IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\rh[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008496001\rh.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsFHJDBKJKFI.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AKJDGDGDHDGDBFIDHDBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\CAEHDBAA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\CBAKJKJJJECFIEBFHIEGHJDAFI
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\DGHCBAAEHCFIDGDHJEHC
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\FIIEGDBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JDGCFBAFBFHJEBGCAEGH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\KJDGIJECFIEBFIDHCGHDHIEBAK
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1ef2f9c0-cd6d-4d7a-b3c6-e695d2fae668.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\28f39bf8-4d52-4486-8e8d-20c7ed00db3a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\305b63d2-f906-42da-bccf-bf4f29129b98.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3570f19e-d0ce-4848-b765-07ae252ef16b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4d96c1c6-81f2-4a96-bea1-c2c589b86a0d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8b393e62-064c-4004-8397-c4877a9e916b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\328c1761-2ea4-41da-aa23-0150cbc635e6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67422479-1B14.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0a9e2df4-b701-4699-b7fd-48c6ac795119.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0c5eebf2-d322-44d5-becf-4788b060daed.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\21f9c6f5-0c44-4917-881a-b888346b9351.tmp
Unicode text, UTF-8 text, with very long lines (17565), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\284d97fd-e320-489d-a45a-2af16b190232.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\35462cf0-df6f-439e-9596-c46067a4bca8.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3fddcb35-c94e-4090-8497-ed80f94c09f6.tmp
Unicode text, UTF-8 text, with very long lines (17565), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\53227088-e1eb-4b4e-87b7-3f0e0601f269.tmp
Unicode text, UTF-8 text, with very long lines (16622), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6a80ad81-1983-49a8-8133-daf643e89bd0.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\86f961c0-8120-470b-9d9b-cafd4316d5bc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9a8ef021-e66d-46bf-8455-646e9459d3c2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0bb6ac93-089a-4a4d-8c23-39823bf131e2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0d4a549c-1489-4f08-9f5c-46f9fd26ed3b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1cf247b3-1ca6-451a-97f4-1986fa771ac4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4b23e3eb-7f01-495b-8013-853f0b64bb3c.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3dec8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3f667.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ba252ab8-4d82-4b7c-a5cf-e2d850f051a7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF42910.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF457d1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF48b83.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4df60.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF41d77.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF46a30.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF47309.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376861564348068
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\408b456a-fc0b-4da1-bf6c-c1efd78272c0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\60d89e7a-c3e4-406c-be0f-626e615180df.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3f667.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a8cd2607-6438-4837-8827-0d0e6e06b20e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a48f6f24-4e40-43c2-b233-ea166751b5f8.tmp
Unicode text, UTF-8 text, with very long lines (17400), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ca56.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ca65.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ceda.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f51f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF44dde.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4dee3.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF54108.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b30b6d39-0d6b-400f-ba2e-3dc060ac223d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ba1ea560-36e0-441b-9b93-18612db88e62.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\2bf87399-ecb2-4427-8c09-357506cb3a13.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\5297dcad-4d4d-4705-9e96-92ef62fcffa1.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\666cd620-a1ea-41a1-bc6f-eaa389f83c7e.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\9d76fee9-0987-4e7d-99ff-ebc623fd6095.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\ade709bc-e9c4-4ed2-a969-50f74aae7b83.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\debb46f2-adca-4b48-a52f-7ac6fd9a1c7d.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\e67df80f-021b-47c6-970c-b354d88ad964.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_1772472923\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_1772472923\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_1772472923\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_1772472923\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_1772472923\e67df80f-021b-47c6-970c-b354d88ad964.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6932_55941686\debb46f2-adca-4b48-a52f-7ac6fd9a1c7d.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 521
ASCII text, with very long lines (807)
downloaded
Chrome Cache Entry: 522
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 523
ASCII text
downloaded
Chrome Cache Entry: 524
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 525
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 526
SVG Scalable Vector Graphics image
downloaded
There are 279 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2824 --field-trial-handle=2776,i,10771132185117842424,4452386678917931713,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2220,i,17669870476821069415,9819844109615631793,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2876 --field-trial-handle=2712,i,12915953373348848584,16807963603474999912,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6556 --field-trial-handle=2712,i,12915953373348848584,16807963603474999912,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6716 --field-trial-handle=2712,i,12915953373348848584,16807963603474999912,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2712,i,12915953373348848584,16807963603474999912,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7236 --field-trial-handle=2712,i,12915953373348848584,16807963603474999912,262144 /prefetch:8
malicious
C:\Users\user\DocumentsFHJDBKJKFI.exe
"C:\Users\user\DocumentsFHJDBKJKFI.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6768 --field-trial-handle=2712,i,12915953373348848584,16807963603474999912,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1008496001\rh.exe
"C:\Users\user\AppData\Local\Temp\1008496001\rh.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsFHJDBKJKFI.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
http://31.41.244.11/files/random.exe50623
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://31.41.244.11/files/random.exe6
unknown
http://185.215.113.43/Zu7JuNko/index.phpnu
unknown
https://sb.scorecardresearch.com/
unknown
https://deff.nelreports.net/api/report
unknown
http://31.41.244.11/files/random.exe3
unknown
http://31.41.244.11/files/random.exe1
unknown
https://docs.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpBKJKFI.exeata;
unknown
http://31.41.244.11/files/random.exe/
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://deff.nelreports.net/api/report?cat=msnw
unknown
http://31.41.244.11/files/random.exeurlencodedlnZbl
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll&
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
172.217.21.36
https://sb.scorecardresearch.com/b2?rn=1732387979692&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18FD64FFA0C2612823B171BFA1EB6042&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.155.1.8
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732387988070&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.24
http://185.215.113.206/c4becf79229cb002.phpY$I
unknown
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732387986523&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.24
http://31.41.244.11/files/random.exe3b31:
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
http://185.215.113.206/c4becf79229cb002.phpSY
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732387987522&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.24
http://185.215.113.206/68b591d6548ec281/msvcp140.dllt
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php1
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dlle
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://sb.scorecardresearch.com/b?rn=1732387979692&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=18FD64FFA0C2612823B171BFA1EB6042&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.155.1.8
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
http://31.41.244.11/files/rh.exeafc8506238476
unknown
https://msn.comXIDv10
unknown
http://31.41.244.11/files/random.exe
unknown
https://chrome.google.com/webstore/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239381854852_1C494UCJY4KXHZI51&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://unitedstates2.ss.wd.microsoft.us/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllZ
unknown
https://assets.msn.cn/resolver/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
http://31.41.244.11/files/random.exe1008496001
unknown
http://185.215.113.206/c4becf79229cb002.phpu$u
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://c.msn.com/c.gif?rnd=1732387979691&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c8e70ccf516a4388882ced3cf769c1c7&activityId=c8e70ccf516a4388882ced3cf769c1c7&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.110.205.119
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
142.250.181.65
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://ntp.msn.com
unknown
http://185.215.113.206/c4becf79229cb002.phpx
unknown
http://31.41.244.11/files/random.exe1008497001
unknown
https://browser.events.data.msn.cn/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dlln
unknown
https://drive-staging.corp.google.com/
unknown
http://31.41.244.11/files/rh.exe
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
https://apis.google.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732387986520&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.24
http://185.215.113.43/Zu7JuNko/index.php-
unknown
http://185.215.113.206/J
unknown
https://ntp.msn.com/
unknown
http://www.sqlite.org/copyright.html.
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
fg.microsoft.map.fastly.net
199.232.214.172
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
172.217.17.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.245.60.72
www.google.com
172.217.21.36
s-part-0035.t-0009.t-msedge.net
13.107.246.63
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
84.201.211.23
googlehosted.l.googleusercontent.com
142.250.181.65
sni1gl.wpc.nucdn.net
152.199.21.175
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
18.245.60.72
sb.scorecardresearch.com
United States
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
13.107.246.40
unknown
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
172.217.21.36
www.google.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
23.55.235.251
unknown
United States
142.250.181.65
googlehosted.l.googleusercontent.com
United States
23.209.72.36
unknown
United States
172.64.41.3
unknown
United States
31.41.244.11
unknown
Russian Federation
23.57.90.169
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
18.155.1.8
unknown
United States
23.57.90.141
unknown
United States
185.215.113.16
unknown
Portugal
20.189.173.24
unknown
United States
239.255.255.250
unknown
Reserved
20.96.153.111
unknown
United States
104.117.182.56
unknown
United States
127.0.0.1
unknown
unknown
There are 15 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197686
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197686
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197686
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197686
WindowTabManagerFileMappingId
There are 145 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4C70000
direct allocation
page read and write
 malicious
441000
unkown
page execute and read and write
 malicious
D31000
unkown
page execute and read and write
 malicious
4E00000
direct allocation
page read and write
 malicious
101000
unkown
page execute and read and write
 malicious
4D60000
direct allocation
page read and write
 malicious
101000
unkown
page execute and read and write
 malicious
10CE000
heap
page read and write
 malicious
50E0000
direct allocation
page read and write
 malicious
5150000
direct allocation
page read and write
 malicious
101000
unkown
page execute and read and write
 malicious
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
4981000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
4E10000
direct allocation
page execute and read and write
427000
unkown
page execute and write copy
3BFE000
stack
page read and write
4C51000
heap
page read and write
DE0000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
1D572000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
2AC0000
direct allocation
page execute and read and write
AC2000
heap
page read and write
3D7E000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
D30000
unkown
page readonly
984000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
930000
unkown
page execute and write copy
4C51000
heap
page read and write
984000
heap
page read and write
497F000
stack
page read and write
591F000
stack
page read and write
984000
heap
page read and write
3AAF000
stack
page read and write
1D542000
heap
page read and write
2EAF000
stack
page read and write
4C51000
heap
page read and write
1D55C000
heap
page read and write
A90000
heap
page read and write
984000
heap
page read and write
1D55B000
heap
page read and write
456E000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
237F6000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
3FEE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4F90000
direct allocation
page execute and read and write
169000
unkown
page write copy
985000
heap
page read and write
42ED000
stack
page read and write
4CC1000
heap
page read and write
10A0000
direct allocation
page read and write
402F000
stack
page read and write
984000
heap
page read and write
316F000
stack
page read and write
F94000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
4D00000
direct allocation
page read and write
3F2E000
stack
page read and write
2E7B000
heap
page read and write
9FE000
heap
page read and write
34EF000
stack
page read and write
4981000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
2C20000
direct allocation
page read and write
4981000
heap
page read and write
4B3E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
440000
unkown
page readonly
984000
heap
page read and write
1113000
heap
page read and write
F94000
heap
page read and write
4DF0000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
4DF0000
direct allocation
page execute and read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D580000
heap
page read and write
61E00000
direct allocation
page execute and read and write
984000
heap
page read and write
1D55E000
heap
page read and write
984000
heap
page read and write
3A7F000
stack
page read and write
985000
heap
page read and write
9D0000
direct allocation
page read and write
73B0000
heap
page read and write
4981000
heap
page read and write
379E000
stack
page read and write
326F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
4C40000
direct allocation
page read and write
985000
heap
page read and write
984000
heap
page read and write
AD8000
heap
page read and write
44AF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
5BAD000
stack
page read and write
985000
heap
page read and write
2E9F000
stack
page read and write
DE0000
direct allocation
page read and write
4CB0000
direct allocation
page read and write
237F6000
heap
page read and write
33AF000
stack
page read and write
4CC1000
heap
page read and write
984000
heap
page read and write
47D1000
heap
page read and write
984000
heap
page read and write
1265000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
1D55B000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4ED0000
direct allocation
page execute and read and write
985000
heap
page read and write
984000
heap
page read and write
64BF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
10A0000
direct allocation
page read and write
984000
heap
page read and write
38AF000
stack
page read and write
101000
unkown
page execute and write copy
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
10A0000
direct allocation
page read and write
486F000
stack
page read and write
1D572000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
236E4000
heap
page read and write
477000
unkown
page execute and read and write
1D55C000
heap
page read and write
984000
heap
page read and write
116F000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3E0000
unkown
page execute and read and write
984000
heap
page read and write
4981000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
8B5E000
stack
page read and write
6620000
heap
page read and write
2C10000
direct allocation
page read and write
984000
heap
page read and write
5141000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3FBF000
stack
page read and write
4C51000
heap
page read and write
336E000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D55F000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
1D55D000
heap
page read and write
1D565000
heap
page read and write
984000
heap
page read and write
2AC0000
direct allocation
page execute and read and write
3BEF000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
3A2E000
stack
page read and write
1297000
heap
page read and write
38EE000
stack
page read and write
984000
heap
page read and write
4F30000
direct allocation
page execute and read and write
528F000
stack
page read and write
AC0000
heap
page read and write
984000
heap
page read and write
678000
unkown
page execute and read and write
5280000
direct allocation
page execute and read and write
984000
heap
page read and write
30BE000
stack
page read and write
984000
heap
page read and write
12AF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
D80000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
39DF000
stack
page read and write
ABE000
heap
page read and write
984000
heap
page read and write
1D2DD000
stack
page read and write
41AE000
stack
page read and write
315E000
stack
page read and write
984000
heap
page read and write
5CA000
unkown
page execute and read and write
984000
heap
page read and write
CAD000
unkown
page execute and write copy
984000
heap
page read and write
984000
heap
page read and write
2C0E000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
596E000
stack
page read and write
61B0000
heap
page read and write
1D565000
heap
page read and write
984000
heap
page read and write
469E000
stack
page read and write
1D55C000
heap
page read and write
984000
heap
page read and write
3D2F000
stack
page read and write
61ED0000
direct allocation
page read and write
984000
heap
page read and write
AAE000
heap
page read and write
12B8000
heap
page read and write
1D565000
heap
page read and write
985000
heap
page read and write
985000
heap
page read and write
1D572000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
AB7000
heap
page read and write
984000
heap
page read and write
AB0000
heap
page read and write
1D580000
heap
page read and write
3DAF000
stack
page read and write
61ECC000
direct allocation
page read and write
984000
heap
page read and write
43BE000
stack
page read and write
2D9E000
stack
page read and write
361F000
stack
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
5350000
direct allocation
page execute and read and write
4E40000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
1D19D000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4F70000
direct allocation
page execute and read and write
985000
heap
page read and write
3B2F000
stack
page read and write
48EF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
333E000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1057000
unkown
page execute and write copy
339F000
stack
page read and write
985000
heap
page read and write
33DE000
stack
page read and write
DE0000
direct allocation
page read and write
5F30000
heap
page read and write
6C930000
unkown
page readonly
678B000
stack
page read and write
1D54B000
heap
page read and write
3D9F000
stack
page read and write
984000
heap
page read and write
8A1C000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
A8C000
heap
page read and write
4C70000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
40E000
unkown
page execute and read and write
984000
heap
page read and write
463E000
stack
page read and write
396F000
stack
page read and write
30BF000
stack
page read and write
F94000
heap
page read and write
984000
heap
page read and write
52A0000
direct allocation
page execute and read and write
984000
heap
page read and write
985000
heap
page read and write
1D572000
heap
page read and write
F94000
heap
page read and write
12BC000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
5AAE000
stack
page read and write
4980000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
E4A000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
914000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
F30000
heap
page read and write
984000
heap
page read and write
477E000
stack
page read and write
402E000
stack
page read and write
4C51000
heap
page read and write
43AE000
stack
page read and write
162000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
2DAF000
stack
page read and write
984000
heap
page read and write
4981000
heap
page read and write
2C10000
direct allocation
page read and write
1D3DD000
stack
page read and write
984000
heap
page read and write
3A1E000
stack
page read and write
4C51000
heap
page read and write
4CB0000
direct allocation
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
357F000
stack
page read and write
473E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
441000
unkown
page execute and write copy
26E000
unkown
page execute and read and write
984000
heap
page read and write
4C51000
heap
page read and write
47AF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
BD0000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
413E000
stack
page read and write
984000
heap
page read and write
100000
unkown
page readonly
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
10A0000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C70000
direct allocation
page read and write
44BE000
stack
page read and write
984000
heap
page read and write
301E000
stack
page read and write
984000
heap
page read and write
3ABF000
stack
page read and write
426000
unkown
page execute and write copy
4981000
heap
page read and write
985000
heap
page read and write
236F9000
heap
page read and write
3DAF000
stack
page read and write
984000
heap
page read and write
D99000
unkown
page write copy
4C40000
direct allocation
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
5260000
direct allocation
page execute and read and write
984000
heap
page read and write
14FE000
stack
page read and write
3D3F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
48E1000
heap
page read and write
4871000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
688C000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4CAF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D572000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
4A6E000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
4D00000
direct allocation
page read and write
1240000
heap
page read and write
A4E000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
487E000
stack
page read and write
2AA0000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4E36000
direct allocation
page read and write
F94000
heap
page read and write
F4E000
stack
page read and write
984000
heap
page read and write
32FF000
stack
page read and write
984000
heap
page read and write
362F000
stack
page read and write
3C6F000
stack
page read and write
442E000
stack
page read and write
2C10000
direct allocation
page read and write
DF0000
heap
page read and write
306F000
stack
page read and write
52C0000
direct allocation
page execute and read and write
985000
heap
page read and write
11FB000
heap
page read and write
23671000
heap
page read and write
61ECD000
direct allocation
page readonly
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
40FE000
stack
page read and write
8A5E000
stack
page read and write
1D559000
heap
page read and write
472F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
35EE000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
1D572000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
397E000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
2B8F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
2F7E000
stack
page read and write
236D3000
heap
page read and write
373E000
stack
page read and write
49FE000
stack
page read and write
4C40000
direct allocation
page read and write
984000
heap
page read and write
2EEE000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
462E000
stack
page read and write
985000
heap
page read and write
4E3C000
stack
page read and write
128F000
heap
page read and write
1D572000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4CD1000
direct allocation
page read and write
984000
heap
page read and write
5260000
direct allocation
page execute and read and write
4E90000
direct allocation
page execute and read and write
985000
heap
page read and write
984000
heap
page read and write
36EF000
stack
page read and write
5CC000
unkown
page execute and write copy
984000
heap
page read and write
1D542000
heap
page read and write
F8E000
stack
page read and write
F94000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
382F000
stack
page read and write
4C40000
direct allocation
page read and write
914000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
351E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4EA0000
direct allocation
page execute and read and write
4C51000
heap
page read and write
2A44C000
stack
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
1D565000
heap
page read and write
1D6A0000
trusted library allocation
page read and write
984000
heap
page read and write
1D55D000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
429F000
stack
page read and write
F94000
heap
page read and write
2AC0000
direct allocation
page execute and read and write
5BB000
stack
page read and write
984000
heap
page read and write
473F000
stack
page read and write
AD8000
heap
page read and write
985000
heap
page read and write
1CECE000
stack
page read and write
984000
heap
page read and write
32AE000
stack
page read and write
F94000
heap
page read and write
1D54B000
heap
page read and write
3FFE000
stack
page read and write
984000
heap
page read and write
4CB0000
direct allocation
page read and write
D10000
direct allocation
page read and write
2AC0000
direct allocation
page execute and read and write
9CC000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
479F000
stack
page read and write
984000
heap
page read and write
1CDCD000
stack
page read and write
984000
heap
page read and write
F90000
heap
page read and write
4CB0000
direct allocation
page read and write
5340000
direct allocation
page execute and read and write
984000
heap
page read and write
23630000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
2BCE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D565000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
422F000
stack
page read and write
466F000
stack
page read and write
D85000
heap
page read and write
30FE000
stack
page read and write
44BF000
stack
page read and write
984000
heap
page read and write
48E1000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
31BF000
stack
page read and write
4DC0000
direct allocation
page execute and read and write
9D0000
direct allocation
page read and write
984000
heap
page read and write
61EB4000
direct allocation
page read and write
984000
heap
page read and write
985000
heap
page read and write
52B0000
direct allocation
page execute and read and write
2A34C000
stack
page read and write
984000
heap
page read and write
4CB0000
direct allocation
page read and write
4C40000
direct allocation
page read and write
984000
heap
page read and write
9D0000
direct allocation
page read and write
31FF000
stack
page read and write
4981000
heap
page read and write
52D0000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
10A0000
direct allocation
page read and write
554F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D55C000
heap
page read and write
4CB0000
direct allocation
page read and write
455E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D55D000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
406E000
stack
page read and write
4DD0000
direct allocation
page execute and read and write
376F000
stack
page read and write
985000
heap
page read and write
F94000
heap
page read and write
1D565000
heap
page read and write
984000
heap
page read and write
10C0000
heap
page read and write
3B2F000
stack
page read and write
985000
heap
page read and write
362F000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
42DE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
451F000
stack
page read and write
1D572000
heap
page read and write
4981000
heap
page read and write
920000
heap
page read and write
5150000
direct allocation
page read and write
128C000
heap
page read and write
984000
heap
page read and write
4CB0000
direct allocation
page read and write
47D1000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
914000
heap
page read and write
1D565000
heap
page read and write
3DED000
stack
page read and write
984000
heap
page read and write
4981000
heap
page read and write
10A0000
direct allocation
page read and write
F94000
heap
page read and write
426000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
49A0000
heap
page read and write
52D0000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
11FC000
unkown
page execute and write copy
984000
heap
page read and write
436F000
stack
page read and write
4F60000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
A20000
heap
page read and write
47D1000
heap
page read and write
1D55C000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
2A5E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
42AF000
stack
page read and write
4C51000
heap
page read and write
6898000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
2C20000
direct allocation
page read and write
4FB0000
direct allocation
page execute and read and write
984000
heap
page read and write
23610000
heap
page read and write
47AF000
stack
page read and write
412E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
931000
unkown
page execute and write copy
984000
heap
page read and write
237FE000
heap
page read and write
984000
heap
page read and write
442E000
stack
page read and write
44EE000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
4C51000
heap
page read and write
68C000
unkown
page execute and read and write
10FE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
173F000
stack
page read and write
984000
heap
page read and write
52D0000
direct allocation
page execute and read and write
3C9E000
stack
page read and write
426E000
stack
page read and write
4C51000
heap
page read and write
4981000
heap
page read and write
CBE000
stack
page read and write
12BE000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
2C3B000
heap
page read and write
4981000
heap
page read and write
AAF000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
9D0000
direct allocation
page read and write
985000
heap
page read and write
1D57D000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1287000
heap
page read and write
4C4000
unkown
page execute and read and write
4DF0000
direct allocation
page execute and read and write
100000
unkown
page read and write
985000
heap
page read and write
4C40000
direct allocation
page read and write
4C51000
heap
page read and write
4EF0000
direct allocation
page execute and read and write
DE0000
direct allocation
page read and write
1D55C000
heap
page read and write
2C30000
heap
page read and write
984000
heap
page read and write
366E000
stack
page read and write
52D0000
direct allocation
page execute and read and write
984000
heap
page read and write
980000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3ABE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
2F1E000
stack
page read and write
984000
heap
page read and write
426000
unkown
page execute and write copy
F94000
heap
page read and write
984000
heap
page read and write
DE0000
direct allocation
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
11F0000
heap
page read and write
1D532000
heap
page read and write
9CE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
10BF000
stack
page read and write
2E50000
heap
page read and write
DE0000
direct allocation
page read and write
4CB0000
direct allocation
page read and write
984000
heap
page read and write
39EF000
stack
page read and write
1D530000
heap
page read and write
ABB000
heap
page read and write
990000
unkown
page readonly
6C9D0000
unkown
page readonly
984000
heap
page read and write
984000
heap
page read and write
EAC000
stack
page read and write
984000
heap
page read and write
2D3F000
stack
page read and write
984000
heap
page read and write
1D557000
heap
page read and write
984000
heap
page read and write
7540000
heap
page read and write
1D565000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
162000
unkown
page execute and read and write
984000
heap
page read and write
6CBB5000
unkown
page readonly
4FA0000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
910000
heap
page read and write
6CBAF000
unkown
page write copy
984000
heap
page read and write
2367E000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
B95000
unkown
page execute and read and write
11AE000
stack
page read and write
1D557000
heap
page read and write
984000
heap
page read and write
169000
unkown
page write copy
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
42AF000
stack
page read and write
984000
heap
page read and write
4E70000
direct allocation
page execute and read and write
984000
heap
page read and write
EF7000
stack
page read and write
302000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
332F000
stack
page read and write
605B000
stack
page read and write
2E70000
heap
page read and write
4BAE000
stack
page read and write
61ED3000
direct allocation
page read and write
A34000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C60000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D55F000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D562000
heap
page read and write
4C70000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
2A9E000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
483F000
stack
page read and write
10A0000
direct allocation
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
61ED4000
direct allocation
page readonly
A4D000
heap
page read and write
46AE000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
307F000
stack
page read and write
984000
heap
page read and write
D99000
unkown
page write copy
6891000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
140E000
stack
page read and write
3F1E000
stack
page read and write
984000
heap
page read and write
1D580000
heap
page read and write
984000
heap
page read and write
4E90000
direct allocation
page execute and read and write
7550000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
112A000
heap
page read and write
2F60000
heap
page read and write
984000
heap
page read and write
5CC000
unkown
page execute and write copy
4B6F000
stack
page read and write
984000
heap
page read and write
F94000
heap
page read and write
F94000
heap
page read and write
47DE000
stack
page read and write
984000
heap
page read and write
930000
heap
page read and write
23720000
trusted library allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
466F000
stack
page read and write
4981000
heap
page read and write
13BF000
stack
page read and write
64FE000
stack
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
46AE000
stack
page read and write
984000
heap
page read and write
3AFE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1CD8F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4CC0000
heap
page read and write
9F0000
heap
page read and write
5A6D000
stack
page read and write
9D0000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
323E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
48DF000
stack
page read and write
984000
heap
page read and write
47EE000
stack
page read and write
4D10000
direct allocation
page read and write
DFA000
heap
page read and write
984000
heap
page read and write
163E000
stack
page read and write
2BDC000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3B5E000
stack
page read and write
C72000
unkown
page execute and read and write
984000
heap
page read and write
3CFF000
stack
page read and write
984000
heap
page read and write
1D580000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
29DE000
stack
page read and write
985000
heap
page read and write
352E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
985000
heap
page read and write
5260000
direct allocation
page execute and read and write
D30000
unkown
page read and write
984000
heap
page read and write
9D0000
direct allocation
page read and write
984000
heap
page read and write
437E000
stack
page read and write
984000
heap
page read and write
2AA7000
heap
page read and write
100000
unkown
page readonly
2D2F000
stack
page read and write
984000
heap
page read and write
1D57A000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
D92000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
39AE000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
EF2000
stack
page read and write
476E000
stack
page read and write
984000
heap
page read and write
2C10000
direct allocation
page read and write
984000
heap
page read and write
518E000
stack
page read and write
2368A000
heap
page read and write
56CE000
stack
page read and write
2AA0000
direct allocation
page execute and read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
6BB0000
trusted library allocation
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
41FF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
2C1E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4D20000
trusted library allocation
page read and write
DE0000
direct allocation
page read and write
405E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D572000
heap
page read and write
1D565000
heap
page read and write
312F000
stack
page read and write
984000
heap
page read and write
4C40000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
3FAF000
stack
page read and write
4981000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
23610000
trusted library allocation
page read and write
984000
heap
page read and write
985000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
5150000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
34BE000
stack
page read and write
2FAE000
stack
page read and write
F94000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
9D0000
direct allocation
page read and write
45FE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
2C10000
direct allocation
page read and write
9D0000
direct allocation
page read and write
2C37000
heap
page read and write
36BF000
stack
page read and write
4981000
heap
page read and write
1260000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
316E000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
80C000
unkown
page execute and read and write
4871000
heap
page read and write
984000
heap
page read and write
4DF0000
direct allocation
page execute and read and write
984000
heap
page read and write
4C51000
heap
page read and write
A90000
heap
page read and write
10A0000
direct allocation
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
423E000
stack
page read and write
985000
heap
page read and write
1D04E000
stack
page read and write
4981000
heap
page read and write
984000
heap
page read and write
1D543000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D41D000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
23610000
trusted library allocation
page read and write
45BF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
37AE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
34AE000
stack
page read and write
984000
heap
page read and write
1262000
heap
page read and write
984000
heap
page read and write
4F50000
direct allocation
page execute and read and write
984000
heap
page read and write
343F000
stack
page read and write
984000
heap
page read and write
2C10000
direct allocation
page read and write
4C40000
direct allocation
page read and write
984000
heap
page read and write
103E000
unkown
page execute and read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
DCE000
stack
page read and write
5CA000
unkown
page execute and read and write
984000
heap
page read and write
2AD0000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
AC2000
heap
page read and write
984000
heap
page read and write
930000
heap
page read and write
30EE000
stack
page read and write
984000
heap
page read and write
AC2000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D55D000
heap
page read and write
984000
heap
page read and write
A76000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4990000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
2F3F000
stack
page read and write
985000
heap
page read and write
5BC000
stack
page read and write
1D568000
heap
page read and write
5310000
direct allocation
page execute and read and write
D10000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
4981000
heap
page read and write
1260000
heap
page read and write
5260000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
5290000
direct allocation
page execute and read and write
3E7E000
stack
page read and write
347E000
stack
page read and write
38EE000
stack
page read and write
4C40000
direct allocation
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
2FEF000
stack
page read and write
1D54B000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
35BF000
stack
page read and write
36FE000
stack
page read and write
984000
heap
page read and write
322E000
stack
page read and write
2ADE000
heap
page read and write
2EDE000
stack
page read and write
2C10000
direct allocation
page read and write
2F67000
heap
page read and write
984000
heap
page read and write
2FBC000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
891B000
stack
page read and write
4DC1000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
386E000
stack
page read and write
CAD000
unkown
page execute and read and write
E20000
heap
page read and write
F94000
heap
page read and write
4F80000
direct allocation
page execute and read and write
ABE000
heap
page read and write
137E000
stack
page read and write
984000
heap
page read and write
3B6E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
9D0000
direct allocation
page read and write
C95000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
991000
unkown
page execute and write copy
984000
heap
page read and write
3EEF000
stack
page read and write
2AC0000
direct allocation
page execute and read and write
984000
heap
page read and write
1D57A000
heap
page read and write
984000
heap
page read and write
2C10000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
65FF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
416F000
stack
page read and write
4C51000
heap
page read and write
1D55C000
heap
page read and write
930000
unkown
page execute and read and write
3E0000
unkown
page execute and read and write
984000
heap
page read and write
4C51000
heap
page read and write
985000
heap
page read and write
52D0000
direct allocation
page execute and read and write
984000
heap
page read and write
376F000
stack
page read and write
11A5000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
ABF000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
4E60000
direct allocation
page execute and read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
44FE000
stack
page read and write
37FF000
stack
page read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
40E000
unkown
page execute and read and write
4981000
heap
page read and write
2E2F000
stack
page read and write
984000
heap
page read and write
3EDF000
stack
page read and write
31FE000
stack
page read and write
AAE000
heap
page read and write
984000
heap
page read and write
4DE0000
direct allocation
page execute and read and write
984000
heap
page read and write
4A2F000
stack
page read and write
F20000
heap
page read and write
984000
heap
page read and write
4CB0000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
40EF000
stack
page read and write
2A8E000
stack
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
1D29D000
stack
page read and write
984000
heap
page read and write
1D564000
heap
page read and write
162000
unkown
page execute and read and write
984000
heap
page read and write
A6E000
heap
page read and write
4C51000
heap
page read and write
123B000
heap
page read and write
10A0000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
5300000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
1D561000
heap
page read and write
984000
heap
page read and write
101000
unkown
page execute and write copy
4C40000
direct allocation
page read and write
984000
heap
page read and write
406E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
447F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
1D549000
heap
page read and write
984000
heap
page read and write
40E000
unkown
page execute and read and write
984000
heap
page read and write
985000
heap
page read and write
1D578000
heap
page read and write
2CAF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
3C6F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C20000
trusted library allocation
page read and write
1D579000
heap
page read and write
984000
heap
page read and write
1D565000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C40000
direct allocation
page read and write
984000
heap
page read and write
100000
unkown
page read and write
984000
heap
page read and write
C9E000
unkown
page execute and read and write
984000
heap
page read and write
4CC1000
heap
page read and write
984000
heap
page read and write
5084000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4EE0000
direct allocation
page execute and read and write
4CC1000
heap
page read and write
4E80000
direct allocation
page execute and read and write
3B1F000
stack
page read and write
23750000
trusted library allocation
page read and write
984000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
9D0000
direct allocation
page read and write
366E000
stack
page read and write
1056000
unkown
page execute and write copy
4C40000
direct allocation
page read and write
169000
unkown
page write copy
38DE000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
AD1000
unkown
page execute and write copy
2F7F000
stack
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
1D549000
heap
page read and write
329E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D541000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
393F000
stack
page read and write
984000
heap
page read and write
43EF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
4E50000
direct allocation
page execute and read and write
2E6E000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
4EC0000
direct allocation
page execute and read and write
984000
heap
page read and write
46FF000
stack
page read and write
544E000
stack
page read and write
5260000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
1D534000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1116000
heap
page read and write
61B5000
heap
page read and write
456E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
3EEF000
stack
page read and write
2E3F000
stack
page read and write
984000
heap
page read and write
5250000
direct allocation
page execute and read and write
1D6A3000
heap
page read and write
3C2E000
stack
page read and write
984000
heap
page read and write
1D561000
heap
page read and write
43DF000
stack
page read and write
DE0000
direct allocation
page read and write
4CB0000
direct allocation
page read and write
985000
heap
page read and write
984000
heap
page read and write
389F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D14F000
stack
page read and write
2C10000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4D00000
direct allocation
page read and write
984000
heap
page read and write
F94000
heap
page read and write
DE0000
direct allocation
page read and write
9D0000
direct allocation
page read and write
984000
heap
page read and write
433F000
stack
page read and write
4981000
heap
page read and write
F94000
heap
page read and write
39EF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
50E0000
direct allocation
page read and write
2C10000
direct allocation
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
3C5F000
stack
page read and write
AB9000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
990000
unkown
page read and write
1D54B000
heap
page read and write
3CAE000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
1D54B000
heap
page read and write
4F80000
direct allocation
page execute and read and write
50C000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
100000
unkown
page readonly
ADA000
heap
page read and write
236D1000
heap
page read and write
1D55D000
heap
page read and write
5330000
direct allocation
page execute and read and write
1D53F000
heap
page read and write
2AD7000
heap
page read and write
5320000
direct allocation
page execute and read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
D40000
heap
page read and write
984000
heap
page read and write
11E0000
heap
page read and write
16B000
unkown
page execute and read and write
984000
heap
page read and write
4EC0000
direct allocation
page execute and read and write
1D54B000
heap
page read and write
3BFF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
4F00000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
365E000
stack
page read and write
1D578000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
DE0000
direct allocation
page read and write
169000
unkown
page write copy
984000
heap
page read and write
3F7F000
stack
page read and write
985000
heap
page read and write
A40000
heap
page read and write
984000
heap
page read and write
48E1000
heap
page read and write
984000
heap
page read and write
2C10000
direct allocation
page read and write
D31000
unkown
page execute and write copy
4C3F000
stack
page read and write
984000
heap
page read and write
144B000
heap
page read and write
984000
heap
page read and write
423F000
stack
page read and write
984000
heap
page read and write
2B1E000
stack
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
383F000
stack
page read and write
6C931000
unkown
page execute read
984000
heap
page read and write
6C9AD000
unkown
page readonly
61E01000
direct allocation
page execute read
9D0000
direct allocation
page read and write
6C9C2000
unkown
page readonly
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4E30000
direct allocation
page execute and read and write
43EF000
stack
page read and write
984000
heap
page read and write
2C10000
direct allocation
page read and write
984000
heap
page read and write
4E70000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
919000
unkown
page execute and read and write
326F000
stack
page read and write
984000
heap
page read and write
AAE000
heap
page read and write
4F10000
direct allocation
page execute and read and write
4E20000
direct allocation
page execute and read and write
4996000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
418000
unkown
page execute and read and write
10CA000
heap
page read and write
984000
heap
page read and write
3D3E000
stack
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
4E4F000
stack
page read and write
2C10000
direct allocation
page read and write
F94000
heap
page read and write
984000
heap
page read and write
BE0000
heap
page read and write
5080000
heap
page read and write
2C20000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
5230000
direct allocation
page execute and read and write
4981000
heap
page read and write
1D572000
heap
page read and write
6890000
heap
page read and write
465F000
stack
page read and write
984000
heap
page read and write
4EB0000
direct allocation
page execute and read and write
985000
heap
page read and write
63BF000
stack
page read and write
4981000
heap
page read and write
4C40000
direct allocation
page read and write
984000
heap
page read and write
1D55C000
heap
page read and write
984000
heap
page read and write
427D000
stack
page read and write
1D541000
heap
page read and write
1D55D000
heap
page read and write
100000
unkown
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
DFE000
heap
page read and write
57CF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3AEE000
stack
page read and write
1D571000
heap
page read and write
984000
heap
page read and write
616E000
stack
page read and write
1D542000
heap
page read and write
2C20000
direct allocation
page read and write
52D0000
direct allocation
page execute and read and write
F94000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4CB0000
direct allocation
page read and write
984000
heap
page read and write
35AF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
10A0000
direct allocation
page read and write
4C51000
heap
page read and write
426000
unkown
page execute and write copy
984000
heap
page read and write
984000
heap
page read and write
3D6E000
stack
page read and write
1D580000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
F3A000
heap
page read and write
984000
heap
page read and write
DE0000
direct allocation
page read and write
985000
heap
page read and write
41AE000
stack
page read and write
61B6000
heap
page read and write
984000
heap
page read and write
1D565000
heap
page read and write
984000
heap
page read and write
11B0000
heap
page read and write
984000
heap
page read and write
1410000
heap
page read and write
984000
heap
page read and write
5C6E000
stack
page read and write
113D000
stack
page read and write
984000
heap
page read and write
45FF000
stack
page read and write
984000
heap
page read and write
A0C000
unkown
page write copy
30AF000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
5260000
direct allocation
page execute and read and write
984000
heap
page read and write
985000
heap
page read and write
372E000
stack
page read and write
984000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
302E000
stack
page read and write
984000
heap
page read and write
13FD000
stack
page read and write
985000
heap
page read and write
CAE000
unkown
page execute and write copy
984000
heap
page read and write
914000
heap
page read and write
540B000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
581E000
stack
page read and write
10A0000
direct allocation
page read and write
416F000
stack
page read and write
9D9000
unkown
page execute and read and write
2AB0000
direct allocation
page execute and read and write
50CC000
stack
page read and write
31EF000
stack
page read and write
4981000
heap
page read and write
ABF000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
A6B000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
52F0000
direct allocation
page execute and read and write
47D1000
heap
page read and write
984000
heap
page read and write
437F000
stack
page read and write
4C10000
heap
page read and write
984000
heap
page read and write
754E000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
52D0000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
47D1000
heap
page read and write
984000
heap
page read and write
1D565000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
CFD000
stack
page read and write
3BBF000
stack
page read and write
12C5000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
6CBB0000
unkown
page read and write
985000
heap
page read and write
427000
unkown
page execute and write copy
73B8000
heap
page read and write
984000
heap
page read and write
4ED0000
direct allocation
page execute and read and write
6898000
heap
page read and write
47B0000
heap
page read and write
302000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
23674000
heap
page read and write
984000
heap
page read and write
11FF000
stack
page read and write
4CC1000
heap
page read and write
1D54D000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
9D0000
direct allocation
page read and write
984000
heap
page read and write
8EE000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
11FA000
unkown
page execute and read and write
984000
heap
page read and write
418000
unkown
page execute and read and write
33EE000
stack
page read and write
1CC8E000
stack
page read and write
984000
heap
page read and write
492E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
6C9BE000
unkown
page read and write
4E80000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
33AF000
stack
page read and write
346F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
D20000
direct allocation
page execute and read and write
984000
heap
page read and write
1090000
heap
page read and write
169000
unkown
page write copy
52F0000
direct allocation
page execute and read and write
984000
heap
page read and write
8FA000
stack
page read and write
985000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
F3E000
heap
page read and write
347F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
401F000
stack
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
AD0000
unkown
page execute and read and write
3B6E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
5240000
direct allocation
page execute and read and write
13BE000
stack
page read and write
1D51C000
stack
page read and write
984000
heap
page read and write
511B000
stack
page read and write
1D580000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
337E000
stack
page read and write
4C51000
heap
page read and write
558E000
stack
page read and write
426000
unkown
page execute and read and write
4981000
heap
page read and write
984000
heap
page read and write
153E000
stack
page read and write
984000
heap
page read and write
2C10000
direct allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
3FBE000
stack
page read and write
4DF0000
direct allocation
page execute and read and write
418000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3A2E000
stack
page read and write
984000
heap
page read and write
AAE000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D579000
heap
page read and write
984000
heap
page read and write
4C50000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
4CB0000
direct allocation
page read and write
106E000
stack
page read and write
68B4000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
38AF000
stack
page read and write
6C9D1000
unkown
page execute read
4F20000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
568E000
stack
page read and write
A90000
heap
page read and write
4EA0000
direct allocation
page execute and read and write
1D542000
heap
page read and write
985000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
7550000
heap
page read and write
4C51000
heap
page read and write
4F50000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
3EAD000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
23676000
heap
page read and write
33EE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
383E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4970000
trusted library allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
2E77000
heap
page read and write
2A9E000
stack
page read and write
1056000
unkown
page execute and read and write
3E0000
unkown
page execute and read and write
984000
heap
page read and write
23690000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
DE0000
direct allocation
page read and write
984000
heap
page read and write
2F5E000
stack
page read and write
D30000
heap
page read and write
984000
heap
page read and write
1235000
heap
page read and write
23687000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1440000
heap
page read and write
3CAE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
397F000
stack
page read and write
426000
unkown
page execute and read and write
11A0000
heap
page read and write
2A1E000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
4F5000
unkown
page execute and read and write
984000
heap
page read and write
2C5B000
stack
page read and write
984000
heap
page read and write
37AE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
237B0000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
EFB000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
FAD000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
1D00F000
stack
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
1D557000
heap
page read and write
984000
heap
page read and write
39BE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
32AE000
stack
page read and write
4CC1000
heap
page read and write
352E000
stack
page read and write
325F000
stack
page read and write
145C000
heap
page read and write
5090000
trusted library allocation
page read and write
1420000
heap
page read and write
68A000
unkown
page write copy
16B000
unkown
page execute and read and write
16B000
unkown
page execute and read and write
F94000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
45EF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1252000
heap
page read and write
984000
heap
page read and write
163F000
stack
page read and write
A90000
heap
page read and write
984000
heap
page read and write
23678000
heap
page read and write
984000
heap
page read and write
1D565000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
4981000
heap
page read and write
3DEE000
stack
page read and write
984000
heap
page read and write
4DC0000
trusted library allocation
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
35BE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
40BF000
stack
page read and write
4870000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
311F000
stack
page read and write
940000
heap
page read and write
984000
heap
page read and write
920000
unkown
page execute and read and write
984000
heap
page read and write
10A0000
direct allocation
page read and write
AD8000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
ABE000
heap
page read and write
984000
heap
page read and write
A49000
heap
page read and write
984000
heap
page read and write
F94000
heap
page read and write
4981000
heap
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
49BF000
stack
page read and write
4C51000
heap
page read and write
237EE000
heap
page read and write
984000
heap
page read and write
23650000
heap
page read and write
985000
heap
page read and write
68A000
unkown
page read and write
984000
heap
page read and write
1146000
heap
page read and write
984000
heap
page read and write
387E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
5CA000
unkown
page execute and read and write
4E00000
direct allocation
page execute and read and write
2E40000
heap
page read and write
1D565000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
1D580000
heap
page read and write
427000
unkown
page execute and write copy
1D565000
heap
page read and write
984000
heap
page read and write
2C1F000
stack
page read and write
2E3E000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
4F3F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4981000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
9E0000
heap
page read and write
52E0000
direct allocation
page execute and read and write
415F000
stack
page read and write
984000
heap
page read and write
B6C000
stack
page read and write
52B0000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
521F000
stack
page read and write
984000
heap
page read and write
35FE000
stack
page read and write
23710000
trusted library allocation
page read and write
52E0000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3E6F000
stack
page read and write
34DF000
stack
page read and write
10A0000
direct allocation
page read and write
52A0000
direct allocation
page execute and read and write
9D0000
direct allocation
page read and write
333F000
stack
page read and write
4C51000
heap
page read and write
51B1000
direct allocation
page read and write
984000
heap
page read and write
5D6E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
50E0000
direct allocation
page read and write
F94000
heap
page read and write
1D565000
heap
page read and write
4DF0000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
169000
unkown
page write copy
2F6F000
stack
page read and write
D9B000
unkown
page execute and read and write
4981000
heap
page read and write
984000
heap
page read and write
2AC0000
direct allocation
page execute and read and write
7541000
heap
page read and write
4E60000
direct allocation
page execute and read and write
984000
heap
page read and write
126A000
heap
page read and write
1210000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
4AFF000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
6891000
heap
page read and write
984000
heap
page read and write
1D572000
heap
page read and write
5100000
trusted library allocation
page read and write
2C27000
heap
page read and write
48E0000
heap
page read and write
984000
heap
page read and write
2D5F000
stack
page read and write
4D58000
direct allocation
page read and write
984000
heap
page read and write
DE0000
direct allocation
page read and write
984000
heap
page read and write
452F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
103C000
stack
page read and write
4981000
heap
page read and write
4D4E000
stack
page read and write
3C3E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C51000
heap
page read and write
2BAF000
stack
page read and write
48BE000
stack
page read and write
984000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3E7F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4DAF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
61EB7000
direct allocation
page readonly
8FD000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4CB0000
direct allocation
page read and write
984000
heap
page read and write
6CB6F000
unkown
page readonly
1D536000
heap
page read and write
1D563000
heap
page read and write
6CBAE000
unkown
page read and write
914000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
127C000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4C40000
direct allocation
page read and write
452F000
stack
page read and write
302000
unkown
page execute and read and write
984000
heap
page read and write
1010000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
5270000
direct allocation
page execute and read and write
5CC000
unkown
page execute and write copy
984000
heap
page read and write
1D561000
heap
page read and write
4E9F000
stack
page read and write
4981000
heap
page read and write
984000
heap
page read and write
CFE000
stack
page read and write
984000
heap
page read and write
10A0000
direct allocation
page read and write
985000
heap
page read and write
4CB0000
direct allocation
page read and write
984000
heap
page read and write
991000
unkown
page execute and read and write
47D1000
heap
page read and write
3F2E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
237FC000
heap
page read and write
2B9E000
stack
page read and write
984000
heap
page read and write
6892000
heap
page read and write
F94000
heap
page read and write
984000
heap
page read and write
2FDF000
stack
page read and write
A0C000
unkown
page read and write
61AE000
stack
page read and write
984000
heap
page read and write
4D9C000
stack
page read and write
985000
heap
page read and write
984000
heap
page read and write
5A7000
unkown
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
125D000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
52C0000
direct allocation
page execute and read and write
36FF000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
615C000
stack
page read and write
47D0000
heap
page read and write
984000
heap
page read and write
34EF000
stack
page read and write
2E7D000
heap
page read and write
42EE000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D565000
heap
page read and write
4C51000
heap
page read and write
101000
unkown
page execute and write copy
47D1000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
3EBE000
stack
page read and write
4CAE000
stack
page read and write
984000
heap
page read and write
985000
heap
page read and write
984000
heap
page read and write
375F000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
1CF0E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
440000
unkown
page read and write
984000
heap
page read and write
984000
heap
page read and write
1D580000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
F32000
unkown
page execute and read and write
2A451000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
5300000
direct allocation
page execute and read and write
4C51000
heap
page read and write
DE0000
direct allocation
page read and write
4C51000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
1048000
unkown
page execute and read and write
3E3F000
stack
page read and write
16B000
unkown
page execute and read and write
984000
heap
page read and write
5370000
direct allocation
page execute and read and write
984000
heap
page read and write
984000
heap
page read and write
2A450000
heap
page read and write
5360000
direct allocation
page execute and read and write
984000
heap
page read and write
441E000
stack
page read and write
984000
heap
page read and write
984000
heap
page read and write
487F000
stack
page read and write
984000
heap
page read and write
F94000
heap
page read and write
A0F000
unkown
page execute and read and write
419E000
stack
page read and write
3DDE000
stack
page read and write
2C3E000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
984000
heap
page read and write
4EB0000
direct allocation
page execute and read and write
985000
heap
page read and write
40FF000
stack
page read and write
There are 2248 hidden memdumps, click here to show them.