000
heap
page read and write
105C000
unkown
page execute and write copy
1230000
heap
page read and write
F94000
heap
page read and write
49D1000
heap
page read and write
F94000
heap
page read and write
3D8E000
stack
page read and write
4951000
heap
page read and write
1D435000
heap
page read and write
2E4F000
stack
page read and write
2369B000
heap
page read and write
DA2000
unkown
page execute and read and write
1D442000
heap
page read and write
5080000
direct allocation
page execute and read and write
4CB1000
heap
page read and write
23651000
heap
page read and write
F94000
heap
page read and write
4D01000
heap
page read and write
52A0000
direct allocation
page execute and read and write
64C000
unkown
page execute and write copy
4D01000
heap
page read and write
4EB0000
direct allocation
page read and write
F94000
heap
page read and write
2D90000
direct allocation
page read and write
1D411000
heap
page read and write
1D442000
heap
page read and write
1274000
heap
page read and write
42AF000
stack
page read and write
F94000
heap
page read and write
4951000
heap
page read and write
41AE000
stack
page read and write
17CF000
stack
page read and write
1D42A000
heap
page read and write
49D1000
heap
page read and write
1CC4E000
stack
page read and write
50F0000
trusted library allocation
page read and write
1D4000
unkown
page execute and read and write
1140000
heap
page read and write
F94000
heap
page read and write
2D90000
direct allocation
page read and write
13F4000
heap
page read and write
1D400000
heap
page read and write
45CE000
stack
page read and write
49BE000
heap
page read and write
DA9000
unkown
page write copy
F40000
heap
page read and write
13E0000
direct allocation
page read and write
1188000
heap
page read and write
FC4000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
1D435000
heap
page read and write
673F000
stack
page read and write
314E000
stack
page read and write
5290000
direct allocation
page execute and read and write
4EB0000
direct allocation
page read and write
23850000
trusted library allocation
page read and write
1234000
heap
page read and write
F94000
heap
page read and write
10FC000
heap
page read and write
8F3C000
stack
page read and write
FC4000
heap
page read and write
1020000
direct allocation
page read and write
5070000
direct allocation
page execute and read and write
1D42A000
heap
page read and write
1234000
heap
page read and write
326F000
stack
page read and write
4951000
heap
page read and write
1274000
heap
page read and write
4D01000
heap
page read and write
6CBBF000
unkown
page write copy
13F4000
heap
page read and write
F94000
heap
page read and write
3A7E000
stack
page read and write
F94000
heap
page read and write
1D44F000
heap
page read and write
115E000
heap
page read and write
4F0F000
stack
page read and write
4951000
heap
page read and write
2DFE000
stack
page read and write
382F000
stack
page read and write
13F4000
heap
page read and write
304F000
stack
page read and write
13F0000
heap
page read and write
4951000
heap
page read and write
6C9BD000
unkown
page readonly
1274000
heap
page read and write
4951000
heap
page read and write
46FE000
stack
page read and write
443E000
stack
page read and write
407F000
stack
page read and write
367F000
stack
page read and write
F94000
heap
page read and write
1D438000
heap
page read and write
5330000
direct allocation
page execute and read and write
1D442000
heap
page read and write
105D000
unkown
page execute and write copy
1098000
heap
page read and write
128B000
heap
page read and write
4D01000
heap
page read and write
4EB0000
direct allocation
page read and write
61EB7000
direct allocation
page readonly
4951000
heap
page read and write
48EF000
stack
page read and write
2364B000
heap
page read and write
4951000
heap
page read and write
1D435000
heap
page read and write
318F000
stack
page read and write
1D40F000
heap
page read and write
1017000
unkown
page execute and read and write
F94000
heap
page read and write
F94000
heap
page read and write
572E000
stack
page read and write
4951000
heap
page read and write
FC4000
heap
page read and write
238EF000
heap
page read and write
6E9000
unkown
page write copy
65FF000
stack
page read and write
F94000
heap
page read and write
5340000
direct allocation
page execute and read and write
4D01000
heap
page read and write
4D01000
heap
page read and write
4951000
heap
page read and write
4D01000
heap
page read and write
422F000
stack
page read and write
F94000
heap
page read and write
4966000
heap
page read and write
5370000
direct allocation
page execute and read and write
5060000
direct allocation
page execute and read and write
1D44A000
heap
page read and write
115E000
heap
page read and write
52F0000
direct allocation
page execute and read and write
3167000
heap
page read and write
F94000
heap
page read and write
2F8F000
stack
page read and write
4EC1000
heap
page read and write
4951000
heap
page read and write
1119000
heap
page read and write
2A4C0000
heap
page read and write
54B0000
direct allocation
page execute and read and write
1D42C000
heap
page read and write
1010000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
F94000
heap
page read and write
1D442000
heap
page read and write
139E000
stack
page read and write
4D01000
heap
page read and write
39AE000
stack
page read and write
1D442000
heap
page read and write
1D25D000
stack
page read and write
1D449000
heap
page read and write
B3C000
stack
page read and write
49D1000
heap
page read and write
2D90000
direct allocation
page read and write
357E000
stack
page read and write
F94000
heap
page read and write
1D429000
heap
page read and write
488F000
stack
page read and write
62F5000
heap
page read and write
DA9000
unkown
page write copy
EFA000
stack
page read and write
494F000
stack
page read and write
1CD4F000
stack
page read and write
42FF000
stack
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
483E000
stack
page read and write
1274000
heap
page read and write
4D01000
heap
page read and write
44CF000
stack
page read and write
1D450000
heap
page read and write
360E000
stack
page read and write
681E000
heap
page read and write
FC4000
heap
page read and write
4D01000
heap
page read and write
13F4000
heap
page read and write
64FF000
stack
page read and write
1017000
unkown
page execute and read and write
493F000
stack
page read and write
4F30000
direct allocation
page execute and read and write
F94000
heap
page read and write
4A7F000
stack
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
1D450000
heap
page read and write
352E000
stack
page read and write
1274000
heap
page read and write
F95000
heap
page read and write
1090000
direct allocation
page read and write
447E000
stack
page read and write
4D01000
heap
page read and write
1D520000
trusted library allocation
page read and write
F95000
heap
page read and write
466F000
stack
page read and write
52B0000
direct allocation
page execute and read and write
13FE000
stack
page read and write
1D442000
heap
page read and write
10F9000
heap
page read and write
8F40000
heap
page read and write
DA2000
unkown
page execute and read and write
320F000
stack
page read and write
52C0000
direct allocation
page execute and read and write
1D435000
heap
page read and write
F94000
heap
page read and write
54D0000
direct allocation
page execute and read and write
2DBD000
heap
page read and write
23693000
heap
page read and write
5380000
direct allocation
page execute and read and write
376F000
stack
page read and write
7500000
heap
page read and write
3EAE000
stack
page read and write
F94000
heap
page read and write
1274000
heap
page read and write
1D449000
heap
page read and write
4D01000
heap
page read and write
2B9E000
stack
page read and write
456E000
stack
page read and write
4F50000
direct allocation
page execute and read and write
1090000
direct allocation
page read and write
238FC000
heap
page read and write
1045000
unkown
page execute and read and write
FC4000
heap
page read and write
1200000
unkown
page execute and write copy
3BEF000
stack
page read and write
1D41B000
heap
page read and write
1090000
direct allocation
page read and write
310E000
stack
page read and write
4D01000
heap
page read and write
49E0000
heap
page read and write
2D40000
heap
page read and write
5300000
direct allocation
page execute and read and write
1D4B5000
heap
page read and write
F94000
heap
page read and write
13F4000
heap
page read and write
4EB0000
direct allocation
page read and write
1D449000
heap
page read and write
4D01000
heap
page read and write
1240000
heap
page read and write
1080000
heap
page read and write
3C4E000
stack
page read and write
2DB0000
heap
page read and write
32CF000
stack
page read and write
1020000
direct allocation
page read and write
4951000
heap
page read and write
F94000
heap
page read and write
41FE000
stack
page read and write
1260000
heap
page read and write
F94000
heap
page read and write
2D90000
direct allocation
page read and write
12A0000
heap
page read and write
D40000
unkown
page read and write
1020000
direct allocation
page read and write
2D80000
heap
page read and write
366E000
stack
page read and write
4951000
heap
page read and write
4FF0000
direct allocation
page execute and read and write
2BBE000
stack
page read and write
F94000
heap
page read and write
4951000
heap
page read and write
13F4000
heap
page read and write
4D01000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
13F4000
heap
page read and write
13E0000
direct allocation
page read and write
1319000
heap
page read and write
46CF000
stack
page read and write
13E0000
direct allocation
page read and write
346F000
stack
page read and write
37AE000
stack
page read and write
118F000
heap
page read and write
32FE000
stack
page read and write
4D01000
heap
page read and write
4951000
heap
page read and write
40CE000
stack
page read and write
4951000
heap
page read and write
54D0000
direct allocation
page execute and read and write
1234000
heap
page read and write
116D000
heap
page read and write
1090000
direct allocation
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
4D01000
heap
page read and write
33FF000
stack
page read and write
330E000
stack
page read and write
38FF000
stack
page read and write
FC4000
heap
page read and write
F94000
heap
page read and write
1188000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
576E000
stack
page read and write
1D419000
heap
page read and write
36BE000
stack
page read and write
FC4000
heap
page read and write
F94000
heap
page read and write
DA9000
unkown
page write copy
F94000
heap
page read and write
58DE000
stack
page read and write
526F000
stack
page read and write
2C9F000
stack
page read and write
EFB000
stack
page read and write
2D90000
direct allocation
page read and write
1D442000
heap
page read and write
1D42C000
heap
page read and write
14DE000
stack
page read and write
1234000
heap
page read and write
105C000
unkown
page execute and read and write
2D90000
direct allocation
page read and write
FC4000
heap
page read and write
B40000
unkown
page execute and write copy
F94000
heap
page read and write
1274000
heap
page read and write
5350000
direct allocation
page read and write
238F4000
heap
page read and write
DAB000
unkown
page execute and read and write
6D00000
trusted library allocation
page read and write
39CE000
stack
page read and write
39C000
unkown
page execute and read and write
F94000
heap
page read and write
4E9E000
stack
page read and write
680000
unkown
page readonly
1274000
heap
page read and write
388E000
stack
page read and write
6C9E1000
unkown
page execute read
384F000
stack
page read and write
FC4000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
10AE000
heap
page read and write
4F9F000
stack
page read and write
10E4000
heap
page read and write
F94000
heap
page read and write
957000
unkown
page execute and read and write
1D41B000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
4D01000
heap
page read and write
7F0000
unkown
page execute and read and write
1D434000
heap
page read and write
452F000
stack
page read and write
4CAF000
stack
page read and write
52D0000
direct allocation
page execute and read and write
98F000
unkown
page execute and read and write
F94000
heap
page read and write
1D29E000
stack
page read and write
F94000
heap
page read and write
6CB7F000
unkown
page readonly
1274000
heap
page read and write
D41000
unkown
page execute and write copy
1D450000
heap
page read and write
1D10F000
stack
page read and write
41BF000
stack
page read and write
586F000
stack
page read and write
3CFE000
stack
page read and write
1171000
heap
page read and write
F94000
heap
page read and write
118B000
heap
page read and write
5510000
direct allocation
page execute and read and write
4D01000
heap
page read and write
4951000
heap
page read and write
1D442000
heap
page read and write
4D01000
heap
page read and write
5300000
trusted library allocation
page read and write
486F000
stack
page read and write
1166000
heap
page read and write
4F50000
direct allocation
page execute and read and write
FC4000
heap
page read and write
5310000
direct allocation
page execute and read and write
13F4000
heap
page read and write
380E000
stack
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
45EF000
stack
page read and write
49D1000
heap
page read and write
FC4000
heap
page read and write
DA2000
unkown
page execute and read and write
FC4000
heap
page read and write
480F000
stack
page read and write
F94000
heap
page read and write
5C5F000
stack
page read and write
5350000
direct allocation
page execute and read and write
4EC1000
heap
page read and write
310E000
stack
page read and write
13E0000
direct allocation
page read and write
34EF000
stack
page read and write
6820000
heap
page read and write
424F000
stack
page read and write
134B000
heap
page read and write
35CF000
stack
page read and write
1274000
heap
page read and write
F94000
heap
page read and write
2E8F000
stack
page read and write
1D435000
heap
page read and write
F94000
heap
page read and write
13E0000
direct allocation
page read and write
6C9CE000
unkown
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
FC4000
heap
page read and write
1D431000
heap
page read and write
1270000
heap
page read and write
408F000
stack
page read and write
43AE000
stack
page read and write
F94000
heap
page read and write
1D442000
heap
page read and write
23636000
heap
page read and write
FC4000
heap
page read and write
4D01000
heap
page read and write
C3C000
stack
page read and write
1020000
direct allocation
page read and write
63E000
unkown
page execute and read and write
FC4000
heap
page read and write
430F000
stack
page read and write
3A4F000
stack
page read and write
5530000
direct allocation
page execute and read and write
2D90000
direct allocation
page read and write
F94000
heap
page read and write
1D42A000
heap
page read and write
1274000
heap
page read and write
13DE000
stack
page read and write
48AE000
stack
page read and write
6CBBE000
unkown
page read and write
2D7E000
stack
page read and write
4951000
heap
page read and write
62EE000
stack
page read and write
444F000
stack
page read and write
680000
unkown
page read and write
5560000
direct allocation
page execute and read and write
D40000
unkown
page read and write
99C000
unkown
page execute and read and write
4951000
heap
page read and write
F94000
heap
page read and write
492E000
stack
page read and write
1200000
unkown
page execute and write copy
1274000
heap
page read and write
F94000
heap
page read and write
402F000
stack
page read and write
55EF000
stack
page read and write
1090000
direct allocation
page read and write
F94000
heap
page read and write
D41000
unkown
page execute and write copy
52BF000
stack
page read and write
52F0000
direct allocation
page execute and read and write
1200000
unkown
page execute and write copy
FC4000
heap
page read and write
4950000
heap
page read and write
11FE000
unkown
page execute and read and write
10D0000
heap
page read and write
F94000
heap
page read and write
6810000
heap
page read and write
1D42D000
heap
page read and write
12FF000
stack
page read and write
1083000
heap
page read and write
353F000
stack
page read and write
236B7000
heap
page read and write
474F000
stack
page read and write
450E000
stack
page read and write
1090000
direct allocation
page read and write
476E000
stack
page read and write
F94000
heap
page read and write
54D0000
direct allocation
page execute and read and write
4AEF000
stack
page read and write
2D90000
direct allocation
page read and write
374E000
stack
page read and write
5140000
heap
page read and write
5350000
direct allocation
page read and write
393E000
stack
page read and write
1234000
heap
page read and write
7F1000
unkown
page execute and write copy
6E9000
unkown
page write copy
302E000
stack
page read and write
406E000
stack
page read and write
4D01000
heap
page read and write
3A8E000
stack
page read and write
54D0000
direct allocation
page execute and read and write
115E000
heap
page read and write
527000
unkown
page execute and read and write
F32000
unkown
page execute and read and write
11FE000
unkown
page execute and read and write
1274000
heap
page read and write
4D01000
heap
page read and write
105D000
unkown
page execute and write copy
F94000
heap
page read and write
2A5D1000
heap
page read and write
4D01000
heap
page read and write
47AF000
stack
page read and write
2D90000
direct allocation
page read and write
FC4000
heap
page read and write
462E000
stack
page read and write
1166000
heap
page read and write
54F0000
direct allocation
page execute and read and write
3ECE000
stack
page read and write
6811000
heap
page read and write
F94000
heap
page read and write
47FF000
stack
page read and write
1234000
heap
page read and write
2A5D0000
heap
page read and write
4FB0000
direct allocation
page execute and read and write
4D01000
heap
page read and write
4951000
heap
page read and write
4951000
heap
page read and write
F94000
heap
page read and write
1D44D000
heap
page read and write
F94000
heap
page read and write
4D01000
heap
page read and write
1260000
heap
page read and write
1274000
heap
page read and write
2D90000
direct allocation
page read and write
62F6000
heap
page read and write
F94000
heap
page read and write
1D42D000
heap
page read and write
5540000
direct allocation
page execute and read and write
4951000
heap
page read and write
1D412000
heap
page read and write
3DAF000
stack
page read and write
4D01000
heap
page read and write
4D01000
heap
page read and write
99D000
unkown
page execute and write copy
1D442000
heap
page read and write
FC4000
heap
page read and write
F94000
heap
page read and write
48CE000
stack
page read and write
F94000
heap
page read and write
47EE000
stack
page read and write
1234000
heap
page read and write
1274000
heap
page read and write
4D01000
heap
page read and write
3D2F000
stack
page read and write
3C6F000
stack
page read and write
1D435000
heap
page read and write
1D430000
heap
page read and write
8E3B000
stack
page read and write
4C6E000
stack
page read and write
EF3000
stack
page read and write
13F4000
heap
page read and write
5320000
direct allocation
page execute and read and write
FC4000
heap
page read and write
1280000
heap
page read and write
478E000
stack
page read and write
3D4F000
stack
page read and write
238F5000
heap
page read and write
1D41B000
heap
page read and write
13E0000
direct allocation
page read and write
1D450000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
428E000
stack
page read and write
52A0000
direct allocation
page execute and read and write
6C940000
unkown
page readonly
4EB0000
direct allocation
page read and write
51A4000
heap
page read and write
103A000
heap
page read and write
F94000
heap
page read and write
3050000
direct allocation
page read and write
21C000
unkown
page execute and read and write
2D30000
direct allocation
page read and write
49AF000
stack
page read and write
4D01000
heap
page read and write
12DF000
stack
page read and write
10FE000
heap
page read and write
549B000
stack
page read and write
1D444000
heap
page read and write
235D0000
trusted library allocation
page read and write
4F40000
direct allocation
page execute and read and write
1CE8F000
stack
page read and write
4D01000
heap
page read and write
6ACE000
stack
page read and write
118D000
heap
page read and write
104F000
unkown
page execute and read and write
1140000
heap
page read and write
4EC1000
heap
page read and write
2EAE000
stack
page read and write
1045000
unkown
page execute and read and write
1234000
heap
page read and write
FBE000
stack
page read and write
FC4000
heap
page read and write
1234000
heap
page read and write
4D01000
heap
page read and write
F94000
heap
page read and write
150000
unkown
page read and write
40EF000
stack
page read and write
FC4000
heap
page read and write
1D419000
heap
page read and write
4D01000
heap
page read and write
235CD000
stack
page read and write
2B7000
unkown
page execute and read and write
3ACF000
stack
page read and write
37BF000
stack
page read and write
4EB0000
direct allocation
page read and write
F94000
heap
page read and write
3AEE000
stack
page read and write
F3E000
stack
page read and write
4D20000
heap
page read and write
30CE000
stack
page read and write
54C0000
direct allocation
page execute and read and write
F32000
unkown
page execute and read and write
4D01000
heap
page read and write
1017000
unkown
page execute and read and write
336F000
stack
page read and write
4F60000
direct allocation
page execute and read and write
F94000
heap
page read and write
5000000
direct allocation
page execute and read and write
2D47000
heap
page read and write
4BAE000
stack
page read and write
4D01000
heap
page read and write
1166000
heap
page read and write
F94000
heap
page read and write
396F000
stack
page read and write
1D435000
heap
page read and write
4EB0000
direct allocation
page read and write
13E0000
direct allocation
page read and write
111E000
heap
page read and write
4D01000
heap
page read and write
1090000
direct allocation
page read and write
1D450000
heap
page read and write
3CAE000
stack
page read and write
1274000
heap
page read and write
1085000
heap
page read and write
1210000
heap
page read and write
BFC000
stack
page read and write
129B000
heap
page read and write
2374E000
stack
page read and write
4951000
heap
page read and write
4D01000
heap
page read and write
F94000
heap
page read and write
1274000
heap
page read and write
54EE000
stack
page read and write
442E000
stack
page read and write
2D80000
heap
page read and write
1D450000
heap
page read and write
4951000
heap
page read and write
2CDE000
stack
page read and write
4EAF000
stack
page read and write
36CE000
stack
page read and write
3DEE000
stack
page read and write
F94000
heap
page read and write
4F20000
heap
page read and write
39A000
unkown
page write copy
45BE000
stack
page read and write
F94000
heap
page read and write
39EF000
stack
page read and write
4D01000
heap
page read and write
49EE000
stack
page read and write
44AF000
stack
page read and write
5050000
direct allocation
page execute and read and write
4D01000
heap
page read and write
38EE000
stack
page read and write
3F4F000
stack
page read and write
1D42C000
heap
page read and write
1D423000
heap
page read and write
433E000
stack
page read and write
562E000
stack
page read and write
390F000
stack
page read and write
1234000
heap
page read and write
23647000
heap
page read and write
BDB000
stack
page read and write
1D450000
heap
page read and write
4D01000
heap
page read and write
1274000
heap
page read and write
4951000
heap
page read and write
1D450000
heap
page read and write
132F000
heap
page read and write
5340000
direct allocation
page execute and read and write
13E0000
direct allocation
page read and write
1D450000
heap
page read and write
61E01000
direct allocation
page execute read
4D01000
heap
page read and write
1D435000
heap
page read and write
1D00E000
stack
page read and write
F94000
heap
page read and write
BA0000
heap
page read and write
1274000
heap
page read and write
3B7F000
stack
page read and write
2FEE000
stack
page read and write
F7D000
stack
page read and write
2FCE000
stack
page read and write
4951000
heap
page read and write
1D442000
heap
page read and write
1234000
heap
page read and write
54D0000
direct allocation
page execute and read and write
4EB0000
direct allocation
page read and write
23631000
heap
page read and write
1D39C000
stack
page read and write
3FEE000
stack
page read and write
4951000
heap
page read and write
1D435000
heap
page read and write
1D42C000
heap
page read and write
4D01000
heap
page read and write
1D447000
heap
page read and write
1274000
heap
page read and write
105C000
unkown
page execute and read and write
238E7000
heap
page read and write
307C000
stack
page read and write
1D435000
heap
page read and write
3CCF000
stack
page read and write
5300000
direct allocation
page execute and read and write
F94000
heap
page read and write
1090000
direct allocation
page read and write
4951000
heap
page read and write
1D447000
heap
page read and write
F94000
heap
page read and write
4951000
heap
page read and write
1090000
direct allocation
page read and write
4D90000
trusted library allocation
page read and write
1D42B000
heap
page read and write
13F4000
heap
page read and write
F94000
heap
page read and write
3F3F000
stack
page read and write
386E000
stack
page read and write
1274000
heap
page read and write
1020000
direct allocation
page read and write
1020000
direct allocation
page read and write
410F000
stack
page read and write
4CFF000
stack
page read and write
1274000
heap
page read and write
2BFE000
stack
page read and write
51A0000
heap
page read and write
61ECC000
direct allocation
page read and write
10B3000
heap
page read and write
F94000
heap
page read and write
4D01000
heap
page read and write
1CFCE000
stack
page read and write
4DAE000
stack
page read and write
F94000
heap
page read and write
5191000
direct allocation
page read and write
F94000
heap
page read and write
37CF000
stack
page read and write
F94000
heap
page read and write
FC4000
heap
page read and write
470E000
stack
page read and write
52E0000
direct allocation
page execute and read and write
1D435000
heap
page read and write
1D431000
heap
page read and write
61E00000
direct allocation
page execute and read and write
4D01000
heap
page read and write
6CBC5000
unkown
page readonly
13F4000
heap
page read and write
F94000
heap
page read and write
12DB000
heap
page read and write
4951000
heap
page read and write
5010000
direct allocation
page execute and read and write
3067000
heap
page read and write
5020000
direct allocation
page execute and read and write
4BBF000
stack
page read and write
4D01000
heap
page read and write
62AE000
stack
page read and write
372E000
stack
page read and write
4951000
heap
page read and write
111B000
heap
page read and write
2F4F000
stack
page read and write
115E000
heap
page read and write
34AE000
stack
page read and write
11DE000
stack
page read and write
3A3F000
stack
page read and write
358E000
stack
page read and write
4EC1000
direct allocation
page read and write
59DF000
stack
page read and write
4951000
heap
page read and write
FC4000
heap
page read and write
2D30000
direct allocation
page read and write
37FE000
stack
page read and write
D40000
unkown
page readonly
4D01000
heap
page read and write
5320000
direct allocation
page execute and read and write
4D00000
heap
page read and write
1090000
direct allocation
page read and write
4FD0000
direct allocation
page execute and read and write
1D448000
heap
page read and write
4CB1000
heap
page read and write
6BCF000
stack
page read and write
1D41B000
heap
page read and write
1D44B000
heap
page read and write
1234000
heap
page read and write
FC4000
heap
page read and write
1CECE000
stack
page read and write
EF7000
stack
page read and write
F94000
heap
page read and write
1274000
heap
page read and write
3E3E000
stack
page read and write
3F2E000
stack
page read and write
13E0000
direct allocation
page read and write
4951000
heap
page read and write
F94000
heap
page read and write
4EB0000
direct allocation
page read and write
236D0000
trusted library allocation
page read and write
872000
unkown
page execute and read and write
2D4B000
heap
page read and write
F94000
heap
page read and write
3C0F000
stack
page read and write
104F000
unkown
page execute and read and write
4A2F000
stack
page read and write
4FC0000
direct allocation
page execute and read and write
1090000
direct allocation
page read and write
41CF000
stack
page read and write
1D435000
heap
page read and write
1274000
heap
page read and write
33EE000
stack
page read and write
F94000
heap
page read and write
985000
unkown
page execute and read and write
344E000
stack
page read and write
F90000
heap
page read and write
9CC000
stack
page read and write
316F000
stack
page read and write
1D435000
heap
page read and write
412E000
stack
page read and write
4D01000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
1126000
heap
page read and write
516E000
stack
page read and write
51E1000
direct allocation
page read and write
F94000
heap
page read and write
105C000
unkown
page execute and write copy
4EC0000
heap
page read and write
464E000
stack
page read and write
4951000
heap
page read and write
4E60000
direct allocation
page read and write
5030000
direct allocation
page execute and read and write
3B6E000
stack
page read and write
1274000
heap
page read and write
FC4000
heap
page read and write
F94000
heap
page read and write
1126000
heap
page read and write
1274000
heap
page read and write
1274000
heap
page read and write
343E000
stack
page read and write
1090000
direct allocation
page read and write
4951000
heap
page read and write
23610000
heap
page read and write
1347000
heap
page read and write
3150000
heap
page read and write
13BE000
stack
page read and write
5180000
direct allocation
page read and write
4951000
heap
page read and write
6E2000
unkown
page execute and read and write
5330000
direct allocation
page execute and read and write
3BCE000
stack
page read and write
420E000
stack
page read and write
4D01000
heap
page read and write
3C2E000
stack
page read and write
126A000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
43EF000
stack
page read and write
1274000
heap
page read and write
3E0F000
stack
page read and write
11FE000
unkown
page execute and read and write
52A0000
direct allocation
page execute and read and write
FC4000
heap
page read and write
39A000
unkown
page read and write
400D000
stack
page read and write
FC4000
heap
page read and write
4D01000
heap
page read and write
F94000
heap
page read and write
340F000
stack
page read and write
236D0000
trusted library allocation
page read and write
6C9D2000
unkown
page readonly
FC0000
heap
page read and write
4E06000
direct allocation
page read and write
1140000
heap
page read and write
BB0000
heap
page read and write
1D44F000
heap
page read and write
1274000
heap
page read and write
F94000
heap
page read and write
1D435000
heap
page read and write
4951000
heap
page read and write
2F3E000
stack
page read and write
3FCF000
stack
page read and write
1D450000
heap
page read and write
F94000
heap
page read and write
FC4000
heap
page read and write
52A0000
direct allocation
page execute and read and write
1020000
direct allocation
page read and write
1274000
heap
page read and write
1D450000
heap
page read and write
4D01000
heap
page read and write
B3E000
unkown
page execute and read and write
6A8C000
stack
page read and write
4E10000
trusted library allocation
page read and write
150000
unkown
page readonly
105D000
unkown
page execute and write copy
4C2F000
stack
page read and write
530C000
stack
page read and write
FC4000
heap
page read and write
1274000
heap
page read and write
54A0000
direct allocation
page execute and read and write
5570000
direct allocation
page execute and read and write
F94000
heap
page read and write
1D42C000
heap
page read and write
4D01000
heap
page read and write
1D427000
heap
page read and write
F94000
heap
page read and write
13E0000
direct allocation
page read and write
4970000
heap
page read and write
1020000
direct allocation
page read and write
60D000
unkown
page execute and read and write
99C000
unkown
page execute and write copy
426E000
stack
page read and write
1D44B000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
F95000
heap
page read and write
324E000
stack
page read and write
F95000
heap
page read and write
113F000
heap
page read and write
2D90000
direct allocation
page read and write
4951000
heap
page read and write
4D01000
heap
page read and write
2D1E000
stack
page read and write
1274000
heap
page read and write
4951000
heap
page read and write
1020000
direct allocation
page read and write
1D447000
heap
page read and write
13F4000
heap
page read and write
1D412000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
6C941000
unkown
page execute read
5520000
direct allocation
page execute and read and write
394E000
stack
page read and write
1020000
direct allocation
page read and write
4D01000
heap
page read and write
D40000
unkown
page read and write
4951000
heap
page read and write
FC4000
heap
page read and write
4D01000
heap
page read and write
5B5E000
stack
page read and write
1D44C000
heap
page read and write
1274000
heap
page read and write
4CB1000
heap
page read and write
5360000
direct allocation
page execute and read and write
1140000
heap
page read and write
4EB0000
direct allocation
page read and write
35EE000
stack
page read and write
370F000
stack
page read and write
F94000
heap
page read and write
235D0000
trusted library allocation
page read and write
D3D000
stack
page read and write
DA9000
unkown
page write copy
4D01000
heap
page read and write
1D44F000
heap
page read and write
548F000
stack
page read and write
1160000
heap
page read and write
1D442000
heap
page read and write
5140000
trusted library allocation
page read and write
3E8F000
stack
page read and write
4951000
heap
page read and write
1172000
heap
page read and write
354F000
stack
page read and write
6EB000
unkown
page execute and read and write
1270000
heap
page read and write
4EB0000
direct allocation
page read and write
1D41B000
heap
page read and write
1D411000
heap
page read and write
1274000
heap
page read and write
18CF000
stack
page read and write
F94000
heap
page read and write
1D42C000
heap
page read and write
2A43C000
stack
page read and write
FC4000
heap
page read and write
116D000
heap
page read and write
1090000
direct allocation
page read and write
4BFE000
stack
page read and write
115F000
heap
page read and write
5500000
direct allocation
page execute and read and write
4951000
heap
page read and write
1D43C000
heap
page read and write
5270000
direct allocation
page execute and read and write
46AE000
stack
page read and write
D41000
unkown
page execute and write copy
4951000
heap
page read and write
5300000
direct allocation
page execute and read and write
6C9E0000
unkown
page readonly
4D01000
heap
page read and write
1D40B000
heap
page read and write
234CD000
stack
page read and write
4B2E000
stack
page read and write
DA9000
unkown
page write copy
4951000
heap
page read and write
33AF000
stack
page read and write
1D435000
heap
page read and write
1D427000
heap
page read and write
DAB000
unkown
page execute and read and write
F94000
heap
page read and write
46BF000
stack
page read and write
1274000
heap
page read and write
2D4E000
heap
page read and write
1274000
heap
page read and write
105C000
unkown
page execute and read and write
1274000
heap
page read and write
52A0000
direct allocation
page execute and read and write
151000
unkown
page execute and write copy
3E6F000
stack
page read and write
3F7E000
stack
page read and write
1274000
heap
page read and write
1D44C000
heap
page read and write
4951000
heap
page read and write
4E60000
direct allocation
page read and write
31CE000
stack
page read and write
3160000
heap
page read and write
2D30000
direct allocation
page read and write
1D402000
heap
page read and write
118F000
heap
page read and write
42EE000
stack
page read and write
5390000
direct allocation
page execute and read and write
61EB4000
direct allocation
page read and write
7509000
heap
page read and write
5180000
direct allocation
page read and write
1D435000
heap
page read and write
1D435000
heap
page read and write
3B0E000
stack
page read and write
F94000
heap
page read and write
5A1D000
stack
page read and write
2384F000
stack
page read and write
1045000
unkown
page execute and read and write
1D44D000
heap
page read and write
1D42D000
heap
page read and write
4F20000
direct allocation
page execute and read and write
6910000
heap
page read and write
1D44C000
heap
page read and write
F94000
heap
page read and write
13E0000
direct allocation
page read and write
5300000
direct allocation
page execute and read and write
4D01000
heap
page read and write
126E000
heap
page read and write
100C000
stack
page read and write
3DFF000
stack
page read and write
44EE000
stack
page read and write
F94000
heap
page read and write
38AF000
stack
page read and write
5550000
direct allocation
page execute and read and write
1D434000
heap
page read and write
F94000
heap
page read and write
2D90000
direct allocation
page read and write
FC4000
heap
page read and write
5B1C000
stack
page read and write
F94000
heap
page read and write
F95000
heap
page read and write
30CF000
stack
page read and write
There are 1288 hidden memdumps, click here to show them.