IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008339001\d32823a5a7.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsAEBGHDBKEB.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFCBAEBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\AKJDGDGDHDGDBFIDHDBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\BGDAAEHDHIIJKECBKEBA
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\CAFIJKFH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\CGHDAKKJJJKJKECBGCGDAEBAEH
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\HDBKJEGIEBFHCAAKKEBAEBKEBK
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\JKEGDHCFCAAECAKECBAF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\013d31a8-3146-491c-b992-fca9624f6a3b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0f1ddbfd-ffdb-4853-9cb9-eb6caea7f46d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\121b8f91-0eef-4a4b-8a09-de2f7df77ed2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\61a338c5-7c46-4464-9d07-8429aee06270.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\73999e36-7206-4cab-bc8f-81df2ba5430d.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7e88fe74-ce84-4ed3-9a70-ba78a85e9d64.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\950429ff-36c2-4d98-a309-f1030b0fe36e.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\19f11395-c786-47fd-85d9-d52167420b56.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-674153DD-1E04.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\17275855-fa2a-41a2-b979-d34d709cd912.tmp
Unicode text, UTF-8 text, with very long lines (17232), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\40016cad-18af-45a0-b454-38136ca6d732.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5e61000b-858c-486f-9d1d-cf375cbfbb9c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\85894a7b-9b25-4459-a442-f75e1a3e374c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8f722ab8-a126-4d83-9658-1409b7cc63de.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9d3c5e08-7f87-4d9a-9f41-9558e2b3f27c.tmp
Unicode text, UTF-8 text, with very long lines (17581), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\307678a6-681c-4747-ae6e-88a0ed2a7d86.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6a95f15b-9417-48c7-8121-52223cc7764e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\82b47548-5ba4-45fe-a586-bd498e1bd3d2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4d984.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ca08.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3e0ad.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a3b6bb1a-9acc-4deb-b9c9-476a58d5d9c0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c76b5295-81cb-4c7a-9418-2db1ead33394.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e5f3aa6f-14ed-4677-8061-5127bfc3c15a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40eb2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43871.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF46bc6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4c7ff.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF407bd.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF45243.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376808160205306
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0f710f49-4ec2-47c4-a5a0-522bbf227dd7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\35c2f1e3-ecdb-4f4f-8726-4564e04718f1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3e0ad.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e3ab1acf-28be-444d-b5ad-07130f1a83bd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ee0a3b0d-9a3f-4fad-ad08-c9d78d7ec863.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ceee862f-4075-4ae5-b4ae-8bed25cb48f8.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d8940df4-fd1a-4f19-8681-9c98e340cb27.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d9ad9983-39fe-4cf0-b660-cb13ea461f75.tmp
Unicode text, UTF-8 text, with very long lines (17582), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e6cb136c-c1d7-47bf-8f7a-605f40e4cd78.tmp
Unicode text, UTF-8 text, with very long lines (17417), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b576.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b586.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b6dd.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ddbf.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF424ca.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4c7e0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF523eb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ba475fed-2277-4427-8f5c-70c438360a43.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\14ccab17-fa85-4ec2-91f4-d59977f5668e.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\19737233-ced3-4ed5-b72b-10fe3ea1ddf7.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\7d5462a8-8409-4684-b8cd-5c3fed81e504.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bc0ad133-3c5d-4a12-93e7-ee6870745904.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\d64ab21d-7d74-443c-a46b-ac1999c77aeb.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\e2e11d9a-150b-473d-af50-45e2180595bd.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\f002861e-584a-4a97-9256-01e3373a0b2f.tmp
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_20349261\d64ab21d-7d74-443c-a46b-ac1999c77aeb.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_278455595\19737233-ced3-4ed5-b72b-10fe3ea1ddf7.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_278455595\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_278455595\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_278455595\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7684_278455595\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 450
ASCII text, with very long lines (792)
downloaded
Chrome Cache Entry: 451
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 452
ASCII text
downloaded
Chrome Cache Entry: 453
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 454
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 455
SVG Scalable Vector Graphics image
downloaded
There are 281 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2244,i,756847330830855966,7502689708335668289,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2248,i,10603555654738097725,8008663870441056165,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2256,i,595274430834665206,15825286994374826831,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6456 --field-trial-handle=2256,i,595274430834665206,15825286994374826831,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6656 --field-trial-handle=2256,i,595274430834665206,15825286994374826831,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7284 --field-trial-handle=2256,i,595274430834665206,15825286994374826831,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7284 --field-trial-handle=2256,i,595274430834665206,15825286994374826831,262144 /prefetch:8
malicious
C:\Users\user\DocumentsAEBGHDBKEB.exe
"C:\Users\user\DocumentsAEBGHDBKEB.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6644 --field-trial-handle=2256,i,595274430834665206,15825286994374826831,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1008339001\d32823a5a7.exe
"C:\Users\user\AppData\Local\Temp\1008339001\d32823a5a7.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsAEBGHDBKEB.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://31.41.244.11/files/random.exephpT=.s
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
23.200.0.38
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732334581519&w=0&anoncknm=app_anon&NoResponseBody=true
20.50.80.214
http://31.41.244.11/files/random.exe506ncoded
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://msn.comXIDv10.
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.68
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
185.215.113.206/c4becf79229cb002.php
https://web.telegram.org/
unknown
http://185.215.113.206/c4becf79229cb002.phpRi
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/c4becf79229cb002.phpHDBKEB.exeata;
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
http://31.41.244.11/files/random.exe#PV
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
23.209.72.21
http://185.215.113.16/mine/random.exef
unknown
http://185.215.113.43/Zu7JuNko/indexE
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732334580523&w=0&anoncknm=app_anon&NoResponseBody=true
20.50.80.214
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732334580520&w=0&anoncknm=app_anon&NoResponseBody=true
20.50.80.214
https://unitedstates2.ss.wd.microsoft.us/
unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
34.116.198.130
https://bard.google.com/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllNg
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://c.msn.com/c.gif?rnd=1732334574868&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=46462d4fbb474e0d92404563aece9897&activityId=46462d4fbb474e0d92404563aece9897&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.110.205.119
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
142.250.181.65
https://ntp.msn.com/edge/ntp
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://sb.scorecardresearch.com/b?rn=1732334574869&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=21DC5826412B689A12D14D66402C691D&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
3.168.73.83
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
https://tidal.com/
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll.1
unknown
https://ntp.msn.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732334581401&w=0&anoncknm=app_anon&NoResponseBody=true
20.50.80.214
https://gaana.com/
unknown
https://drive-staging.corp.google.com/
unknown
https://outlook.live.com/mail/compose?isExtension=true
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
unknown
https://apis.google.com
unknown
https://ntp.msn.com/
unknown
http://www.sqlite.org/copyright.html.
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
home.fvtekk5pn.top
34.116.198.130
plus.l.google.com
142.250.181.78
play.google.com
172.217.19.206
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.57
www.google.com
142.250.181.68
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
142.250.181.65
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
deff.nelreports.net
unknown
ntp.msn.com
unknown
apis.google.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
23.57.90.136
unknown
United States
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
3.168.73.83
unknown
United States
13.107.246.40
unknown
United States
152.195.19.97
unknown
United States
162.159.61.3
unknown
United States
142.250.181.68
www.google.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
142.250.181.65
googlehosted.l.googleusercontent.com
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
23.44.201.42
unknown
United States
31.41.244.11
unknown
Russian Federation
23.57.90.143
unknown
United States
13.107.21.237
unknown
United States
23.57.90.144
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
23.200.0.38
unknown
United States
20.50.80.214
unknown
United States
239.255.255.250
unknown
Reserved
104.117.182.59
unknown
United States
20.96.153.111
unknown
United States
23.209.72.21
unknown
United States
142.250.181.78
plus.l.google.com
United States
127.0.0.1
unknown
unknown
There are 19 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197732
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197732
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197732
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197732
WindowTabManagerFileMappingId
There are 97 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2F1000
unkown
page execute and read and write
 malicious
888000
heap
page read and write
 malicious
4F90000
direct allocation
page read and write
 malicious
2F1000
unkown
page execute and read and write
 malicious
4C50000
direct allocation
page read and write
 malicious
4AC0000
direct allocation
page read and write
 malicious
5100000
direct allocation
page read and write
 malicious
901000
unkown
page execute and read and write
 malicious
2F1000
unkown
page execute and read and write
 malicious
4AC0000
direct allocation
page read and write
 malicious
B41000
unkown
page execute and read and write
 malicious
8CDC000
stack
page read and write
C24000
heap
page read and write
2F1000
unkown
page execute and write copy
4B11000
heap
page read and write
1334000
heap
page read and write
1D29C000
heap
page read and write
47D1000
heap
page read and write
47D1000
heap
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
53FF000
stack
page read and write
460F000
stack
page read and write
1D1FC000
stack
page read and write
1D29C000
heap
page read and write
318E000
stack
page read and write
1440000
direct allocation
page read and write
35B000
unkown
page execute and read and write
48BF000
stack
page read and write
11A4000
heap
page read and write
EB1000
unkown
page execute and read and write
1334000
heap
page read and write
47D1000
heap
page read and write
4CC0000
direct allocation
page execute and read and write
5250000
direct allocation
page execute and read and write
122E000
unkown
page execute and read and write
6C9FE000
unkown
page read and write
50E0000
direct allocation
page execute and read and write
39CE000
stack
page read and write
1D292000
heap
page read and write
1D7F000
stack
page read and write
4620000
direct allocation
page read and write
460F000
stack
page read and write
47D1000
heap
page read and write
1334000
heap
page read and write
29A0000
heap
page read and write
2D4E000
stack
page read and write
232E0000
trusted library allocation
page read and write
596D000
stack
page read and write
1335000
heap
page read and write
57EF000
stack
page read and write
AE0000
direct allocation
page read and write
348F000
stack
page read and write
35B000
unkown
page execute and read and write
602000
unkown
page execute and write copy
B30000
direct allocation
page execute and read and write
1D26B000
heap
page read and write
1D297000
heap
page read and write
1D25B000
heap
page read and write
410F000
stack
page read and write
1533000
heap
page read and write
2E7E000
heap
page read and write
4C70000
direct allocation
page execute and read and write
5100000
direct allocation
page execute and read and write
567F000
stack
page read and write
294F000
stack
page read and write
1270000
direct allocation
page read and write
47D1000
heap
page read and write
79D000
unkown
page execute and read and write
324E000
stack
page read and write
1D278000
heap
page read and write
4C10000
direct allocation
page execute and read and write
79D000
unkown
page execute and read and write
74E000
stack
page read and write
374E000
stack
page read and write
4620000
direct allocation
page read and write
47D1000
heap
page read and write
5F4B000
stack
page read and write
1D292000
heap
page read and write
2B8F000
stack
page read and write
11A4000
heap
page read and write
11A0000
heap
page read and write
3DBE000
stack
page read and write
601000
unkown
page execute and write copy
BCB000
unkown
page execute and read and write
418F000
stack
page read and write
323F000
stack
page read and write
4DD000
unkown
page execute and read and write
2E6F000
stack
page read and write
11A4000
heap
page read and write
1335000
heap
page read and write
30CF000
stack
page read and write
11A4000
heap
page read and write
B94000
heap
page read and write
DAF000
unkown
page execute and write copy
1334000
heap
page read and write
103D000
unkown
page execute and write copy
830000
heap
page read and write
12EE000
heap
page read and write
14BF000
heap
page read and write
4B11000
heap
page read and write
1260000
heap
page read and write
462F000
stack
page read and write
5100000
direct allocation
page execute and read and write
11A4000
heap
page read and write
4C40000
direct allocation
page execute and read and write
2CC000
stack
page read and write
5A6D000
stack
page read and write
440F000
stack
page read and write
4B11000
heap
page read and write
151E000
heap
page read and write
2BEF000
stack
page read and write
47D1000
heap
page read and write
11B0000
heap
page read and write
79F000
unkown
page execute and write copy
2ACE000
stack
page read and write
4B11000
heap
page read and write
4C40000
direct allocation
page execute and read and write
30EF000
stack
page read and write
2A440000
heap
page read and write
1334000
heap
page read and write
6C971000
unkown
page execute read
1D280000
heap
page read and write
4630000
heap
page read and write
F5E000
stack
page read and write
4B11000
heap
page read and write
B94000
heap
page read and write
2C8F000
stack
page read and write
450E000
stack
page read and write
79F000
unkown
page execute and write copy
1334000
heap
page read and write
1990000
heap
page read and write
1270000
direct allocation
page read and write
2FFE000
stack
page read and write
11A4000
heap
page read and write
236A0000
trusted library allocation
page read and write
AE0000
direct allocation
page read and write
11A4000
heap
page read and write
4B11000
heap
page read and write
4B11000
heap
page read and write
4620000
direct allocation
page read and write
1D292000
heap
page read and write
2990000
direct allocation
page read and write
3B2E000
stack
page read and write
68CE000
stack
page read and write
47D1000
heap
page read and write
1334000
heap
page read and write
BB0000
heap
page read and write
11A4000
heap
page read and write
47CF000
stack
page read and write
BA0000
heap
page read and write
438F000
stack
page read and write
2EBE000
stack
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
5270000
direct allocation
page execute and read and write
4B30000
heap
page read and write
3E8F000
stack
page read and write
4B11000
heap
page read and write
1440000
direct allocation
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
900000
unkown
page readonly
523F000
stack
page read and write
2358E000
stack
page read and write
6A70000
trusted library allocation
page read and write
EF0000
heap
page read and write
3C0F000
stack
page read and write
5E60000
heap
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
34FE000
stack
page read and write
1270000
direct allocation
page read and write
1533000
heap
page read and write
424F000
stack
page read and write
12C4000
heap
page read and write
452E000
stack
page read and write
2A8F000
stack
page read and write
2FBF000
stack
page read and write
4620000
direct allocation
page read and write
47D1000
heap
page read and write
43CE000
stack
page read and write
11A4000
heap
page read and write
C90000
heap
page read and write
11A4000
heap
page read and write
11FE000
stack
page read and write
11A4000
heap
page read and write
4B11000
heap
page read and write
4B0F000
stack
page read and write
2E40000
direct allocation
page read and write
AE0000
direct allocation
page read and write
1D250000
heap
page read and write
1270000
direct allocation
page read and write
2FAF000
stack
page read and write
4B20000
heap
page read and write
4C40000
direct allocation
page execute and read and write
280F000
stack
page read and write
1545000
heap
page read and write
4631000
heap
page read and write
4B11000
heap
page read and write
AE0000
direct allocation
page read and write
AE0000
direct allocation
page read and write
BF5000
unkown
page execute and read and write
C24000
heap
page read and write
378F000
stack
page read and write
1950000
heap
page read and write
11A4000
heap
page read and write
4C40000
direct allocation
page execute and read and write
4C7F000
stack
page read and write
1334000
heap
page read and write
4C40000
direct allocation
page execute and read and write
6646000
heap
page read and write
337F000
stack
page read and write
1334000
heap
page read and write
4B11000
heap
page read and write
478E000
stack
page read and write
1270000
direct allocation
page read and write
3CE000
stack
page read and write
2E60000
direct allocation
page execute and read and write
4C20000
direct allocation
page execute and read and write
4F50000
heap
page read and write
320F000
stack
page read and write
1D26B000
heap
page read and write
4C40000
direct allocation
page execute and read and write
1334000
heap
page read and write
123D000
unkown
page execute and write copy
1334000
heap
page read and write
11A4000
heap
page read and write
4B11000
heap
page read and write
5170000
direct allocation
page execute and read and write
56EE000
stack
page read and write
11A4000
heap
page read and write
4B11000
heap
page read and write
404E000
stack
page read and write
1334000
heap
page read and write
5250000
direct allocation
page execute and read and write
B94000
heap
page read and write
1D277000
heap
page read and write
4B11000
heap
page read and write
454F000
stack
page read and write
387F000
stack
page read and write
3DCF000
stack
page read and write
4DD000
unkown
page execute and read and write
4B11000
heap
page read and write
1549000
heap
page read and write
5130000
direct allocation
page execute and read and write
1334000
heap
page read and write
1318000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
158F000
stack
page read and write
2E8E000
stack
page read and write
30CF000
stack
page read and write
1334000
heap
page read and write
3EAF000
stack
page read and write
1D29C000
heap
page read and write
1D29C000
heap
page read and write
3C4E000
stack
page read and write
2F0000
unkown
page read and write
14DB000
heap
page read and write
1334000
heap
page read and write
412F000
stack
page read and write
601000
unkown
page execute and read and write
1334000
heap
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
6CBEE000
unkown
page read and write
BB0000
heap
page read and write
11A4000
heap
page read and write
C24000
heap
page read and write
B10000
heap
page read and write
3F4E000
stack
page read and write
13F7000
unkown
page execute and write copy
3ACF000
stack
page read and write
1D279000
heap
page read and write
67C000
stack
page read and write
4B11000
heap
page read and write
49CF000
stack
page read and write
38CF000
stack
page read and write
297C000
stack
page read and write
47D1000
heap
page read and write
1D28A000
heap
page read and write
4B11000
heap
page read and write
C24000
heap
page read and write
3CCE000
stack
page read and write
4620000
direct allocation
page read and write
34CE000
stack
page read and write
152B000
heap
page read and write
2E4F000
stack
page read and write
A5E000
stack
page read and write
1D28A000
heap
page read and write
4631000
heap
page read and write
14FF000
heap
page read and write
C0C000
unkown
page execute and read and write
50D0000
direct allocation
page execute and read and write
1D29C000
heap
page read and write
1334000
heap
page read and write
42AE000
stack
page read and write
1547000
heap
page read and write
AE0000
direct allocation
page read and write
1334000
heap
page read and write
23748000
heap
page read and write
2FCE000
stack
page read and write
2FEE000
stack
page read and write
47D1000
heap
page read and write
3AEF000
stack
page read and write
6CBF5000
unkown
page readonly
125E000
stack
page read and write
4C40000
direct allocation
page execute and read and write
D8C000
unkown
page execute and read and write
11A4000
heap
page read and write
388E000
stack
page read and write
69E0000
heap
page read and write
359000
unkown
page write copy
417E000
stack
page read and write
710000
heap
page read and write
4620000
direct allocation
page read and write
1440000
direct allocation
page read and write
47D1000
heap
page read and write
37CE000
stack
page read and write
1D26B000
heap
page read and write
2F1000
unkown
page execute and write copy
488F000
stack
page read and write
12EF000
stack
page read and write
1440000
direct allocation
page read and write
1D26B000
heap
page read and write
4B11000
heap
page read and write
86A000
heap
page read and write
1334000
heap
page read and write
3D8E000
stack
page read and write
1334000
heap
page read and write
428E000
stack
page read and write
123C000
unkown
page execute and write copy
1335000
heap
page read and write
4C8B000
stack
page read and write
4DC0000
direct allocation
page execute and read and write
557E000
stack
page read and write
3C2F000
stack
page read and write
C24000
heap
page read and write
1270000
direct allocation
page read and write
B3D000
stack
page read and write
47D1000
heap
page read and write
352000
unkown
page execute and read and write
284E000
stack
page read and write
4DE0000
direct allocation
page execute and read and write
33BE000
stack
page read and write
4C40000
direct allocation
page execute and read and write
5180000
direct allocation
page execute and read and write
3C3F000
stack
page read and write
F1B000
unkown
page execute and read and write
47D1000
heap
page read and write
4B11000
heap
page read and write
47D1000
heap
page read and write
464E000
stack
page read and write
1334000
heap
page read and write
2D6E000
stack
page read and write
47D1000
heap
page read and write
354E000
stack
page read and write
3C0F000
stack
page read and write
47D1000
heap
page read and write
2990000
direct allocation
page read and write
4B11000
heap
page read and write
1D271000
heap
page read and write
47D1000
heap
page read and write
1D281000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
47D1000
heap
page read and write
4DB0000
direct allocation
page execute and read and write
1334000
heap
page read and write
11A4000
heap
page read and write
2980000
heap
page read and write
2990000
direct allocation
page read and write
1D281000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
601000
unkown
page execute and read and write
1460000
heap
page read and write
1D27B000
heap
page read and write
5F4000
unkown
page execute and read and write
4B11000
heap
page read and write
11A4000
heap
page read and write
1CF7F000
stack
page read and write
61E01000
direct allocation
page execute read
47D1000
heap
page read and write
1335000
heap
page read and write
1D277000
heap
page read and write
119E000
stack
page read and write
C24000
heap
page read and write
AE0000
direct allocation
page read and write
377E000
stack
page read and write
B1B000
heap
page read and write
4B11000
heap
page read and write
359000
unkown
page write copy
47BE000
stack
page read and write
384F000
stack
page read and write
3ACF000
stack
page read and write
7410000
heap
page read and write
5140000
direct allocation
page execute and read and write
1334000
heap
page read and write
79F000
unkown
page execute and write copy
4B11000
heap
page read and write
4631000
heap
page read and write
1334000
heap
page read and write
370F000
stack
page read and write
47D1000
heap
page read and write
91B0000
heap
page read and write
C2B000
heap
page read and write
1334000
heap
page read and write
152E000
heap
page read and write
1527000
heap
page read and write
47D1000
heap
page read and write
11B0000
heap
page read and write
5100000
direct allocation
page execute and read and write
4C40000
direct allocation
page execute and read and write
1334000
heap
page read and write
47D1000
heap
page read and write
1D280000
heap
page read and write
4AFE000
stack
page read and write
1224000
unkown
page execute and read and write
2BCF000
stack
page read and write
52D0000
direct allocation
page execute and read and write
B00000
direct allocation
page read and write
688F000
stack
page read and write
1D281000
heap
page read and write
23742000
heap
page read and write
1D28C000
heap
page read and write
1270000
direct allocation
page read and write
4B11000
heap
page read and write
4B11000
heap
page read and write
23321000
heap
page read and write
232E0000
trusted library allocation
page read and write
1D252000
heap
page read and write
4DD000
unkown
page execute and read and write
1D290000
heap
page read and write
510C000
stack
page read and write
151E000
heap
page read and write
1320000
heap
page read and write
2F0E000
stack
page read and write
47D1000
heap
page read and write
B77000
unkown
page execute and read and write
48D0000
trusted library allocation
page read and write
143F000
stack
page read and write
11A4000
heap
page read and write
2990000
direct allocation
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
4C60000
direct allocation
page execute and read and write
7A0000
unkown
page readonly
4620000
direct allocation
page read and write
312E000
stack
page read and write
2A43C000
stack
page read and write
5110000
direct allocation
page execute and read and write
4C81000
heap
page read and write
91D5000
heap
page read and write
1334000
heap
page read and write
1D28A000
heap
page read and write
428E000
stack
page read and write
602000
unkown
page execute and write copy
4A0E000
stack
page read and write
4C30000
direct allocation
page execute and read and write
1334000
heap
page read and write
1531000
heap
page read and write
6C9ED000
unkown
page readonly
47D1000
heap
page read and write
1D25E000
heap
page read and write
360E000
stack
page read and write
B00000
direct allocation
page read and write
B90000
heap
page read and write
29A7000
heap
page read and write
450E000
stack
page read and write
26C0000
heap
page read and write
11A4000
heap
page read and write
C3A000
heap
page read and write
4B11000
heap
page read and write
2E70000
direct allocation
page read and write
34CE000
stack
page read and write
1D27D000
heap
page read and write
11A4000
heap
page read and write
1290000
heap
page read and write
1547000
heap
page read and write
D8A000
unkown
page read and write
1CD3E000
stack
page read and write
33CF000
stack
page read and write
47D1000
heap
page read and write
1334000
heap
page read and write
34EE000
stack
page read and write
1334000
heap
page read and write
47D1000
heap
page read and write
1270000
direct allocation
page read and write
372F000
stack
page read and write
4B11000
heap
page read and write
1026000
unkown
page execute and read and write
373F000
stack
page read and write
2F0000
unkown
page readonly
52FE000
stack
page read and write
1D25E000
heap
page read and write
C24000
heap
page read and write
4AFE000
stack
page read and write
5BB000
unkown
page execute and read and write
386F000
stack
page read and write
1334000
heap
page read and write
47D1000
heap
page read and write
2E40000
direct allocation
page read and write
1334000
heap
page read and write
8E5000
heap
page read and write
2D2F000
stack
page read and write
116A000
unkown
page execute and read and write
233AE000
heap
page read and write
EEF000
stack
page read and write
61E00000
direct allocation
page execute and read and write
C9A000
heap
page read and write
430E000
stack
page read and write
4B11000
heap
page read and write
2E80000
heap
page read and write
52F0000
direct allocation
page execute and read and write
8B4000
heap
page read and write
359000
unkown
page write copy
47D1000
heap
page read and write
1334000
heap
page read and write
1D277000
heap
page read and write
1334000
heap
page read and write
4C10000
trusted library allocation
page read and write
2F0000
unkown
page readonly
11A4000
heap
page read and write
1334000
heap
page read and write
1D297000
heap
page read and write
233E0000
trusted library allocation
page read and write
C24000
heap
page read and write
44CF000
stack
page read and write
4B22000
heap
page read and write
1334000
heap
page read and write
2E8C000
heap
page read and write
5ACE000
stack
page read and write
ADE000
stack
page read and write
2351D000
stack
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
4B11000
heap
page read and write
233CD000
heap
page read and write
1308000
heap
page read and write
1334000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
8DDC000
stack
page read and write
AE0000
direct allocation
page read and write
47D1000
heap
page read and write
4B11000
heap
page read and write
4B11000
heap
page read and write
47D1000
heap
page read and write
2F8F000
stack
page read and write
54F4000
heap
page read and write
D78000
unkown
page execute and read and write
47D1000
heap
page read and write
1D281000
heap
page read and write
513E000
stack
page read and write
151E000
heap
page read and write
1334000
heap
page read and write
310E000
stack
page read and write
1334000
heap
page read and write
543E000
stack
page read and write
1A8E000
heap
page read and write
11A4000
heap
page read and write
5100000
direct allocation
page execute and read and write
334F000
stack
page read and write
44EF000
stack
page read and write
1330000
heap
page read and write
4AC0000
direct allocation
page read and write
1D27D000
heap
page read and write
1CBBF000
stack
page read and write
2C0E000
stack
page read and write
3E8F000
stack
page read and write
123C000
unkown
page execute and read and write
313E000
stack
page read and write
47D1000
heap
page read and write
A3C000
stack
page read and write
4B11000
heap
page read and write
414E000
stack
page read and write
1547000
heap
page read and write
1D29C000
heap
page read and write
233CC000
heap
page read and write
1334000
heap
page read and write
1D267000
heap
page read and write
467E000
stack
page read and write
47D1000
heap
page read and write
91AC000
stack
page read and write
601000
unkown
page execute and write copy
604C000
stack
page read and write
1D281000
heap
page read and write
4C10000
direct allocation
page execute and read and write
B94000
heap
page read and write
4B11000
heap
page read and write
1440000
direct allocation
page read and write
1334000
heap
page read and write
1D279000
heap
page read and write
CFC000
stack
page read and write
1334000
heap
page read and write
1D273000
heap
page read and write
47D1000
heap
page read and write
B40000
unkown
page readonly
1440000
direct allocation
page read and write
468F000
stack
page read and write
35B000
unkown
page execute and read and write
352000
unkown
page execute and read and write
5280000
direct allocation
page execute and read and write
6CA10000
unkown
page readonly
340E000
stack
page read and write
5161000
direct allocation
page read and write
90AC000
stack
page read and write
3F0F000
stack
page read and write
390E000
stack
page read and write
8C8000
heap
page read and write
601000
unkown
page execute and write copy
1334000
heap
page read and write
1334000
heap
page read and write
4B11000
heap
page read and write
4C50000
direct allocation
page execute and read and write
11A4000
heap
page read and write
11A4000
heap
page read and write
47D1000
heap
page read and write
3C8000
stack
page read and write
4B11000
heap
page read and write
11A4000
heap
page read and write
1440000
direct allocation
page read and write
1334000
heap
page read and write
362E000
stack
page read and write
1D28D000
heap
page read and write
44CF000
stack
page read and write
39CE000
stack
page read and write
17FD000
stack
page read and write
1334000
heap
page read and write
B1E000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
61EB7000
direct allocation
page readonly
2FCE000
stack
page read and write
2E77000
heap
page read and write
4B21000
direct allocation
page read and write
1533000
heap
page read and write
4B11000
heap
page read and write
359000
unkown
page write copy
4B11000
heap
page read and write
B94000
heap
page read and write
4B10000
heap
page read and write
1D281000
heap
page read and write
47D1000
heap
page read and write
1334000
heap
page read and write
901000
unkown
page execute and write copy
5F4000
unkown
page execute and read and write
6D0000
heap
page read and write
B94000
heap
page read and write
1531000
heap
page read and write
14B1000
heap
page read and write
4B11000
heap
page read and write
47D1000
heap
page read and write
2DCE000
stack
page read and write
1527000
heap
page read and write
2A330000
heap
page read and write
1A80000
heap
page read and write
47D1000
heap
page read and write
11A4000
heap
page read and write
4C90000
heap
page read and write
11A4000
heap
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
1440000
direct allocation
page read and write
1334000
heap
page read and write
47D1000
heap
page read and write
1334000
heap
page read and write
C9E000
heap
page read and write
438F000
stack
page read and write
360E000
stack
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
1D281000
heap
page read and write
1D29C000
heap
page read and write
4B11000
heap
page read and write
3EFE000
stack
page read and write
152E000
heap
page read and write
47D1000
heap
page read and write
410F000
stack
page read and write
592D000
stack
page read and write
6CA11000
unkown
page execute read
11A4000
heap
page read and write
47D1000
heap
page read and write
11A4000
heap
page read and write
C20000
heap
page read and write
3FCF000
stack
page read and write
310E000
stack
page read and write
1334000
heap
page read and write
4B11000
heap
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
11A4000
heap
page read and write
6640000
heap
page read and write
327E000
stack
page read and write
14FF000
heap
page read and write
23341000
heap
page read and write
3B0E000
stack
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
B94000
heap
page read and write
A9C000
stack
page read and write
1440000
direct allocation
page read and write
AE0000
direct allocation
page read and write
3C4E000
stack
page read and write
50CF000
stack
page read and write
47D1000
heap
page read and write
338E000
stack
page read and write
5190000
direct allocation
page execute and read and write
4B11000
heap
page read and write
416E000
stack
page read and write
42BE000
stack
page read and write
2F0000
unkown
page readonly
424F000
stack
page read and write
900000
unkown
page read and write
11A4000
heap
page read and write
1334000
heap
page read and write
69CF000
stack
page read and write
334F000
stack
page read and write
11A4000
heap
page read and write
1D377000
heap
page read and write
B41000
unkown
page execute and write copy
1CE7E000
stack
page read and write
1D281000
heap
page read and write
4C81000
heap
page read and write
86E000
heap
page read and write
52AB000
stack
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
3D4F000
stack
page read and write
2368F000
stack
page read and write
1270000
direct allocation
page read and write
4CD0000
direct allocation
page execute and read and write
79E000
stack
page read and write
4C30000
direct allocation
page execute and read and write
6CA02000
unkown
page readonly
35CF000
stack
page read and write
403E000
stack
page read and write
3D7F000
stack
page read and write
4B7E000
stack
page read and write
C11000
unkown
page execute and read and write
47D1000
heap
page read and write
1334000
heap
page read and write
1D26B000
heap
page read and write
740E000
heap
page read and write
26C7000
heap
page read and write
52A0000
direct allocation
page execute and read and write
1334000
heap
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
4D80000
trusted library allocation
page read and write
47D1000
heap
page read and write
1334000
heap
page read and write
11A4000
heap
page read and write
795000
heap
page read and write
47D1000
heap
page read and write
179E000
stack
page read and write
AE0000
direct allocation
page read and write
4C81000
heap
page read and write
1D28A000
heap
page read and write
14FF000
heap
page read and write
5150000
direct allocation
page execute and read and write
790000
heap
page read and write
1526000
heap
page read and write
1D26A000
heap
page read and write
1334000
heap
page read and write
23520000
trusted library allocation
page read and write
1D281000
heap
page read and write
4C40000
direct allocation
page execute and read and write
4CB0000
direct allocation
page execute and read and write
11A4000
heap
page read and write
6CBEF000
unkown
page write copy
1334000
heap
page read and write
2990000
direct allocation
page read and write
C1E000
stack
page read and write
1D281000
heap
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
5250000
direct allocation
page execute and read and write
146A000
heap
page read and write
359000
unkown
page write copy
1D276000
heap
page read and write
4B11000
heap
page read and write
1D277000
heap
page read and write
61ECC000
direct allocation
page read and write
1334000
heap
page read and write
4BFF000
stack
page read and write
1334000
heap
page read and write
61ECD000
direct allocation
page readonly
5250000
direct allocation
page execute and read and write
444E000
stack
page read and write
189E000
stack
page read and write
2990000
direct allocation
page read and write
1334000
heap
page read and write
7401000
heap
page read and write
1334000
heap
page read and write
152E000
heap
page read and write
42CF000
stack
page read and write
4DD0000
direct allocation
page execute and read and write
1334000
heap
page read and write
1D275000
heap
page read and write
1D27D000
heap
page read and write
61EB4000
direct allocation
page read and write
11A4000
heap
page read and write
43CE000
stack
page read and write
662E000
stack
page read and write
414E000
stack
page read and write
4FF1000
direct allocation
page read and write
2373D000
heap
page read and write
4C40000
direct allocation
page execute and read and write
146E000
heap
page read and write
368E000
stack
page read and write
1D276000
heap
page read and write
1D280000
heap
page read and write
1334000
heap
page read and write
426F000
stack
page read and write
4AC0000
direct allocation
page read and write
1334000
heap
page read and write
4B11000
heap
page read and write
477F000
stack
page read and write
7A1000
unkown
page execute and write copy
52C0000
direct allocation
page execute and read and write
14BE000
heap
page read and write
5250000
direct allocation
page execute and read and write
4B11000
heap
page read and write
1334000
heap
page read and write
2990000
direct allocation
page read and write
4C81000
heap
page read and write
413F000
stack
page read and write
102E000
unkown
page execute and read and write
11A4000
heap
page read and write
1334000
heap
page read and write
1531000
heap
page read and write
1D277000
heap
page read and write
A3C000
stack
page read and write
47D1000
heap
page read and write
1D28A000
heap
page read and write
1D281000
heap
page read and write
11A4000
heap
page read and write
4B21000
direct allocation
page read and write
1334000
heap
page read and write
1D274000
heap
page read and write
1D281000
heap
page read and write
359000
unkown
page write copy
13F5000
unkown
page execute and read and write
370F000
stack
page read and write
1D281000
heap
page read and write
350F000
stack
page read and write
678E000
stack
page read and write
1D267000
heap
page read and write
1520000
heap
page read and write
1D29C000
heap
page read and write
C24000
heap
page read and write
47D1000
heap
page read and write
4B11000
heap
page read and write
DAD000
unkown
page execute and read and write
C11000
unkown
page execute and write copy
11A4000
heap
page read and write
11A4000
heap
page read and write
12FE000
stack
page read and write
7DE000
stack
page read and write
4C20000
direct allocation
page execute and read and write
5BB000
unkown
page execute and read and write
1334000
heap
page read and write
11A4000
heap
page read and write
4B11000
heap
page read and write
C6E000
stack
page read and write
35FF000
stack
page read and write
3A4E000
stack
page read and write
35EF000
stack
page read and write
4C40000
direct allocation
page execute and read and write
61ED0000
direct allocation
page read and write
4D8F000
stack
page read and write
398F000
stack
page read and write
352000
unkown
page execute and read and write
427F000
stack
page read and write
270E000
stack
page read and write
2F1000
unkown
page execute and write copy
1D297000
heap
page read and write
601000
unkown
page execute and read and write
96B000
unkown
page execute and read and write
47D1000
heap
page read and write
38AE000
stack
page read and write
3C6E000
stack
page read and write
4CA0000
direct allocation
page execute and read and write
5EB000
unkown
page execute and read and write
4610000
heap
page read and write
4C80000
direct allocation
page execute and read and write
1334000
heap
page read and write
4B11000
heap
page read and write
376E000
stack
page read and write
6645000
heap
page read and write
1334000
heap
page read and write
AE0000
direct allocation
page read and write
840000
heap
page read and write
47D1000
heap
page read and write
1D281000
heap
page read and write
47D1000
heap
page read and write
1334000
heap
page read and write
14AB000
heap
page read and write
47D1000
heap
page read and write
1D273000
heap
page read and write
336F000
stack
page read and write
4B11000
heap
page read and write
151E000
heap
page read and write
1D292000
heap
page read and write
4CE0000
direct allocation
page execute and read and write
1334000
heap
page read and write
1D281000
heap
page read and write
48CE000
stack
page read and write
232E0000
heap
page read and write
47D1000
heap
page read and write
364F000
stack
page read and write
5160000
direct allocation
page execute and read and write
D8A000
unkown
page write copy
4C80000
heap
page read and write
34BF000
stack
page read and write
47D1000
heap
page read and write
1D275000
heap
page read and write
52B0000
direct allocation
page execute and read and write
1D273000
heap
page read and write
1334000
heap
page read and write
2990000
direct allocation
page read and write
2E70000
direct allocation
page read and write
3AFF000
stack
page read and write
324E000
stack
page read and write
77E000
stack
page read and write
38BE000
stack
page read and write
463F000
stack
page read and write
2990000
direct allocation
page read and write
5120000
direct allocation
page execute and read and write
52E0000
direct allocation
page execute and read and write
4620000
direct allocation
page read and write
47D1000
heap
page read and write
B94000
heap
page read and write
4620000
direct allocation
page read and write
30FF000
stack
page read and write
1D2FD000
heap
page read and write
4B11000
heap
page read and write
B94000
heap
page read and write
1D292000
heap
page read and write
298E000
stack
page read and write
7270000
heap
page read and write
1270000
direct allocation
page read and write
1335000
heap
page read and write
388E000
stack
page read and write
4730000
trusted library allocation
page read and write
4B11000
heap
page read and write
3ECE000
stack
page read and write
47D1000
heap
page read and write
4620000
direct allocation
page read and write
1334000
heap
page read and write
B94000
heap
page read and write
11A4000
heap
page read and write
41CE000
stack
page read and write
7500000
heap
page read and write
338E000
stack
page read and write
2990000
direct allocation
page read and write
AE0000
direct allocation
page read and write
4B11000
heap
page read and write
5250000
direct allocation
page execute and read and write
47D1000
heap
page read and write
11A4000
heap
page read and write
1D271000
heap
page read and write
1334000
heap
page read and write
11A4000
heap
page read and write
3FFF000
stack
page read and write
1270000
direct allocation
page read and write
384F000
stack
page read and write
1CFBE000
stack
page read and write
BC4000
unkown
page execute and read and write
4B11000
heap
page read and write
47D1000
heap
page read and write
4C80000
direct allocation
page execute and read and write
1334000
heap
page read and write
1334000
heap
page read and write
4630000
heap
page read and write
1290000
heap
page read and write
103E000
unkown
page execute and write copy
4B11000
heap
page read and write
2990000
direct allocation
page read and write
5240000
direct allocation
page execute and read and write
2373A000
heap
page read and write
14DE000
heap
page read and write
1D279000
heap
page read and write
1440000
direct allocation
page read and write
47D1000
heap
page read and write
49FF000
stack
page read and write
4620000
direct allocation
page read and write
6CBAF000
unkown
page readonly
1CE3E000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
4631000
heap
page read and write
39BF000
stack
page read and write
1334000
heap
page read and write
1D273000
heap
page read and write
1334000
heap
page read and write
5100000
direct allocation
page execute and read and write
2A441000
heap
page read and write
400E000
stack
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
11A4000
heap
page read and write
363E000
stack
page read and write
BFB000
unkown
page execute and read and write
2990000
direct allocation
page read and write
103D000
unkown
page execute and read and write
11A4000
heap
page read and write
3C8F000
stack
page read and write
39EE000
stack
page read and write
1270000
direct allocation
page read and write
1D29A000
heap
page read and write
314F000
stack
page read and write
962000
unkown
page execute and read and write
1D263000
heap
page read and write
4BFF000
stack
page read and write
105F000
stack
page read and write
11E5000
unkown
page execute and read and write
47D1000
heap
page read and write
4C70000
direct allocation
page execute and read and write
8E1E000
stack
page read and write
B40000
unkown
page read and write
322F000
stack
page read and write
151E000
heap
page read and write
47D1000
heap
page read and write
3FCF000
stack
page read and write
3FEF000
stack
page read and write
116D000
unkown
page execute and read and write
6E0000
heap
page read and write
12C8000
heap
page read and write
3D8E000
stack
page read and write
4730000
trusted library allocation
page read and write
1D274000
heap
page read and write
1334000
heap
page read and write
4B11000
heap
page read and write
CA7000
unkown
page execute and read and write
1CABE000
stack
page read and write
B94000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
400E000
stack
page read and write
105B000
stack
page read and write
4B11000
heap
page read and write
4A3E000
stack
page read and write
1D277000
heap
page read and write
47D1000
heap
page read and write
3A0F000
stack
page read and write
1D297000
heap
page read and write
8F1F000
stack
page read and write
2AEE000
stack
page read and write
4C81000
heap
page read and write
348F000
stack
page read and write
969000
unkown
page write copy
47D1000
heap
page read and write
3DAE000
stack
page read and write
1D281000
heap
page read and write
3B8E000
stack
page read and write
14A6000
heap
page read and write
2EAE000
stack
page read and write
1334000
heap
page read and write
1CCFF000
stack
page read and write
1D267000
heap
page read and write
B94000
heap
page read and write
32CE000
stack
page read and write
1297000
heap
page read and write
C1E000
stack
page read and write
4B11000
heap
page read and write
C24000
heap
page read and write
11A4000
heap
page read and write
4B11000
heap
page read and write
326E000
stack
page read and write
3EEE000
stack
page read and write
2990000
direct allocation
page read and write
5260000
direct allocation
page execute and read and write
14E6000
heap
page read and write
1334000
heap
page read and write
300F000
stack
page read and write
5BCF000
stack
page read and write
3B4F000
stack
page read and write
5EB000
unkown
page execute and read and write
1334000
heap
page read and write
408E000
stack
page read and write
2D8F000
stack
page read and write
4C90000
direct allocation
page execute and read and write
1440000
direct allocation
page read and write
4631000
heap
page read and write
1D274000
heap
page read and write
1D29C000
heap
page read and write
C12000
unkown
page execute and write copy
283E000
stack
page read and write
883000
heap
page read and write
4631000
heap
page read and write
2990000
direct allocation
page read and write
860000
heap
page read and write
34AF000
stack
page read and write
3D4E000
stack
page read and write
4B11000
heap
page read and write
482B000
heap
page read and write
458E000
stack
page read and write
7400000
heap
page read and write
47D1000
heap
page read and write
1D299000
heap
page read and write
C24000
heap
page read and write
11A4000
heap
page read and write
47D1000
heap
page read and write
47D1000
heap
page read and write
582E000
stack
page read and write
1D370000
trusted library allocation
page read and write
93E000
heap
page read and write
43EE000
stack
page read and write
1D29C000
heap
page read and write
2ECF000
stack
page read and write
4620000
direct allocation
page read and write
35CF000
stack
page read and write
1334000
heap
page read and write
4CD0000
direct allocation
page execute and read and write
1334000
heap
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
3B0E000
stack
page read and write
1D273000
heap
page read and write
4B11000
heap
page read and write
3EBF000
stack
page read and write
4B11000
heap
page read and write
B3D000
stack
page read and write
79D000
unkown
page execute and read and write
51A0000
direct allocation
page execute and read and write
1335000
heap
page read and write
304E000
stack
page read and write
1270000
direct allocation
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
602000
unkown
page execute and write copy
61ED4000
direct allocation
page readonly
1270000
direct allocation
page read and write
4B11000
heap
page read and write
2E70000
heap
page read and write
47D1000
heap
page read and write
5100000
direct allocation
page execute and read and write
4D90000
direct allocation
page execute and read and write
3ECE000
stack
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
23745000
heap
page read and write
2D0F000
stack
page read and write
11A4000
heap
page read and write
4C50000
direct allocation
page execute and read and write
1334000
heap
page read and write
4AC0000
direct allocation
page read and write
4AC0000
direct allocation
page read and write
6C970000
unkown
page readonly
14FF000
heap
page read and write
B94000
heap
page read and write
1D27C000
heap
page read and write
474F000
stack
page read and write
B17000
heap
page read and write
3D6F000
stack
page read and write
1334000
heap
page read and write
50F0000
direct allocation
page execute and read and write
1334000
heap
page read and write
4B11000
heap
page read and write
1D0BD000
stack
page read and write
1334000
heap
page read and write
23300000
heap
page read and write
47E2000
heap
page read and write
4C90000
direct allocation
page execute and read and write
1334000
heap
page read and write
4631000
heap
page read and write
B94000
heap
page read and write
4B3F000
stack
page read and write
1440000
direct allocation
page read and write
152E000
heap
page read and write
115A000
stack
page read and write
B94000
heap
page read and write
7410000
heap
page read and write
320F000
stack
page read and write
1A8A000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
2341E000
stack
page read and write
1D29C000
heap
page read and write
3B3E000
stack
page read and write
48FE000
stack
page read and write
5EB000
unkown
page execute and read and write
11E6000
unkown
page execute and write copy
402E000
stack
page read and write
4631000
heap
page read and write
47D0000
heap
page read and write
61ED3000
direct allocation
page read and write
148E000
stack
page read and write
398F000
stack
page read and write
82E000
stack
page read and write
4B11000
heap
page read and write
630000
heap
page read and write
4DB0000
direct allocation
page execute and read and write
2F0000
unkown
page read and write
54F0000
heap
page read and write
4C81000
heap
page read and write
3E0E000
stack
page read and write
1440000
direct allocation
page read and write
371F000
stack
page read and write
43AF000
stack
page read and write
2C2E000
stack
page read and write
1060000
heap
page read and write
39AF000
stack
page read and write
5290000
direct allocation
page execute and read and write
1334000
heap
page read and write
727A000
heap
page read and write
1334000
heap
page read and write
1D27C000
heap
page read and write
C20000
heap
page read and write
C04000
unkown
page execute and read and write
374E000
stack
page read and write
43FE000
stack
page read and write
2E87000
heap
page read and write
1D267000
heap
page read and write
1D281000
heap
page read and write
2E2F000
stack
page read and write
AE0000
direct allocation
page read and write
47D1000
heap
page read and write
1040000
unkown
page execute and read and write
1547000
heap
page read and write
6CBF0000
unkown
page read and write
AE0000
direct allocation
page read and write
969000
unkown
page write copy
4B11000
heap
page read and write
1334000
heap
page read and write
46CE000
stack
page read and write
2AAF000
stack
page read and write
4C60000
direct allocation
page execute and read and write
1334000
heap
page read and write
4620000
direct allocation
page read and write
674F000
stack
page read and write
2E50000
direct allocation
page execute and read and write
47D1000
heap
page read and write
1D281000
heap
page read and write
39FE000
stack
page read and write
4B11000
heap
page read and write
1334000
heap
page read and write
11A4000
heap
page read and write
1334000
heap
page read and write
4CC0000
direct allocation
page execute and read and write
C24000
heap
page read and write
2F8F000
stack
page read and write
43BF000
stack
page read and write
B00000
direct allocation
page read and write
2F0000
unkown
page read and write
7A1000
unkown
page execute and write copy
4B11000
heap
page read and write
FFD000
unkown
page execute and read and write
1334000
heap
page read and write
1D0FE000
stack
page read and write
4620000
direct allocation
page read and write
47D1000
heap
page read and write
AED000
unkown
page execute and read and write
33AE000
stack
page read and write
1440000
direct allocation
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
328F000
stack
page read and write
5BB000
unkown
page execute and read and write
1D279000
heap
page read and write
1CBFE000
stack
page read and write
47D1000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
553F000
stack
page read and write
7A0000
unkown
page readonly
1D297000
heap
page read and write
453E000
stack
page read and write
1334000
heap
page read and write
4C86000
direct allocation
page read and write
1D279000
heap
page read and write
3C3000
stack
page read and write
4FCB000
stack
page read and write
5F4000
unkown
page execute and read and write
47D1000
heap
page read and write
44FF000
stack
page read and write
293F000
stack
page read and write
3C7E000
stack
page read and write
DFD000
stack
page read and write
2E6C000
stack
page read and write
2A28B000
stack
page read and write
1D29C000
heap
page read and write
1334000
heap
page read and write
1334000
heap
page read and write
There are 1279 hidden memdumps, click here to show them.