IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008379001\2ae4e7be65.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008388001\c9b8a5fd06.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsEGIDAAFIEH.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BGDGHJEH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\BKECFIIE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\BKFBAECBAEGDGDHIEHIJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\CBAKJEHDBGHIEBGCGDGH
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\DAAAKFHIEGDGCAAAEGDGIDAECF
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\FIDHIEBAAKJDHIECAAFH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\KECBGCGCGIEGCBFHIIEBFCAFHI
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0a44f9ad-1dfc-4cb5-8305-a1acd912b7ea.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0c3930c4-2a01-4b33-ad0a-d226a28e51ff.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\19eca544-fa81-469d-ad4e-8ad016675626.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2f47805e-970c-4331-b469-a624e6e865cd.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\4e90d9bc-465a-4e3c-9930-649931e19af6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67418F69-1F88.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\16da3a90-f5b0-4143-b5c3-13cbd39e6ad7.tmp
ASCII text, with very long lines (17469), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\173fda16-eaba-4d00-8b25-42127cc235d3.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\18849994-b866-4644-b832-ae7c7d4b9b20.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\69e4e521-bd6d-4f5e-b019-0a4301119b2c.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6fbf5e11-46e3-45cc-b3bc-7ed8ed81ecca.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8c7af283-f49e-453e-bf0d-53e22ea2955b.tmp
ASCII text, with very long lines (17304), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\064fb166-0b2b-4929-87d9-28ad8c9be488.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\56ba6c97-3a3f-4257-8093-7d75c50a2602.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\88e2990b-7b33-4677-8387-aaa3ecc7cbe5.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4d7ce.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c823.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3dd70.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c5f7cecb-7edd-4153-b9f2-b66558c19af5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d06fa5fa-724b-4a27-b5c2-d2564335222f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d2385630-09f9-466c-badf-76c06f2b53fc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40da8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43748.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF46899.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4c5fc.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF40490.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF44f16.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376823403822784
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\089a9f67-1ce7-41ea-9541-cba59097a904.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2c309b4a-bc37-475b-a8e3-799d37570a6c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7e65755d-e3f1-4ccb-9ea0-49daa7129a23.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\98d52723-7741-499a-87a2-5df8cc64101d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3dd70.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aee2a136-096f-484d-8086-3c9b9e45fe0e.tmp
ASCII text, with very long lines (17119), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d07dd127-d90f-4121-b65f-0c0caae9abff.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e1c3a9de-fb08-4b06-a93a-1f2a310cf2ab.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e4204f22-7ba2-41f9-8460-e67cfcfcce8f.tmp
ASCII text, with very long lines (17469), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b334.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b4da.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3dbbb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF42278.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4c5ae.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF52274.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c4efbd12-fdec-485a-a2e0-829b20e3d9b8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e997fa0c-5eed-4404-b806-ec6a39c5d981.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ea28cd48-38ef-4c8e-b6c5-19347f35c218.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f02e059b-1669-4c9b-aab7-55f370103b70.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\0b420182-10b6-4c8e-91ae-b259981b278c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\2a83c715-6af2-4f2e-9eeb-510784ba7aaf.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\31664ba3-898c-49b9-9939-ad0c9e855f9f.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\39182ac1-24e0-46c4-a551-971e3a18bcf4.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\9adfea27-f60f-4969-8480-a9470b52513f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\a81bb214-19aa-4775-9e85-dc7962de0e13.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\d786b3af-29be-4513-85fe-b2780f80b48c.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\0b420182-10b6-4c8e-91ae-b259981b278c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1949558602\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1985446912\9adfea27-f60f-4969-8480-a9470b52513f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1985446912\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1985446912\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1985446912\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8072_1985446912\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 450
ASCII text, with very long lines (3500)
downloaded
Chrome Cache Entry: 451
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 452
ASCII text
downloaded
Chrome Cache Entry: 453
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 454
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 455
SVG Scalable Vector Graphics image
downloaded
There are 282 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2148,i,4198706579976940952,3932764698793424289,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2288,i,817918641045606747,12257324386537254083,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=2116,i,7322940045532911273,13710491175629662104,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6464 --field-trial-handle=2116,i,7322940045532911273,13710491175629662104,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6608 --field-trial-handle=2116,i,7322940045532911273,13710491175629662104,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7204 --field-trial-handle=2116,i,7322940045532911273,13710491175629662104,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7204 --field-trial-handle=2116,i,7322940045532911273,13710491175629662104,262144 /prefetch:8
malicious
C:\Users\user\DocumentsEGIDAAFIEH.exe
"C:\Users\user\DocumentsEGIDAAFIEH.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5952 --field-trial-handle=2116,i,7322940045532911273,13710491175629662104,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1008379001\2ae4e7be65.exe
"C:\Users\user\AppData\Local\Temp\1008379001\2ae4e7be65.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsEGIDAAFIEH.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll1
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/common.070b7e2c0c11bf3433e5.js
23.209.72.25
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllC
unknown
https://ntp.msn.com/0
unknown
https://assets2.msn.com/bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js
184.28.190.51
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
23.200.0.38
https://ntp.msn.cn/edge/ntp
unknown
https://sb.scorecardresearch.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732349818185&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
40.79.141.153
https://deff.nelreports.net/api/report
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
https://sb.scorecardresearch.com/b2?rn=1732349818187&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1124054842946B4F2DE61008433C6A40&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.219.40
https://curl.se/docs/hsts.html
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll#
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/sqlite3.dllbd
unknown
http://185.215.113.206/c4becf79229cb002.phpfi
unknown
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
172.217.21.36
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
185.215.113.206/c4becf79229cb002.php
http://185.215.113.16/luma/random.exeC
unknown
https://web.telegram.org/
unknown
http://185.215.113.16/fac00b58987e8e7e7b9ca30804042ba5ce90241545
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://c.msn.com/c.gif?rnd=1732349818187&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=514b73816cb24419b460befa9de20ac2&activityId=514b73816cb24419b460befa9de20ac2&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=D3B49BBCE2FE436FBC01B2C47C41EB7F&MUID=1124054842946B4F2DE61008433C6A40
20.110.205.119
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://curl.se/docs/alt-svc.html
unknown
https://ace-snapper-privately.ngrok-free.app/test/testFailed
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js
23.209.72.25
http://185.215.113.16/luma/random.exeK
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
http://185.215.113.16/luma/random.exeI
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
http://31.41.244.11/files/random.exe506238l
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
23.200.0.9
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
23.209.72.25
https://www.msn.com/web-notification-icon-light.png
unknown
https://c.msn.com/c.gif?rnd=1732349818187&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=514b73816cb24419b460befa9de20ac2&activityId=514b73816cb24419b460befa9de20ac2&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.110.205.119
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllM
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
34.116.198.130
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
http://185.215.113.43/Zu7JuNko/index.phpU
unknown
http://html4/loose.dtd
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.16/luma/random.exe61395dC
unknown
https://web.whatsapp.com
unknown
http://185.215.113.206/c4becf79229cb002.php_
unknown
https://m.kugou.com/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
162.159.61.3
home.fvtekk5pn.top
34.116.198.130
plus.l.google.com
142.250.181.110
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
www.google.com
172.217.21.36
googlehosted.l.googleusercontent.com
142.250.181.97
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
deff.nelreports.net
unknown
ntp.msn.com
unknown
apis.google.com
unknown
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.40
unknown
United States
184.28.190.51
unknown
United States
152.195.19.97
unknown
United States
192.168.2.7
unknown
unknown
23.219.82.59
unknown
United States
142.250.181.110
plus.l.google.com
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
23.219.82.72
unknown
United States
23.200.0.9
unknown
United States
172.217.21.36
www.google.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
18.173.219.40
unknown
United States
204.79.197.237
unknown
United States
31.41.244.11
unknown
Russian Federation
40.79.141.153
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
23.200.0.38
unknown
United States
239.255.255.250
unknown
Reserved
104.117.182.59
unknown
United States
23.219.82.40
unknown
United States
34.116.198.130
home.fvtekk5pn.top
United States
23.101.168.44
unknown
United States
23.209.72.25
unknown
United States
142.250.181.97
googlehosted.l.googleusercontent.com
United States
127.0.0.1
unknown
unknown
There are 20 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197622
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197622
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197622
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197622
WindowTabManagerFileMappingId
There are 97 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4DE0000
direct allocation
page read and write
 malicious
D38000
heap
page read and write
 malicious
7B1000
unkown
page execute and read and write
 malicious
A61000
unkown
page execute and read and write
 malicious
7B1000
unkown
page execute and read and write
 malicious
51B0000
direct allocation
page read and write
 malicious
271000
unkown
page execute and read and write
 malicious
4C30000
direct allocation
page read and write
 malicious
4AB0000
direct allocation
page read and write
 malicious
E34000
heap
page read and write
236BF000
stack
page read and write
23966000
heap
page read and write
47A1000
heap
page read and write
1444000
heap
page read and write
1CE8E000
stack
page read and write
E34000
heap
page read and write
1D2BA000
heap
page read and write
4621000
heap
page read and write
CF2000
stack
page read and write
E34000
heap
page read and write
4C30000
direct allocation
page execute and read and write
1D2A0000
heap
page read and write
7524000
heap
page read and write
6B41000
heap
page read and write
23306000
heap
page read and write
1444000
heap
page read and write
1D2BC000
heap
page read and write
DA1000
heap
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
325000
unkown
page execute and read and write
752D000
heap
page read and write
3AAE000
stack
page read and write
1444000
heap
page read and write
47A1000
heap
page read and write
181F000
stack
page read and write
300F000
stack
page read and write
23301000
heap
page read and write
4621000
heap
page read and write
47A1000
heap
page read and write
E34000
heap
page read and write
157E000
heap
page read and write
468E000
stack
page read and write
1D2B7000
heap
page read and write
4621000
heap
page read and write
E34000
heap
page read and write
4790000
direct allocation
page read and write
15F1000
heap
page read and write
238C0000
trusted library allocation
page read and write
4621000
heap
page read and write
7250000
direct allocation
page execute and read and write
76AE000
heap
page read and write
6FD0000
direct allocation
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
314F000
stack
page read and write
1D2AB000
heap
page read and write
4E30000
trusted library allocation
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
6B41000
heap
page read and write
521000
unkown
page execute and write copy
4FB0000
direct allocation
page execute and read and write
1D2B7000
heap
page read and write
15F1000
heap
page read and write
401E000
stack
page read and write
43CF000
stack
page read and write
4621000
heap
page read and write
D7D000
unkown
page execute and write copy
DAB000
heap
page read and write
1D297000
heap
page read and write
47A1000
heap
page read and write
1D27B000
heap
page read and write
4C30000
direct allocation
page read and write
3E2F000
stack
page read and write
1444000
heap
page read and write
35DF000
stack
page read and write
1444000
heap
page read and write
61ED0000
direct allocation
page read and write
76EE000
heap
page read and write
7520000
heap
page read and write
5320000
direct allocation
page execute and read and write
47A1000
heap
page read and write
373F000
stack
page read and write
4621000
heap
page read and write
1440000
heap
page read and write
1444000
heap
page read and write
6B41000
heap
page read and write
6B41000
heap
page read and write
7738000
heap
page read and write
7B0000
unkown
page readonly
7A0000
direct allocation
page read and write
47A1000
heap
page read and write
3E6E000
stack
page read and write
47A1000
heap
page read and write
61E00000
direct allocation
page execute and read and write
767E000
heap
page read and write
767C000
heap
page read and write
4280000
heap
page read and write
389E000
stack
page read and write
7526000
heap
page read and write
689F000
stack
page read and write
4D40000
heap
page read and write
4E1E000
stack
page read and write
34BF000
stack
page read and write
6B41000
heap
page read and write
6B41000
heap
page read and write
1444000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
1444000
heap
page read and write
4BC000
unkown
page execute and read and write
3DBD000
stack
page read and write
15DE000
heap
page read and write
79C1000
heap
page read and write
6B41000
heap
page read and write
7528000
heap
page read and write
4621000
heap
page read and write
1444000
heap
page read and write
39DE000
stack
page read and write
1D28B000
heap
page read and write
6FD0000
direct allocation
page read and write
1D287000
heap
page read and write
7621000
heap
page read and write
363E000
stack
page read and write
47A1000
heap
page read and write
6B41000
heap
page read and write
4AAF000
stack
page read and write
4A40000
direct allocation
page read and write
4621000
heap
page read and write
FD5000
unkown
page execute and write copy
77E000
stack
page read and write
1D27E000
heap
page read and write
6B41000
heap
page read and write
1571000
heap
page read and write
417E000
stack
page read and write
39FE000
stack
page read and write
D6D000
unkown
page execute and read and write
505F000
stack
page read and write
7250000
direct allocation
page execute and read and write
1D2A1000
heap
page read and write
486E000
stack
page read and write
4C40000
direct allocation
page execute and read and write
1444000
heap
page read and write
1D392000
heap
page read and write
33AF000
stack
page read and write
3E0E000
stack
page read and write
148E000
stack
page read and write
5320000
direct allocation
page execute and read and write
1D2BC000
heap
page read and write
313E000
stack
page read and write
47A1000
heap
page read and write
E34000
heap
page read and write
5320000
direct allocation
page execute and read and write
5320000
direct allocation
page execute and read and write
1D27E000
heap
page read and write
FAE000
stack
page read and write
76EE000
heap
page read and write
CE0000
heap
page read and write
7813000
heap
page read and write
7230000
direct allocation
page execute and read and write
271000
unkown
page execute and write copy
75C1000
heap
page read and write
4CD0000
direct allocation
page execute and read and write
432F000
stack
page read and write
ACC000
unkown
page execute and write copy
E34000
heap
page read and write
4D31000
heap
page read and write
E34000
heap
page read and write
6B41000
heap
page read and write
1444000
heap
page read and write
47A1000
heap
page read and write
76D9000
direct allocation
page read and write
1445000
heap
page read and write
776D000
heap
page read and write
543D000
stack
page read and write
28D0000
heap
page read and write
1D2BC000
heap
page read and write
2D3F000
stack
page read and write
3090000
direct allocation
page read and write
2A4B0000
heap
page read and write
4621000
heap
page read and write
7250000
direct allocation
page execute and read and write
766E000
heap
page read and write
4621000
heap
page read and write
1D2B4000
heap
page read and write
4DDB000
stack
page read and write
819000
unkown
page write copy
4621000
heap
page read and write
157F000
heap
page read and write
ACC000
unkown
page execute and read and write
79D0000
heap
page read and write
4C20000
direct allocation
page execute and read and write
2FFE000
stack
page read and write
6CBDF000
unkown
page write copy
5370000
direct allocation
page execute and read and write
CC0000
heap
page read and write
1D2A1000
heap
page read and write
47A1000
heap
page read and write
4621000
heap
page read and write
440E000
stack
page read and write
76CD000
heap
page read and write
40AF000
stack
page read and write
4790000
direct allocation
page read and write
6CB9F000
unkown
page readonly
1D20C000
stack
page read and write
1510000
direct allocation
page read and write
1D2C2000
heap
page read and write
105E000
heap
page read and write
D66000
unkown
page execute and read and write
1D2A1000
heap
page read and write
4C80000
direct allocation
page execute and read and write
4621000
heap
page read and write
6B41000
heap
page read and write
D3E000
heap
page read and write
CF7000
stack
page read and write
399F000
stack
page read and write
4621000
heap
page read and write
4F60000
direct allocation
page execute and read and write
DFE000
stack
page read and write
47A1000
heap
page read and write
3B1E000
stack
page read and write
378F000
stack
page read and write
4621000
heap
page read and write
78BE000
heap
page read and write
3A6F000
stack
page read and write
819000
unkown
page write copy
450F000
stack
page read and write
4941000
heap
page read and write
3FAE000
stack
page read and write
36AF000
stack
page read and write
480E000
stack
page read and write
1D2AB000
heap
page read and write
403E000
stack
page read and write
1D2B6000
heap
page read and write
1D2B3000
heap
page read and write
1444000
heap
page read and write
4790000
direct allocation
page read and write
75E9000
heap
page read and write
4621000
heap
page read and write
446F000
stack
page read and write
779A000
heap
page read and write
4621000
heap
page read and write
12FA000
stack
page read and write
4A40000
direct allocation
page read and write
3A0F000
stack
page read and write
1444000
heap
page read and write
6B30000
direct allocation
page read and write
6AA0000
heap
page read and write
A4B000
stack
page read and write
1D10D000
stack
page read and write
4630000
heap
page read and write
1D2C8000
heap
page read and write
35FF000
stack
page read and write
6B41000
heap
page read and write
6B41000
heap
page read and write
34FE000
stack
page read and write
1444000
heap
page read and write
7AC0000
heap
page read and write
233DB000
heap
page read and write
375E000
stack
page read and write
157A000
heap
page read and write
4F60000
direct allocation
page execute and read and write
34AF000
stack
page read and write
3EDE000
stack
page read and write
4621000
heap
page read and write
2E9E000
stack
page read and write
7250000
direct allocation
page execute and read and write
1D29D000
heap
page read and write
106E000
stack
page read and write
444E000
stack
page read and write
4F90000
direct allocation
page execute and read and write
E34000
heap
page read and write
1444000
heap
page read and write
1510000
direct allocation
page read and write
6B41000
heap
page read and write
7A0000
direct allocation
page read and write
270000
unkown
page readonly
1D287000
heap
page read and write
47A1000
heap
page read and write
436D000
stack
page read and write
1520000
heap
page read and write
ACD000
unkown
page execute and write copy
4621000
heap
page read and write
1D295000
heap
page read and write
6B41000
heap
page read and write
44AE000
stack
page read and write
42CE000
stack
page read and write
1444000
heap
page read and write
E34000
heap
page read and write
6B30000
direct allocation
page read and write
4621000
heap
page read and write
7522000
heap
page read and write
3C5E000
stack
page read and write
D94000
heap
page read and write
1D2BC000
heap
page read and write
4C30000
direct allocation
page read and write
4621000
heap
page read and write
4790000
direct allocation
page read and write
7628000
heap
page read and write
752E000
heap
page read and write
4BA000
unkown
page write copy
1D2C5000
heap
page read and write
6B30000
direct allocation
page read and write
2D8F000
stack
page read and write
6B41000
heap
page read and write
4BEF000
stack
page read and write
E34000
heap
page read and write
77D3000
heap
page read and write
51FE000
stack
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
1D297000
heap
page read and write
76A000
unkown
page execute and write copy
1444000
heap
page read and write
56DE000
stack
page read and write
76AC000
heap
page read and write
6B30000
direct allocation
page read and write
3ADF000
stack
page read and write
7604000
heap
page read and write
E34000
heap
page read and write
1D2A1000
heap
page read and write
1444000
heap
page read and write
4D31000
heap
page read and write
F1E000
unkown
page execute and read and write
33C000
unkown
page execute and read and write
7A0000
direct allocation
page read and write
6C9DD000
unkown
page readonly
7523000
heap
page read and write
727000
unkown
page execute and read and write
4E41000
direct allocation
page read and write
6B41000
heap
page read and write
15BE000
heap
page read and write
6B30000
direct allocation
page read and write
4624000
heap
page read and write
7A0000
direct allocation
page read and write
E34000
heap
page read and write
75B0000
heap
page read and write
1CFCD000
stack
page read and write
77FD000
heap
page read and write
105A000
heap
page read and write
7830000
heap
page read and write
7644000
heap
page read and write
1510000
direct allocation
page read and write
47A1000
heap
page read and write
323F000
stack
page read and write
E34000
heap
page read and write
752C000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
6FD000
stack
page read and write
4621000
heap
page read and write
4621000
heap
page read and write
1D28F000
heap
page read and write
3DCF000
stack
page read and write
7250000
direct allocation
page execute and read and write
4790000
direct allocation
page read and write
1D2C8000
heap
page read and write
23312000
heap
page read and write
547D000
stack
page read and write
47A1000
heap
page read and write
4790000
direct allocation
page read and write
1444000
heap
page read and write
47B1000
heap
page read and write
4A40000
direct allocation
page read and write
E34000
heap
page read and write
47A1000
heap
page read and write
235BE000
stack
page read and write
38BE000
stack
page read and write
6C9EE000
unkown
page read and write
1444000
heap
page read and write
1D2BC000
heap
page read and write
1D2AE000
heap
page read and write
1D2B7000
heap
page read and write
6B41000
heap
page read and write
2AEC000
stack
page read and write
55DE000
stack
page read and write
1D2C8000
heap
page read and write
A60000
unkown
page read and write
A60000
unkown
page readonly
2AAF000
stack
page read and write
4621000
heap
page read and write
819000
unkown
page write copy
33CF000
stack
page read and write
3D7F000
stack
page read and write
23370000
heap
page read and write
7524000
heap
page read and write
2A4AB000
stack
page read and write
4E1E000
stack
page read and write
3A0000
heap
page read and write
3D5F000
stack
page read and write
764C000
heap
page read and write
6C9F2000
unkown
page readonly
156E000
heap
page read and write
152A000
heap
page read and write
79C0000
heap
page read and write
4941000
heap
page read and write
6B30000
direct allocation
page read and write
1444000
heap
page read and write
23958000
heap
page read and write
6FD0000
direct allocation
page read and write
3E9F000
stack
page read and write
D3A000
unkown
page execute and read and write
61EB4000
direct allocation
page read and write
427F000
stack
page read and write
1444000
heap
page read and write
7030000
trusted library allocation
page read and write
43DE000
stack
page read and write
454F000
stack
page read and write
4621000
heap
page read and write
7683000
heap
page read and write
303E000
stack
page read and write
371F000
stack
page read and write
6B41000
heap
page read and write
1444000
heap
page read and write
47A1000
heap
page read and write
15EF000
heap
page read and write
7524000
heap
page read and write
1D2A1000
heap
page read and write
4621000
heap
page read and write
9A6000
unkown
page execute and read and write
23300000
trusted library allocation
page read and write
CBE000
stack
page read and write
124F000
stack
page read and write
7523000
heap
page read and write
1D2AB000
heap
page read and write
321F000
stack
page read and write
4F30000
direct allocation
page execute and read and write
1444000
heap
page read and write
2330B000
heap
page read and write
3B8E000
stack
page read and write
752E000
heap
page read and write
157F000
heap
page read and write
490F000
stack
page read and write
4FA0000
direct allocation
page execute and read and write
1D2BC000
heap
page read and write
47CF000
stack
page read and write
47A1000
heap
page read and write
3CEF000
stack
page read and write
7839000
heap
page read and write
6B30000
direct allocation
page read and write
4A40000
direct allocation
page read and write
350F000
stack
page read and write
812000
unkown
page execute and read and write
D95000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
2B3B000
heap
page read and write
3D7000
unkown
page execute and read and write
926C000
stack
page read and write
7A0000
direct allocation
page read and write
1510000
direct allocation
page read and write
1444000
heap
page read and write
4AEB000
stack
page read and write
4FF0000
direct allocation
page execute and read and write
4621000
heap
page read and write
2395A000
heap
page read and write
4A40000
direct allocation
page read and write
1599000
heap
page read and write
30FF000
stack
page read and write
75FC000
heap
page read and write
76DB000
direct allocation
page read and write
1D29D000
heap
page read and write
335F000
stack
page read and write
4621000
heap
page read and write
1444000
heap
page read and write
4F70000
direct allocation
page execute and read and write
1444000
heap
page read and write
328F000
stack
page read and write
752D000
heap
page read and write
4621000
heap
page read and write
1D2A1000
heap
page read and write
1D287000
heap
page read and write
4621000
heap
page read and write
4A8000
unkown
page execute and read and write
28D7000
heap
page read and write
75EC000
heap
page read and write
4621000
heap
page read and write
47A1000
heap
page read and write
519E000
stack
page read and write
1444000
heap
page read and write
752E000
heap
page read and write
CA0000
heap
page read and write
1444000
heap
page read and write
47A1000
heap
page read and write
1D299000
heap
page read and write
6B41000
heap
page read and write
4DD0000
direct allocation
page execute and read and write
2B3E000
heap
page read and write
4621000
heap
page read and write
1444000
heap
page read and write
2B2E000
stack
page read and write
392F000
stack
page read and write
7250000
direct allocation
page execute and read and write
30AE000
heap
page read and write
661E000
stack
page read and write
61EB7000
direct allocation
page readonly
1444000
heap
page read and write
1D297000
heap
page read and write
D1A000
heap
page read and write
6B30000
direct allocation
page read and write
81B000
unkown
page execute and read and write
233E8000
heap
page read and write
6F80000
trusted library allocation
page read and write
1444000
heap
page read and write
1D390000
trusted library allocation
page read and write
7250000
direct allocation
page execute and read and write
2BDF000
stack
page read and write
F20000
unkown
page execute and write copy
4621000
heap
page read and write
752F000
heap
page read and write
ACD000
unkown
page execute and write copy
AB6000
unkown
page execute and read and write
1444000
heap
page read and write
9A6000
unkown
page execute and read and write
2A5BC000
stack
page read and write
6B41000
heap
page read and write
47A1000
heap
page read and write
7698000
heap
page read and write
152E000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
5A5C000
stack
page read and write
770E000
heap
page read and write
7250000
direct allocation
page execute and read and write
404F000
stack
page read and write
1444000
heap
page read and write
8D9B000
stack
page read and write
533D000
stack
page read and write
1444000
heap
page read and write
1D2AE000
heap
page read and write
7630000
heap
page read and write
76B0000
heap
page read and write
6B41000
heap
page read and write
CC0000
heap
page read and write
1D2B3000
heap
page read and write
1D2B9000
heap
page read and write
157F000
heap
page read and write
15BE000
heap
page read and write
4D31000
heap
page read and write
4621000
heap
page read and write
1D293000
heap
page read and write
1D2BC000
heap
page read and write
41EF000
stack
page read and write
377E000
stack
page read and write
3B3E000
stack
page read and write
307E000
stack
page read and write
47A1000
heap
page read and write
520000
unkown
page readonly
76D8000
heap
page read and write
4A40000
direct allocation
page read and write
468F000
stack
page read and write
1D285000
heap
page read and write
4DE0000
direct allocation
page execute and read and write
1444000
heap
page read and write
ACB000
unkown
page execute and read and write
34DE000
stack
page read and write
23330000
heap
page read and write
364F000
stack
page read and write
6B41000
heap
page read and write
4621000
heap
page read and write
DF1000
heap
page read and write
90F000
unkown
page execute and write copy
1050000
heap
page read and write
29DF000
stack
page read and write
1444000
heap
page read and write
770C000
heap
page read and write
1565000
heap
page read and write
4AB0000
direct allocation
page read and write
4621000
heap
page read and write
E34000
heap
page read and write
4C30000
direct allocation
page execute and read and write
7A0000
direct allocation
page read and write
699F000
stack
page read and write
430E000
stack
page read and write
15BE000
heap
page read and write
E34000
heap
page read and write
1444000
heap
page read and write
75A000
unkown
page execute and read and write
6690000
heap
page read and write
6B41000
heap
page read and write
1444000
heap
page read and write
1510000
direct allocation
page read and write
1445000
heap
page read and write
7642000
heap
page read and write
7523000
heap
page read and write
E34000
heap
page read and write
7524000
heap
page read and write
8EDE000
stack
page read and write
7522000
heap
page read and write
6B41000
heap
page read and write
4BE0000
trusted library allocation
page read and write
E34000
heap
page read and write
23400000
trusted library allocation
page read and write
4621000
heap
page read and write
1D2B6000
heap
page read and write
422E000
stack
page read and write
7B0000
unkown
page read and write
1D293000
heap
page read and write
E34000
heap
page read and write
4F50000
direct allocation
page execute and read and write
4D31000
heap
page read and write
4941000
heap
page read and write
76D000
stack
page read and write
F80000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
ACC000
unkown
page execute and write copy
FFE000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
4A40000
direct allocation
page read and write
1444000
heap
page read and write
47A1000
heap
page read and write
1D2C8000
heap
page read and write
1444000
heap
page read and write
3D2E000
stack
page read and write
1D2AE000
heap
page read and write
1444000
heap
page read and write
7250000
direct allocation
page execute and read and write
1444000
heap
page read and write
1598000
heap
page read and write
1D2B9000
heap
page read and write
4A40000
direct allocation
page read and write
1D2C8000
heap
page read and write
1444000
heap
page read and write
38CF000
stack
page read and write
CEB000
heap
page read and write
4621000
heap
page read and write
6C960000
unkown
page readonly
6B41000
heap
page read and write
E34000
heap
page read and write
4930000
heap
page read and write
1510000
direct allocation
page read and write
349F000
stack
page read and write
1D270000
heap
page read and write
408E000
stack
page read and write
AC9000
unkown
page write copy
1D296000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
5970000
heap
page read and write
1D293000
heap
page read and write
665E000
stack
page read and write
4C30000
direct allocation
page execute and read and write
E34000
heap
page read and write
1CE3E000
stack
page read and write
7250000
direct allocation
page execute and read and write
4621000
heap
page read and write
6B41000
heap
page read and write
D78000
heap
page read and write
327E000
stack
page read and write
76D9000
heap
page read and write
DED000
heap
page read and write
6B41000
heap
page read and write
1444000
heap
page read and write
520000
unkown
page read and write
4621000
heap
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
4D2F000
stack
page read and write
1D2BC000
heap
page read and write
4C30000
direct allocation
page execute and read and write
E34000
heap
page read and write
61ED3000
direct allocation
page read and write
4621000
heap
page read and write
E34000
heap
page read and write
7522000
heap
page read and write
6B41000
heap
page read and write
D33000
heap
page read and write
7525000
heap
page read and write
458E000
stack
page read and write
6B41000
heap
page read and write
5320000
direct allocation
page execute and read and write
6B41000
heap
page read and write
752C000
heap
page read and write
4941000
heap
page read and write
4941000
heap
page read and write
1430000
heap
page read and write
2A7000
unkown
page execute and read and write
61E01000
direct allocation
page execute read
4B11000
direct allocation
page read and write
2B37000
heap
page read and write
1D2C4000
heap
page read and write
819000
unkown
page write copy
482F000
stack
page read and write
6A9F000
stack
page read and write
E34000
heap
page read and write
55DF000
unkown
page read and write
32CE000
stack
page read and write
4621000
heap
page read and write
E34000
heap
page read and write
1444000
heap
page read and write
4DE0000
direct allocation
page read and write
7250000
direct allocation
page execute and read and write
10AE000
stack
page read and write
4F60000
direct allocation
page execute and read and write
30A7000
heap
page read and write
1CBFE000
stack
page read and write
4F60000
direct allocation
page execute and read and write
1444000
heap
page read and write
7250000
direct allocation
page execute and read and write
31AF000
stack
page read and write
4C66000
direct allocation
page read and write
E34000
heap
page read and write
1510000
direct allocation
page read and write
4CA0000
direct allocation
page execute and read and write
4621000
heap
page read and write
10AE000
stack
page read and write
4C30000
direct allocation
page read and write
47A1000
heap
page read and write
774E000
heap
page read and write
1444000
heap
page read and write
6B41000
heap
page read and write
1510000
direct allocation
page read and write
47A1000
heap
page read and write
7A0000
direct allocation
page read and write
1444000
heap
page read and write
4790000
direct allocation
page read and write
1444000
heap
page read and write
4DC0000
direct allocation
page execute and read and write
78FD000
heap
page read and write
464F000
stack
page read and write
CFB000
stack
page read and write
2E7F000
stack
page read and write
CC6000
heap
page read and write
368E000
stack
page read and write
790000
heap
page read and write
4621000
heap
page read and write
1444000
heap
page read and write
66C000
stack
page read and write
1444000
heap
page read and write
7528000
heap
page read and write
9270000
heap
page read and write
4AEE000
stack
page read and write
23300000
heap
page read and write
337F000
stack
page read and write
2B3E000
stack
page read and write
1CABE000
stack
page read and write
5350000
direct allocation
page execute and read and write
46CE000
stack
page read and write
E34000
heap
page read and write
3F6F000
stack
page read and write
4790000
direct allocation
page read and write
E34000
heap
page read and write
4941000
heap
page read and write
7703000
heap
page read and write
75CC000
heap
page read and write
40EE000
stack
page read and write
A8A000
unkown
page execute and read and write
103E000
stack
page read and write
47A1000
heap
page read and write
1445000
heap
page read and write
6B41000
heap
page read and write
3FFF000
stack
page read and write
5B5C000
stack
page read and write
8FDE000
stack
page read and write
6696000
heap
page read and write
D7C000
unkown
page execute and read and write
61ED4000
direct allocation
page readonly
77BA000
heap
page read and write
53A0000
direct allocation
page execute and read and write
787D000
heap
page read and write
15CD000
heap
page read and write
7A0000
direct allocation
page read and write
A61000
unkown
page execute and write copy
47A1000
heap
page read and write
1444000
heap
page read and write
1D2AE000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1D2A1000
heap
page read and write
47A1000
heap
page read and write
7250000
direct allocation
page execute and read and write
47A1000
heap
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
1CCFF000
stack
page read and write
752D000
heap
page read and write
75D2000
heap
page read and write
76E9000
heap
page read and write
3084000
heap
page read and write
D10000
heap
page read and write
1CF8F000
stack
page read and write
5360000
direct allocation
page execute and read and write
2D5E000
stack
page read and write
7220000
direct allocation
page execute and read and write
3EBF000
stack
page read and write
45EE000
stack
page read and write
7524000
heap
page read and write
916B000
stack
page read and write
45AF000
stack
page read and write
47A1000
heap
page read and write
1D296000
heap
page read and write
5380000
direct allocation
page execute and read and write
171F000
stack
page read and write
4C10000
direct allocation
page execute and read and write
7897000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
37EF000
stack
page read and write
236D5000
heap
page read and write
1444000
heap
page read and write
47A1000
heap
page read and write
4621000
heap
page read and write
4910000
heap
page read and write
4790000
direct allocation
page read and write
5211000
direct allocation
page read and write
4F60000
direct allocation
page execute and read and write
29AE000
stack
page read and write
4621000
heap
page read and write
23400000
trusted library allocation
page read and write
6B41000
heap
page read and write
6B41000
heap
page read and write
7582000
direct allocation
page read and write
478F000
stack
page read and write
3F4E000
stack
page read and write
1510000
direct allocation
page read and write
557C000
stack
page read and write
1444000
heap
page read and write
4F80000
direct allocation
page execute and read and write
ACC000
unkown
page execute and read and write
3AFF000
stack
page read and write
90E000
unkown
page execute and read and write
3E5000
heap
page read and write
53B0000
direct allocation
page execute and read and write
1CD3E000
stack
page read and write
E34000
heap
page read and write
18C8000
heap
page read and write
2C3F000
stack
page read and write
53FE000
unkown
page read and write
36EE000
stack
page read and write
79CE000
heap
page read and write
47A1000
heap
page read and write
81B000
unkown
page execute and read and write
5340000
direct allocation
page execute and read and write
1444000
heap
page read and write
6B41000
heap
page read and write
4621000
heap
page read and write
4621000
heap
page read and write
47A1000
heap
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
7677000
heap
page read and write
150E000
stack
page read and write
47A1000
heap
page read and write
14CC000
stack
page read and write
4621000
heap
page read and write
140E000
stack
page read and write
1550000
heap
page read and write
1444000
heap
page read and write
2E5F000
stack
page read and write
4CB0000
direct allocation
page execute and read and write
6B41000
heap
page read and write
382E000
stack
page read and write
340E000
stack
page read and write
4621000
heap
page read and write
C70000
unkown
page execute and write copy
6B41000
heap
page read and write
1D2A1000
heap
page read and write
304E000
stack
page read and write
7250000
direct allocation
page execute and read and write
1444000
heap
page read and write
4A9C000
stack
page read and write
E10000
heap
page read and write
1D2BC000
heap
page read and write
7A0000
direct allocation
page read and write
1D2A0000
heap
page read and write
752B000
heap
page read and write
7523000
heap
page read and write
6695000
heap
page read and write
4AB0000
direct allocation
page read and write
C6E000
unkown
page execute and read and write
1444000
heap
page read and write
2FBF000
stack
page read and write
6B41000
heap
page read and write
1444000
heap
page read and write
3D9E000
stack
page read and write
4621000
heap
page read and write
318E000
stack
page read and write
1D2A1000
heap
page read and write
1D2BC000
heap
page read and write
C56000
unkown
page execute and read and write
7250000
direct allocation
page execute and read and write
413F000
stack
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
1444000
heap
page read and write
1444000
heap
page read and write
429E000
stack
page read and write
761A000
heap
page read and write
1D2A1000
heap
page read and write
15E0000
heap
page read and write
E34000
heap
page read and write
D65000
heap
page read and write
7524000
heap
page read and write
461F000
stack
page read and write
6B41000
heap
page read and write
47A1000
heap
page read and write
8E9C000
stack
page read and write
1445000
heap
page read and write
1444000
heap
page read and write
4C2E000
stack
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
28CE000
stack
page read and write
47A1000
heap
page read and write
1444000
heap
page read and write
7524000
heap
page read and write
1609000
heap
page read and write
4980000
heap
page read and write
76F4000
heap
page read and write
6B41000
heap
page read and write
7250000
direct allocation
page execute and read and write
3BEE000
stack
page read and write
15E9000
heap
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
39BF000
stack
page read and write
1444000
heap
page read and write
1D0CD000
stack
page read and write
7B1000
unkown
page execute and write copy
6B41000
heap
page read and write
47A1000
heap
page read and write
9AC000
stack
page read and write
4C70000
direct allocation
page execute and read and write
1444000
heap
page read and write
1D2B3000
heap
page read and write
439F000
stack
page read and write
7618000
heap
page read and write
1444000
heap
page read and write
1D2A1000
heap
page read and write
4790000
direct allocation
page read and write
1D2C2000
heap
page read and write
1D2AE000
heap
page read and write
47A1000
heap
page read and write
F6D000
stack
page read and write
47A1000
heap
page read and write
4C00000
direct allocation
page execute and read and write
4620000
heap
page read and write
ABD000
unkown
page execute and read and write
6B30000
direct allocation
page read and write
75E6000
heap
page read and write
28DB000
heap
page read and write
47A1000
heap
page read and write
1D289000
heap
page read and write
521000
unkown
page execute and read and write
1D2A1000
heap
page read and write
7A0000
direct allocation
page read and write
AC9000
unkown
page write copy
1444000
heap
page read and write
1D287000
heap
page read and write
D1E000
heap
page read and write
23310000
heap
page read and write
752F000
heap
page read and write
760D000
heap
page read and write
752A000
heap
page read and write
288C000
stack
page read and write
2C1E000
stack
page read and write
C6E000
unkown
page execute and read and write
DB8000
heap
page read and write
6CBE0000
unkown
page read and write
1444000
heap
page read and write
1607000
heap
page read and write
1D297000
heap
page read and write
2F4000
unkown
page execute and read and write
1CBBF000
stack
page read and write
354E000
stack
page read and write
390E000
stack
page read and write
4F1F000
stack
page read and write
1444000
heap
page read and write
4BEF000
stack
page read and write
6CBE5000
unkown
page readonly
1444000
heap
page read and write
2DCE000
stack
page read and write
4C50000
direct allocation
page execute and read and write
765D000
heap
page read and write
2FFE000
stack
page read and write
47A1000
heap
page read and write
4621000
heap
page read and write
496F000
stack
page read and write
752D000
heap
page read and write
6B41000
heap
page read and write
2D7E000
stack
page read and write
47A1000
heap
page read and write
2346E000
stack
page read and write
76B1000
heap
page read and write
4621000
heap
page read and write
6CA01000
unkown
page execute read
6B41000
heap
page read and write
1444000
heap
page read and write
4CC0000
direct allocation
page execute and read and write
4621000
heap
page read and write
2356D000
stack
page read and write
1444000
heap
page read and write
4720000
trusted library allocation
page read and write
33C000
stack
page read and write
1445000
heap
page read and write
41CE000
stack
page read and write
1444000
heap
page read and write
4C30000
direct allocation
page execute and read and write
7250000
direct allocation
page execute and read and write
4621000
heap
page read and write
47A1000
heap
page read and write
4940000
heap
page read and write
47A1000
heap
page read and write
451E000
stack
page read and write
1444000
heap
page read and write
64A000
unkown
page execute and read and write
7526000
heap
page read and write
D24000
heap
page read and write
4621000
heap
page read and write
78CF000
heap
page read and write
E34000
heap
page read and write
4D7F000
stack
page read and write
1444000
heap
page read and write
23318000
heap
page read and write
3E0000
heap
page read and write
23300000
trusted library allocation
page read and write
5300000
direct allocation
page execute and read and write
1444000
heap
page read and write
30DF000
stack
page read and write
1444000
heap
page read and write
9291000
heap
page read and write
15DE000
heap
page read and write
387F000
stack
page read and write
3B4F000
stack
page read and write
65DE000
stack
page read and write
7527000
heap
page read and write
4790000
direct allocation
page read and write
4621000
heap
page read and write
D28000
heap
page read and write
4A40000
direct allocation
page read and write
7A0000
direct allocation
page read and write
1510000
direct allocation
page read and write
75D7000
heap
page read and write
6B41000
heap
page read and write
6C961000
unkown
page execute read
3090000
direct allocation
page read and write
3BAF000
stack
page read and write
4790000
direct allocation
page read and write
15E6000
heap
page read and write
47A1000
heap
page read and write
6B41000
heap
page read and write
4621000
heap
page read and write
E20000
heap
page read and write
1D2AB000
heap
page read and write
7B0000
unkown
page read and write
4790000
direct allocation
page read and write
E34000
heap
page read and write
15A7000
heap
page read and write
ABD000
unkown
page execute and read and write
9295000
heap
page read and write
2EBE000
stack
page read and write
1445000
heap
page read and write
425F000
stack
page read and write
52EF000
stack
page read and write
1D2AE000
heap
page read and write
76DD000
heap
page read and write
4D31000
heap
page read and write
F90000
heap
page read and write
C70000
unkown
page execute and write copy
1444000
heap
page read and write
396E000
stack
page read and write
73E000
stack
page read and write
6B41000
heap
page read and write
5000000
direct allocation
page execute and read and write
AB6000
unkown
page execute and read and write
5320000
direct allocation
page execute and read and write
1D2C4000
heap
page read and write
325E000
stack
page read and write
6B30000
direct allocation
page read and write
3F0F000
stack
page read and write
61ECD000
direct allocation
page readonly
35AF000
stack
page read and write
2C3F000
stack
page read and write
1444000
heap
page read and write
7837000
heap
page read and write
7528000
heap
page read and write
1444000
heap
page read and write
79D0000
heap
page read and write
1444000
heap
page read and write
4C60000
direct allocation
page execute and read and write
1444000
heap
page read and write
1444000
heap
page read and write
812000
unkown
page execute and read and write
30A0000
heap
page read and write
385F000
stack
page read and write
7A0000
direct allocation
page read and write
47A1000
heap
page read and write
47A1000
heap
page read and write
1444000
heap
page read and write
4A40000
direct allocation
page read and write
1444000
heap
page read and write
11AF000
stack
page read and write
1607000
heap
page read and write
4621000
heap
page read and write
311E000
stack
page read and write
1D2AE000
heap
page read and write
6B41000
heap
page read and write
339E000
stack
page read and write
23350000
heap
page read and write
E34000
heap
page read and write
49AE000
stack
page read and write
15EA000
heap
page read and write
D59000
heap
page read and write
2B30000
heap
page read and write
2C87000
heap
page read and write
1444000
heap
page read and write
7A0000
direct allocation
page read and write
1D2B7000
heap
page read and write
3C7E000
stack
page read and write
AC2000
unkown
page execute and read and write
509E000
stack
page read and write
E34000
heap
page read and write
7250000
direct allocation
page execute and read and write
411F000
stack
page read and write
1D2A1000
heap
page read and write
1D285000
heap
page read and write
15BE000
heap
page read and write
6B30000
direct allocation
page read and write
23962000
heap
page read and write
7B0000
unkown
page readonly
472E000
stack
page read and write
1444000
heap
page read and write
4C7B000
stack
page read and write
E34000
heap
page read and write
1D2AE000
heap
page read and write
4621000
heap
page read and write
15EE000
heap
page read and write
4621000
heap
page read and write
3C1F000
stack
page read and write
32AF000
stack
page read and write
52FF000
stack
page read and write
61ECC000
direct allocation
page read and write
4640000
heap
page read and write
1D2AE000
heap
page read and write
2ADF000
stack
page read and write
4621000
heap
page read and write
1D2BC000
heap
page read and write
2C80000
heap
page read and write
4790000
direct allocation
page read and write
4621000
heap
page read and write
2FDE000
stack
page read and write
2ECF000
stack
page read and write
4A40000
trusted library allocation
page read and write
1510000
direct allocation
page read and write
6B41000
heap
page read and write
47A1000
heap
page read and write
4D90000
direct allocation
page execute and read and write
6B41000
heap
page read and write
1444000
heap
page read and write
4F60000
direct allocation
page execute and read and write
4F5E000
stack
page read and write
4F1F000
stack
page read and write
4621000
heap
page read and write
2F9F000
stack
page read and write
1444000
heap
page read and write
47A1000
heap
page read and write
E34000
heap
page read and write
1444000
heap
page read and write
753000
unkown
page execute and read and write
E34000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
2F0E000
stack
page read and write
4D30000
heap
page read and write
769000
unkown
page execute and read and write
454E000
stack
page read and write
15CD000
heap
page read and write
6B41000
heap
page read and write
3EFE000
stack
page read and write
3FDF000
stack
page read and write
1D297000
heap
page read and write
5390000
direct allocation
page execute and read and write
E34000
heap
page read and write
1D297000
heap
page read and write
236C0000
heap
page read and write
1D272000
heap
page read and write
4D90000
heap
page read and write
44DF000
stack
page read and write
7250000
direct allocation
page execute and read and write
1444000
heap
page read and write
47A1000
heap
page read and write
7526000
heap
page read and write
1D2B3000
heap
page read and write
4DE0000
direct allocation
page read and write
1510000
direct allocation
page read and write
2D1F000
stack
page read and write
1444000
heap
page read and write
D7C000
unkown
page execute and write copy
4621000
heap
page read and write
1444000
heap
page read and write
4621000
heap
page read and write
440F000
stack
page read and write
784B000
heap
page read and write
E34000
heap
page read and write
4621000
heap
page read and write
51EE000
stack
page read and write
768D000
heap
page read and write
1444000
heap
page read and write
47C0000
heap
page read and write
5310000
direct allocation
page execute and read and write
37CE000
stack
page read and write
270000
unkown
page read and write
1444000
heap
page read and write
47A0000
heap
page read and write
7250000
direct allocation
page execute and read and write
4FD0000
direct allocation
page execute and read and write
6B41000
heap
page read and write
1444000
heap
page read and write
6B41000
heap
page read and write
6B41000
heap
page read and write
7240000
direct allocation
page execute and read and write
1444000
heap
page read and write
3A4E000
stack
page read and write
1D299000
heap
page read and write
E34000
heap
page read and write
76B4000
heap
page read and write
CB0000
heap
page read and write
5330000
direct allocation
page execute and read and write
E34000
heap
page read and write
47A1000
heap
page read and write
15E7000
heap
page read and write
1444000
heap
page read and write
2C7E000
stack
page read and write
1444000
heap
page read and write
42CF000
stack
page read and write
6B30000
direct allocation
page read and write
7686000
heap
page read and write
4A40000
direct allocation
page read and write
47A1000
heap
page read and write
1D2BC000
heap
page read and write
52F0000
direct allocation
page execute and read and write
3C8F000
stack
page read and write
A8A000
unkown
page execute and read and write
1444000
heap
page read and write
1444000
heap
page read and write
33BE000
stack
page read and write
1D2BC000
heap
page read and write
4DC0000
direct allocation
page execute and read and write
1D2C2000
heap
page read and write
4621000
heap
page read and write
134F000
stack
page read and write
767F000
heap
page read and write
4DB0000
direct allocation
page execute and read and write
1444000
heap
page read and write
6B41000
heap
page read and write
769000
unkown
page execute and write copy
1D2A1000
heap
page read and write
4A40000
direct allocation
page read and write
7A0000
direct allocation
page read and write
4C30000
direct allocation
page execute and read and write
3CCE000
stack
page read and write
6B30000
direct allocation
page read and write
4A40000
direct allocation
page read and write
1510000
direct allocation
page read and write
4A40000
direct allocation
page read and write
1444000
heap
page read and write
3C3F000
stack
page read and write
6B41000
heap
page read and write
7526000
heap
page read and write
4621000
heap
page read and write
47A1000
heap
page read and write
1D2A1000
heap
page read and write
47A1000
heap
page read and write
4FC0000
direct allocation
page execute and read and write
1D2A1000
heap
page read and write
1444000
heap
page read and write
47A1000
heap
page read and write
4C90000
direct allocation
page execute and read and write
6B30000
direct allocation
page read and write
1D2AE000
heap
page read and write
361E000
stack
page read and write
6CA00000
unkown
page readonly
E30000
heap
page read and write
23960000
heap
page read and write
1444000
heap
page read and write
6B41000
heap
page read and write
415E000
stack
page read and write
1D2AE000
heap
page read and write
46EF000
stack
page read and write
7529000
heap
page read and write
1D299000
heap
page read and write
3D0000
heap
page read and write
E34000
heap
page read and write
75CB000
heap
page read and write
6CBDE000
unkown
page read and write
4F40000
direct allocation
page execute and read and write
7B1000
unkown
page execute and write copy
4BA000
unkown
page read and write
1510000
direct allocation
page read and write
1D2AE000
heap
page read and write
1444000
heap
page read and write
3080000
heap
page read and write
7523000
heap
page read and write
418F000
stack
page read and write
There are 1290 hidden memdumps, click here to show them.