IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\rh[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008589001\rh.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsJDGCGHCGHC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\DHDHCGHDHIDHCBGCBGCAEBAKEH
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EHCBAAAFHJDHJJKEBGHIECAKJK
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EHJJKFCBGIDGHIECGCBK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\JJDGIIDH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\JJKFBFIJJECGCAAAFCBG
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\KKFBFCAF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KKFBFCAFCBKFIEBFHIDB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0e8daea0-24e3-4bdc-be74-d6789d60abc4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1036c524-4b3c-4291-beb4-509d710fbc39.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\274a859b-d6cd-402e-b8f5-a73b2e6ea248.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3fa27178-0119-4fa6-baa0-fc03f931ec37.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8437c07c-4909-442f-972e-1af5c530363a.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\66c9d6dc-72d1-4da7-a862-f40aa4e14ff9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67429B83-684.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\08b36fed-69a7-40d1-a669-84919e605d01.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\13270550-9476-4768-aefe-fe6c0eba144d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\20f6f1af-33da-4c06-98b6-b5a218280b17.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2d8f0b1d-ad48-408a-bb35-938f213b24d4.tmp
Unicode text, UTF-8 text, with very long lines (17589), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8a4bfd4c-5113-4132-be49-c118f176818e.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\384cf1de-7ac5-483e-9d50-8188cb2f988f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\742a95b8-af85-45e4-afa1-2358be8553c2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\97b7cae7-04d6-4b62-8bcf-933fc6c5b664.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4d211.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3bcd9.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3d8ec.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b7efbc7c-417c-4d60-b160-d767c7ce6065.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b90d1c21-46e1-471b-8210-9e0c92e106e4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d0f2e3f2-a23b-471a-949c-70b190ef5084.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40cae.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44d41.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4c271.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3ffed.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF44c86.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376892038321249
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5eabc2ac-50f0-4af8-b877-dfa7c008d08b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\837d2f3f-aab3-4093-aab1-144df7423e58.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3d8ec.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\be678a04-cc8f-4609-aaa9-f2188a350f64.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d5f56784-afc8-4052-b62a-5d06d693d69a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a0b22b6f-0771-4e84-b5f9-f98df829b4f2.tmp
Unicode text, UTF-8 text, with very long lines (17589), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b4ae3cc5-a8a6-4962-9dc5-91cd4f0c572b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bad07d72-5e4b-4e51-a99f-03d94e3600ec.tmp
Unicode text, UTF-8 text, with very long lines (17424), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d41d0580-db88-469a-8071-1667250d510a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3af9a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3afaa.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b121.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3d821.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41f0d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4c252.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF51d34.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c16c520a-2f7c-45fc-860b-e4ebdd2f942b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\db7dfa77-6ca0-4572-abee-13d63040cb5f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f124a1a2-883b-419c-a7f3-9bfd3e2e2fad.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\41881d7e-c420-472f-9882-41ec15a442b3.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\4418a1c1-f71d-4ed9-bb43-f5cc0882e8ee.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\85ab73aa-31c6-40ba-ac30-0a48fc7aea22.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\937d9c70-550d-46d3-af4c-e0cd221059c6.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\a3483c45-6ba8-4b6a-8495-195e9dd1a1bc.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\b38f6c6c-4c1f-4ed0-ab27-70a4acfb2549.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\f2e7b281-5bf7-4eb5-ae3c-87f701a0536f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_1096916990\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_1096916990\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_1096916990\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_1096916990\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_1096916990\f2e7b281-5bf7-4eb5-ae3c-87f701a0536f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\4418a1c1-f71d-4ed9-bb43-f5cc0882e8ee.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir1668_2124305844\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 535
ASCII text, with very long lines (6105)
downloaded
Chrome Cache Entry: 536
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 537
ASCII text
downloaded
Chrome Cache Entry: 538
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 539
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 540
SVG Scalable Vector Graphics image
downloaded
There are 279 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2692 --field-trial-handle=2376,i,6617676585187416704,17059390612542835592,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2172,i,2543754135559751923,12033645619070038089,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2760 --field-trial-handle=2032,i,13800735472170156526,8368186768168770394,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6216 --field-trial-handle=2032,i,13800735472170156526,8368186768168770394,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6436 --field-trial-handle=2032,i,13800735472170156526,8368186768168770394,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7148 --field-trial-handle=2032,i,13800735472170156526,8368186768168770394,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7148 --field-trial-handle=2032,i,13800735472170156526,8368186768168770394,262144 /prefetch:8
malicious
C:\Users\user\DocumentsJDGCGHCGHC.exe
"C:\Users\user\DocumentsJDGCGHCGHC.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6120 --field-trial-handle=2032,i,13800735472170156526,8368186768168770394,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1008589001\rh.exe
"C:\Users\user\AppData\Local\Temp\1008589001\rh.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDGCGHCGHC.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllC
unknown
https://assets2.msn.com/bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js
23.209.72.39
https://ntp.msn.com/_default
unknown
http://185.215.113.206/c4becf79229cb002.phprograms
unknown
https://www.last.fm/
unknown
http://185.215.113.206/c4becf79229cb002.phpGHCGHC.exeata;
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllU
unknown
https://sb.scorecardresearch.com/
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402414228_1EUMX2S6TUEXTBXLL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.28.10
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
http://185.215.113.43/Zu7JuNko/index.php=C:
unknown
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
http://185.215.113.43/Zu7JuNko/index.phpq.
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.100
http://31.41.244.11/files/rh.exeafc8506ncodedH88
unknown
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
http://31.41.244.11/files/rh.exeafc85062384
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402456886_16PSERWAUMTCB5AWR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.28.10
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dlly
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php8
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll=
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
23.209.72.31
http://185.215.113.206/c4becf79229cb002.phpD
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402369559_1P8IC1BLUXN6I3CCR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.28.10
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
http://185.215.113.206w
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732418458482&w=0&anoncknm=app_anon&NoResponseBody=true
40.79.173.40
https://m.kugou.com/
unknown
http://185.215.113.43/Zu7JuNko/index.phpC:
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732418458479&w=0&anoncknm=app_anon&NoResponseBody=true
40.79.173.40
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732418452678&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
40.79.173.40
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tse1.mm.bing.net/th?id=OADD2.10239402414229_1P4RDVHBQE93FAZFW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.28.10
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
172.217.17.78
play.google.com
172.217.19.238
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.106
www.google.com
142.250.181.100
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
172.217.19.225
ax-0001.ax-msedge.net
150.171.27.10
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
There are 4 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
23.57.90.138
unknown
United States
13.107.246.40
unknown
United States
152.195.19.97
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
40.79.173.40
unknown
United States
162.159.61.3
unknown
United States
23.209.72.39
unknown
United States
20.110.205.119
unknown
United States
23.209.72.31
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
204.79.197.237
unknown
United States
31.41.244.11
unknown
Russian Federation
23.57.90.149
unknown
United States
172.217.17.78
plus.l.google.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
23.57.90.140
unknown
United States
142.250.181.100
www.google.com
United States
3.167.69.129
unknown
United States
239.255.255.250
unknown
Reserved
104.117.182.59
unknown
United States
20.96.153.111
unknown
United States
127.0.0.1
unknown
unknown
There are 18 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263304
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263304
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263304
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263304
WindowTabManagerFileMappingId
There are 97 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
C31000
unkown
page execute and read and write
 malicious
4A80000
direct allocation
page read and write
 malicious
901000
unkown
page execute and read and write
 malicious
1F1000
unkown
page execute and read and write
 malicious
4810000
direct allocation
page read and write
 malicious
49F0000
direct allocation
page read and write
 malicious
109E000
heap
page read and write
 malicious
C31000
unkown
page execute and read and write
 malicious
4CD0000
direct allocation
page read and write
 malicious
C31000
unkown
page execute and read and write
 malicious
4D50000
direct allocation
page read and write
 malicious
B84000
heap
page read and write
9D0000
unkown
page execute and read and write
4851000
heap
page read and write
1D3BC000
heap
page read and write
2FAF000
stack
page read and write
F4D000
unkown
page execute and read and write
4950000
direct allocation
page execute and read and write
1D3BC000
heap
page read and write
5E4000
heap
page read and write
F37000
unkown
page execute and read and write
7B0000
heap
page read and write
F3F000
unkown
page execute and read and write
4C70000
direct allocation
page execute and read and write
DAF000
heap
page read and write
BB0000
heap
page read and write
AA4000
heap
page read and write
48B1000
heap
page read and write
372F000
stack
page read and write
88E000
stack
page read and write
F09000
unkown
page execute and read and write
B84000
heap
page read and write
48B1000
heap
page read and write
23500000
trusted library allocation
page read and write
3C5000
heap
page read and write
424F000
stack
page read and write
489F000
stack
page read and write
48A1000
heap
page read and write
F3F000
unkown
page execute and read and write
41EE000
stack
page read and write
F37000
unkown
page execute and read and write
104E000
stack
page read and write
4851000
heap
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
3F0000
direct allocation
page read and write
234D3000
heap
page read and write
4851000
heap
page read and write
B84000
heap
page read and write
48B1000
heap
page read and write
342E000
stack
page read and write
10F8000
heap
page read and write
C2E000
stack
page read and write
E33000
heap
page read and write
1D394000
heap
page read and write
3A2F000
stack
page read and write
385F000
stack
page read and write
B84000
heap
page read and write
4E8F000
stack
page read and write
C99000
unkown
page write copy
48B1000
heap
page read and write
5E4000
heap
page read and write
3F0000
direct allocation
page read and write
34AF000
stack
page read and write
3E8E000
stack
page read and write
1080000
direct allocation
page read and write
48B1000
heap
page read and write
4E90000
direct allocation
page execute and read and write
346F000
stack
page read and write
E15000
heap
page read and write
6FCE0000
unkown
page readonly
2ACE000
stack
page read and write
3EEE000
stack
page read and write
48B1000
heap
page read and write
E32000
heap
page read and write
AA4000
heap
page read and write
2A30C000
stack
page read and write
AA4000
heap
page read and write
1D3B7000
heap
page read and write
1D399000
heap
page read and write
1D384000
heap
page read and write
48B1000
heap
page read and write
1D397000
heap
page read and write
4ED0000
direct allocation
page execute and read and write
AA4000
heap
page read and write
1D3BC000
heap
page read and write
3AEE000
stack
page read and write
B84000
heap
page read and write
37EE000
stack
page read and write
1250000
direct allocation
page read and write
65FB000
stack
page read and write
4860000
heap
page read and write
7C0000
heap
page read and write
3C2E000
stack
page read and write
4C00000
direct allocation
page execute and read and write
BC0000
direct allocation
page read and write
3F0000
direct allocation
page read and write
439F000
stack
page read and write
BFE000
stack
page read and write
23858000
heap
page read and write
B85000
heap
page read and write
A84000
heap
page read and write
AA4000
heap
page read and write
1D393000
heap
page read and write
48C0000
heap
page read and write
B85000
heap
page read and write
A90000
direct allocation
page read and write
E27000
heap
page read and write
B84000
heap
page read and write
44EF000
stack
page read and write
B84000
heap
page read and write
4A2E000
stack
page read and write
4B70000
direct allocation
page execute and read and write
1D492000
heap
page read and write
C10000
direct allocation
page read and write
4FFE000
stack
page read and write
322F000
stack
page read and write
1080000
direct allocation
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
2C2F000
stack
page read and write
49B0000
direct allocation
page execute and read and write
A90000
direct allocation
page read and write
61ECD000
direct allocation
page readonly
3A6E000
stack
page read and write
4851000
heap
page read and write
48D0000
heap
page read and write
B84000
heap
page read and write
590000
heap
page read and write
AA4000
heap
page read and write
1080000
direct allocation
page read and write
B80000
heap
page read and write
B84000
heap
page read and write
3C0E000
stack
page read and write
3E2E000
stack
page read and write
4BF0000
direct allocation
page execute and read and write
E18000
heap
page read and write
4E50000
direct allocation
page execute and read and write
48B1000
heap
page read and write
DF7000
unkown
page execute and write copy
35DF000
stack
page read and write
4571000
heap
page read and write
2CA0000
direct allocation
page execute and read and write
DF2000
heap
page read and write
4C00000
direct allocation
page execute and read and write
5E4000
heap
page read and write
5E4000
heap
page read and write
6FCE1000
unkown
page execute read
434F000
stack
page read and write
1D37B000
heap
page read and write
4C39000
stack
page read and write
3D5F000
stack
page read and write
DF2000
heap
page read and write
A84000
heap
page read and write
582E000
stack
page read and write
4851000
heap
page read and write
4EDE000
stack
page read and write
E1C000
heap
page read and write
23420000
heap
page read and write
B84000
heap
page read and write
1D3A0000
heap
page read and write
A90000
direct allocation
page read and write
28EF000
stack
page read and write
4E40000
direct allocation
page execute and read and write
B38000
unkown
page execute and read and write
339E000
stack
page read and write
AA4000
heap
page read and write
DD9000
heap
page read and write
1D38B000
heap
page read and write
32EE000
stack
page read and write
4B50000
direct allocation
page execute and read and write
3D2F000
stack
page read and write
8FD000
stack
page read and write
CC0000
direct allocation
page read and write
101D000
unkown
page execute and read and write
41AF000
stack
page read and write
B84000
heap
page read and write
48B0000
heap
page read and write
39AF000
stack
page read and write
1D3BC000
heap
page read and write
50E000
unkown
page execute and write copy
61E00000
direct allocation
page execute and read and write
48B1000
heap
page read and write
A80000
heap
page read and write
1080000
direct allocation
page read and write
E06000
heap
page read and write
750000
heap
page read and write
C20000
direct allocation
page execute and read and write
C99000
unkown
page write copy
760000
heap
page read and write
4851000
heap
page read and write
4EB0000
direct allocation
page execute and read and write
AA4000
heap
page read and write
4EC0000
direct allocation
page execute and read and write
4851000
heap
page read and write
48B1000
heap
page read and write
631F000
stack
page read and write
36CF000
stack
page read and write
23400000
trusted library allocation
page read and write
49A0000
direct allocation
page execute and read and write
3B2E000
stack
page read and write
438E000
stack
page read and write
B84000
heap
page read and write
4391000
heap
page read and write
B84000
heap
page read and write
84E000
stack
page read and write
4C00000
direct allocation
page execute and read and write
4B40000
direct allocation
page execute and read and write
30EF000
stack
page read and write
3C6E000
stack
page read and write
48B1000
heap
page read and write
4851000
heap
page read and write
1D394000
heap
page read and write
426E000
stack
page read and write
A80000
heap
page read and write
48B1000
heap
page read and write
562E000
stack
page read and write
E0E000
heap
page read and write
F37000
unkown
page execute and read and write
DF8000
unkown
page execute and write copy
B84000
heap
page read and write
4FF000
unkown
page execute and read and write
C99000
unkown
page write copy
4391000
heap
page read and write
D21000
unkown
page execute and write copy
1161000
heap
page read and write
1D37E000
heap
page read and write
49F0000
direct allocation
page execute and read and write
4851000
heap
page read and write
4851000
heap
page read and write
3F0000
direct allocation
page read and write
64C0000
heap
page read and write
4A30000
trusted library allocation
page read and write
3B6F000
stack
page read and write
12F8000
heap
page read and write
C99000
unkown
page write copy
11DA000
unkown
page execute and read and write
6390000
heap
page read and write
E11000
heap
page read and write
BC0000
direct allocation
page read and write
B84000
heap
page read and write
CC0000
direct allocation
page read and write
2A4C5000
heap
page read and write
E07000
heap
page read and write
F4D000
unkown
page execute and write copy
4DA0000
heap
page read and write
1D3B9000
heap
page read and write
A90000
direct allocation
page read and write
2E8E000
stack
page read and write
10F2000
unkown
page execute and write copy
61EB4000
direct allocation
page read and write
3F0000
direct allocation
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
10F0000
unkown
page execute and read and write
302F000
stack
page read and write
1080000
direct allocation
page read and write
1D3A1000
heap
page read and write
48B1000
heap
page read and write
4851000
heap
page read and write
400000
heap
page read and write
48B1000
heap
page read and write
1D397000
heap
page read and write
A84000
heap
page read and write
4851000
heap
page read and write
82DC000
stack
page read and write
4C50000
direct allocation
page execute and read and write
102E000
unkown
page execute and read and write
4BE0000
direct allocation
page execute and read and write
1D3BC000
heap
page read and write
123E000
stack
page read and write
4851000
heap
page read and write
B84000
heap
page read and write
4F00000
direct allocation
page execute and read and write
4E10000
direct allocation
page execute and read and write
B84000
heap
page read and write
1080000
direct allocation
page read and write
4851000
heap
page read and write
1D3A1000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
1060000
heap
page read and write
5C4B000
stack
page read and write
E27000
heap
page read and write
5B60000
heap
page read and write
2386C000
heap
page read and write
451E000
stack
page read and write
380F000
stack
page read and write
9B5000
unkown
page execute and read and write
80E000
stack
page read and write
DC2000
heap
page read and write
B84000
heap
page read and write
4A51000
direct allocation
page read and write
4A10000
direct allocation
page execute and read and write
E18000
heap
page read and write
1D399000
heap
page read and write
4851000
heap
page read and write
48A0000
heap
page read and write
109A000
heap
page read and write
4581000
heap
page read and write
BC0000
direct allocation
page read and write
B50000
direct allocation
page read and write
384F000
stack
page read and write
AA4000
heap
page read and write
5E4000
heap
page read and write
1D3B7000
heap
page read and write
1D3A1000
heap
page read and write
37AF000
stack
page read and write
389E000
stack
page read and write
D30000
direct allocation
page read and write
4851000
heap
page read and write
6CBAF000
unkown
page readonly
371F000
stack
page read and write
B84000
heap
page read and write
474E000
stack
page read and write
E27000
heap
page read and write
4A80000
direct allocation
page read and write
48B1000
heap
page read and write
1D3BA000
heap
page read and write
CC0000
direct allocation
page read and write
2A2E000
stack
page read and write
B84000
heap
page read and write
4B50000
direct allocation
page execute and read and write
1D3B0000
heap
page read and write
A8F000
stack
page read and write
B84000
heap
page read and write
AA4000
heap
page read and write
1D3A1000
heap
page read and write
1D3BC000
heap
page read and write
259000
unkown
page write copy
E27000
heap
page read and write
F4E000
unkown
page execute and write copy
D9C000
heap
page read and write
CC0000
direct allocation
page read and write
AA4000
heap
page read and write
A10000
heap
page read and write
B84000
heap
page read and write
1D39D000
heap
page read and write
4C80000
direct allocation
page execute and read and write
B84000
heap
page read and write
592E000
stack
page read and write
1D3A1000
heap
page read and write
576D000
stack
page read and write
4B30000
direct allocation
page execute and read and write
64C2000
heap
page read and write
3F6E000
stack
page read and write
411F000
stack
page read and write
48B1000
heap
page read and write
AA4000
heap
page read and write
AA4000
heap
page read and write
4970000
direct allocation
page execute and read and write
23464000
heap
page read and write
398E000
stack
page read and write
F97000
unkown
page execute and read and write
B84000
heap
page read and write
4851000
heap
page read and write
470F000
stack
page read and write
4851000
heap
page read and write
2C6F000
stack
page read and write
358F000
stack
page read and write
2D4E000
stack
page read and write
B84000
heap
page read and write
3ACE000
stack
page read and write
B84000
heap
page read and write
3EAF000
stack
page read and write
AA4000
heap
page read and write
38AE000
stack
page read and write
34DE000
stack
page read and write
AA4000
heap
page read and write
12EA000
heap
page read and write
A84000
heap
page read and write
8C5000
heap
page read and write
344F000
stack
page read and write
1D38B000
heap
page read and write
B84000
heap
page read and write
45F1000
heap
page read and write
C30000
unkown
page readonly
48B1000
heap
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
F4D000
unkown
page execute and read and write
48A1000
heap
page read and write
1D396000
heap
page read and write
AA4000
heap
page read and write
48B1000
heap
page read and write
1D39B000
heap
page read and write
4851000
heap
page read and write
4851000
heap
page read and write
2E6F000
stack
page read and write
B84000
heap
page read and write
8D7000
heap
page read and write
B84000
heap
page read and write
AA4000
heap
page read and write
5E4000
heap
page read and write
4850000
heap
page read and write
4BE0000
direct allocation
page execute and read and write
900000
unkown
page read and write
396F000
stack
page read and write
4851000
heap
page read and write
61ED0000
direct allocation
page read and write
4D0C000
stack
page read and write
2CCC000
heap
page read and write
4C10000
direct allocation
page execute and read and write
334F000
stack
page read and write
4851000
heap
page read and write
B84000
heap
page read and write
1F0000
unkown
page readonly
B84000
heap
page read and write
4C30000
direct allocation
page execute and read and write
3FCE000
stack
page read and write
370000
heap
page read and write
B50000
direct allocation
page read and write
401E000
stack
page read and write
398F000
stack
page read and write
C31000
unkown
page execute and write copy
4EA0000
direct allocation
page execute and read and write
39AE000
stack
page read and write
45F1000
heap
page read and write
D5E000
heap
page read and write
3D6F000
stack
page read and write
E27000
heap
page read and write
2A67000
heap
page read and write
48B1000
heap
page read and write
48B1000
heap
page read and write
33EF000
stack
page read and write
B84000
heap
page read and write
1025000
unkown
page execute and read and write
B84000
heap
page read and write
479E000
stack
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
4851000
heap
page read and write
AA4000
heap
page read and write
B84000
heap
page read and write
4851000
heap
page read and write
3D9E000
stack
page read and write
3A8F000
stack
page read and write
44DF000
stack
page read and write
237C0000
trusted library allocation
page read and write
1D3A1000
heap
page read and write
382F000
stack
page read and write
40CF000
stack
page read and write
B84000
heap
page read and write
4851000
heap
page read and write
F09000
unkown
page execute and read and write
B84000
heap
page read and write
1CC9F000
stack
page read and write
D40000
direct allocation
page execute and read and write
A90000
direct allocation
page read and write
3C2F000
stack
page read and write
AA4000
heap
page read and write
4E80000
direct allocation
page execute and read and write
D9F000
unkown
page execute and read and write
438F000
stack
page read and write
462F000
stack
page read and write
48B1000
heap
page read and write
1D397000
heap
page read and write
9D3000
unkown
page execute and read and write
4B2F000
stack
page read and write
4ED0000
direct allocation
page execute and read and write
B84000
heap
page read and write
48B1000
heap
page read and write
6CBEE000
unkown
page read and write
4851000
heap
page read and write
1F0000
unkown
page read and write
48B1000
heap
page read and write
566D000
stack
page read and write
414E000
stack
page read and write
40EF000
stack
page read and write
48B1000
heap
page read and write
C31000
unkown
page execute and write copy
1D07F000
stack
page read and write
DE1000
unkown
page execute and read and write
4851000
heap
page read and write
B8F000
stack
page read and write
3D4F000
stack
page read and write
B84000
heap
page read and write
AA4000
heap
page read and write
CAE000
stack
page read and write
392E000
stack
page read and write
2353E000
stack
page read and write
103D000
unkown
page execute and read and write
B50000
direct allocation
page read and write
12CE000
heap
page read and write
B84000
heap
page read and write
466E000
stack
page read and write
2A7F000
stack
page read and write
C10000
direct allocation
page read and write
35AF000
stack
page read and write
49E0000
direct allocation
page execute and read and write
2A4C0000
heap
page read and write
6F8000
stack
page read and write
4980000
direct allocation
page execute and read and write
2EEF000
stack
page read and write
E18000
heap
page read and write
349F000
stack
page read and write
45F1000
heap
page read and write
81DC000
stack
page read and write
4851000
heap
page read and write
1D3BC000
heap
page read and write
336E000
stack
page read and write
2A5E000
stack
page read and write
523F000
stack
page read and write
31EF000
stack
page read and write
3ACF000
stack
page read and write
48B1000
heap
page read and write
424E000
stack
page read and write
B84000
heap
page read and write
1D399000
heap
page read and write
CC0000
direct allocation
page read and write
101E000
stack
page read and write
4C40000
direct allocation
page execute and read and write
4851000
heap
page read and write
E05000
heap
page read and write
61ECC000
direct allocation
page read and write
48B5000
heap
page read and write
386E000
stack
page read and write
3ADF000
stack
page read and write
3F0000
direct allocation
page read and write
CC0000
direct allocation
page read and write
B3E000
stack
page read and write
321F000
stack
page read and write
2CAE000
stack
page read and write
B50000
direct allocation
page read and write
5E4000
heap
page read and write
61DF000
stack
page read and write
4851000
heap
page read and write
F4D000
unkown
page execute and read and write
2A97000
heap
page read and write
9D0000
heap
page read and write
68B5000
heap
page read and write
1D3A1000
heap
page read and write
2346E000
heap
page read and write
48B1000
heap
page read and write
DF2000
heap
page read and write
3BEF000
stack
page read and write
4A00000
direct allocation
page execute and read and write
43DE000
stack
page read and write
10F0000
unkown
page execute and read and write
B84000
heap
page read and write
B50000
direct allocation
page read and write
456F000
stack
page read and write
E11000
heap
page read and write
284E000
stack
page read and write
DF2000
heap
page read and write
4E70000
direct allocation
page execute and read and write
10F2000
unkown
page execute and write copy
C99000
unkown
page write copy
336F000
stack
page read and write
1080000
direct allocation
page read and write
48B1000
heap
page read and write
494F000
stack
page read and write
3E6F000
stack
page read and write
6FD6E000
unkown
page read and write
4B90000
direct allocation
page execute and read and write
8F0000
heap
page read and write
4C20000
direct allocation
page execute and read and write
4BF0000
direct allocation
page execute and read and write
54EF000
stack
page read and write
4ABE000
stack
page read and write
60DE000
stack
page read and write
BC0000
direct allocation
page read and write
2EAE000
stack
page read and write
1080000
direct allocation
page read and write
48B1000
heap
page read and write
1D399000
heap
page read and write
1D393000
heap
page read and write
4870000
heap
page read and write
B4C000
unkown
page execute and read and write
AA4000
heap
page read and write
A90000
direct allocation
page read and write
1D3A1000
heap
page read and write
A84000
heap
page read and write
3BCF000
stack
page read and write
E1E000
heap
page read and write
1D397000
heap
page read and write
48B1000
heap
page read and write
3F0000
direct allocation
page read and write
840000
heap
page read and write
2B6F000
stack
page read and write
338E000
stack
page read and write
6CBF5000
unkown
page readonly
B84000
heap
page read and write
4BA0000
direct allocation
page execute and read and write
FDE000
stack
page read and write
2A60000
heap
page read and write
50D000
unkown
page execute and write copy
C30000
unkown
page readonly
68B4000
heap
page read and write
C92000
unkown
page execute and read and write
1D387000
heap
page read and write
DE8000
unkown
page execute and read and write
1D3BC000
heap
page read and write
8FD000
stack
page read and write
3CEE000
stack
page read and write
AA4000
heap
page read and write
4851000
heap
page read and write
4B50000
direct allocation
page execute and read and write
1D387000
heap
page read and write
5E56000
heap
page read and write
3D6E000
stack
page read and write
6B2000
unkown
page execute and write copy
475F000
stack
page read and write
4851000
heap
page read and write
316F000
stack
page read and write
2CB0000
direct allocation
page execute and read and write
43AE000
stack
page read and write
4B50000
direct allocation
page execute and read and write
4851000
heap
page read and write
23466000
heap
page read and write
376E000
stack
page read and write
48B1000
heap
page read and write
B84000
heap
page read and write
AA4000
heap
page read and write
513E000
stack
page read and write
19D000
stack
page read and write
BDE000
heap
page read and write
31CF000
stack
page read and write
1D393000
heap
page read and write
B84000
heap
page read and write
3F0000
direct allocation
page read and write
35CE000
stack
page read and write
48B1000
heap
page read and write
4571000
heap
page read and write
48B1000
heap
page read and write
6390000
heap
page read and write
2385E000
heap
page read and write
48B1000
heap
page read and write
CE0000
heap
page read and write
49B0000
trusted library allocation
page read and write
A90000
direct allocation
page read and write
2A90000
heap
page read and write
416E000
stack
page read and write
2CC0000
heap
page read and write
B84000
heap
page read and write
234E6000
heap
page read and write
D2C000
stack
page read and write
4FB000
heap
page read and write
332F000
stack
page read and write
F4F000
stack
page read and write
B84000
heap
page read and write
9C000
stack
page read and write
2ECF000
stack
page read and write
B84000
heap
page read and write
89E000
heap
page read and write
4851000
heap
page read and write
38EF000
stack
page read and write
39CE000
stack
page read and write
1D387000
heap
page read and write
128E000
stack
page read and write
10E2000
heap
page read and write
B84000
heap
page read and write
CC0000
direct allocation
page read and write
2A310000
heap
page read and write
48B1000
heap
page read and write
74B000
stack
page read and write
AA0000
heap
page read and write
2DAF000
stack
page read and write
1D3BC000
heap
page read and write
D30000
direct allocation
page read and write
2C1E000
stack
page read and write
C31000
unkown
page execute and write copy
4851000
heap
page read and write
F98000
unkown
page execute and write copy
CE7000
heap
page read and write
352F000
stack
page read and write
4851000
heap
page read and write
127B000
heap
page read and write
A84000
heap
page read and write
5E4000
heap
page read and write
2FAE000
stack
page read and write
CC0000
direct allocation
page read and write
4851000
heap
page read and write
348E000
stack
page read and write
442F000
stack
page read and write
B84000
heap
page read and write
34AE000
stack
page read and write
E06000
heap
page read and write
410E000
stack
page read and write
366F000
stack
page read and write
1D37E000
heap
page read and write
429E000
stack
page read and write
48B1000
heap
page read and write
23440000
heap
page read and write
31AE000
stack
page read and write
64E000
stack
page read and write
BBE000
stack
page read and write
4851000
heap
page read and write
E11000
heap
page read and write
1D3BC000
heap
page read and write
B84000
heap
page read and write
32AF000
stack
page read and write
484F000
stack
page read and write
B84000
heap
page read and write
4C00000
direct allocation
page execute and read and write
AA4000
heap
page read and write
23461000
heap
page read and write
2FEE000
stack
page read and write
1D1CD000
stack
page read and write
44CE000
stack
page read and write
C92000
unkown
page execute and read and write
412E000
stack
page read and write
2F8F000
stack
page read and write
B84000
heap
page read and write
1D395000
heap
page read and write
1D38B000
heap
page read and write
537F000
stack
page read and write
E26000
unkown
page execute and read and write
B84000
heap
page read and write
53EE000
stack
page read and write
4970000
direct allocation
page execute and read and write
B50000
direct allocation
page read and write
66FC000
stack
page read and write
3EDE000
stack
page read and write
1D490000
trusted library allocation
page read and write
638E000
heap
page read and write
F4D000
unkown
page execute and write copy
AA4000
heap
page read and write
2CB0000
direct allocation
page execute and read and write
B84000
heap
page read and write
5E4000
heap
page read and write
A90000
direct allocation
page read and write
5CC000
stack
page read and write
48B1000
heap
page read and write
B84000
heap
page read and write
BCE000
stack
page read and write
DF7000
unkown
page execute and read and write
B84000
heap
page read and write
310E000
stack
page read and write
48AF000
stack
page read and write
80FE000
stack
page read and write
B84000
heap
page read and write
452E000
stack
page read and write
B84000
heap
page read and write
298E000
stack
page read and write
326E000
stack
page read and write
48B1000
heap
page read and write
B84000
heap
page read and write
30CF000
stack
page read and write
49D0000
direct allocation
page execute and read and write
B70000
heap
page read and write
61EB7000
direct allocation
page readonly
B84000
heap
page read and write
D5A000
heap
page read and write
1CCDE000
stack
page read and write
F4E000
unkown
page execute and write copy
4851000
heap
page read and write
F09000
unkown
page execute and read and write
4DB4000
heap
page read and write
4E0F000
stack
page read and write
44EE000
stack
page read and write
E32000
heap
page read and write
48B1000
heap
page read and write
B85000
heap
page read and write
43AF000
stack
page read and write
8D0000
heap
page read and write
BD0000
heap
page read and write
4C9000
unkown
page execute and read and write
45F1000
heap
page read and write
AA4000
heap
page read and write
23850000
heap
page read and write
4C00000
direct allocation
page execute and read and write
2DEE000
stack
page read and write
6FD5D000
unkown
page readonly
3C4E000
stack
page read and write
B84000
heap
page read and write
4F7000
unkown
page execute and read and write
A90000
direct allocation
page read and write
4CA0000
direct allocation
page execute and read and write
61ED3000
direct allocation
page read and write
B84000
heap
page read and write
AA4000
heap
page read and write
BC0000
direct allocation
page read and write
45EF000
stack
page read and write
E06000
heap
page read and write
AA4000
heap
page read and write
1090000
heap
page read and write
48B1000
heap
page read and write
E05000
heap
page read and write
4851000
heap
page read and write
BC0000
direct allocation
page read and write
937000
unkown
page execute and read and write
B84000
heap
page read and write
6CA10000
unkown
page readonly
5F9E000
stack
page read and write
234C3000
heap
page read and write
2C6F000
stack
page read and write
1D3A1000
heap
page read and write
362E000
stack
page read and write
AA4000
heap
page read and write
4851000
heap
page read and write
3AEF000
stack
page read and write
AA4000
heap
page read and write
48B1000
heap
page read and write
AA4000
heap
page read and write
1D393000
heap
page read and write
DB6000
unkown
page execute and read and write
12B8000
heap
page read and write
4851000
heap
page read and write
4851000
heap
page read and write
4391000
heap
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
1D397000
heap
page read and write
11FE000
stack
page read and write
48B1000
heap
page read and write
B84000
heap
page read and write
6480000
heap
page read and write
4B50000
direct allocation
page execute and read and write
D80000
heap
page read and write
2B6E000
stack
page read and write
4913000
heap
page read and write
1D0CD000
stack
page read and write
5E4000
heap
page read and write
48B1000
heap
page read and write
1D3A0000
heap
page read and write
374E000
stack
page read and write
B84000
heap
page read and write
39EE000
stack
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
AA4000
heap
page read and write
BDA000
heap
page read and write
3D8E000
stack
page read and write
5E55000
heap
page read and write
4851000
heap
page read and write
48B1000
heap
page read and write
306E000
stack
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
E18000
heap
page read and write
3F8F000
stack
page read and write
4960000
direct allocation
page execute and read and write
AA4000
heap
page read and write
402E000
stack
page read and write
3C5E000
stack
page read and write
252000
unkown
page execute and read and write
49C0000
direct allocation
page execute and read and write
465E000
stack
page read and write
2B2F000
stack
page read and write
CC0000
direct allocation
page read and write
B85000
heap
page read and write
50FF000
stack
page read and write
280F000
stack
page read and write
1D394000
heap
page read and write
B84000
heap
page read and write
1F1000
unkown
page execute and write copy
B50000
direct allocation
page read and write
47AE000
stack
page read and write
299F000
stack
page read and write
116E000
heap
page read and write
AA4000
heap
page read and write
2FCE000
stack
page read and write
1D3B7000
heap
page read and write
6380000
heap
page read and write
35EE000
stack
page read and write
609F000
stack
page read and write
29DE000
stack
page read and write
1D397000
heap
page read and write
4B80000
direct allocation
page execute and read and write
30EE000
stack
page read and write
B50000
direct allocation
page read and write
48B1000
heap
page read and write
B8E000
stack
page read and write
311E000
stack
page read and write
1158000
heap
page read and write
1021000
unkown
page execute and read and write
4851000
heap
page read and write
89A000
heap
page read and write
322E000
stack
page read and write
A90000
direct allocation
page read and write
5E4000
heap
page read and write
552D000
stack
page read and write
A2E000
stack
page read and write
43EE000
stack
page read and write
30C000
stack
page read and write
4871000
direct allocation
page read and write
B84000
heap
page read and write
3B0E000
stack
page read and write
6FD000
stack
page read and write
23469000
heap
page read and write
44AF000
stack
page read and write
AA4000
heap
page read and write
B85000
heap
page read and write
1D39D000
heap
page read and write
B50000
direct allocation
page read and write
446E000
stack
page read and write
2C0E000
stack
page read and write
294F000
stack
page read and write
4851000
heap
page read and write
2DCF000
stack
page read and write
4970000
direct allocation
page execute and read and write
4E60000
direct allocation
page execute and read and write
4EF0000
direct allocation
page execute and read and write
6B0000
unkown
page execute and read and write
35EF000
stack
page read and write
2C8E000
stack
page read and write
6CBEF000
unkown
page write copy
320F000
stack
page read and write
4990000
direct allocation
page execute and read and write
E26000
unkown
page execute and read and write
984000
unkown
page execute and read and write
B84000
heap
page read and write
B84000
heap
page read and write
370E000
stack
page read and write
B84000
heap
page read and write
370F000
stack
page read and write
1D39C000
heap
page read and write
375E000
stack
page read and write
61E01000
direct allocation
page execute read
48B1000
heap
page read and write
2A4C1000
heap
page read and write
40AE000
stack
page read and write
E05000
heap
page read and write
B84000
heap
page read and write
484E000
stack
page read and write
2A8F000
stack
page read and write
1D38B000
heap
page read and write
1CDDE000
stack
page read and write
1CF7E000
stack
page read and write
B3E000
stack
page read and write
48B1000
heap
page read and write
1D398000
heap
page read and write
B84000
heap
page read and write
1CF1F000
stack
page read and write
B84000
heap
page read and write
3DAE000
stack
page read and write
45CF000
stack
page read and write
4851000
heap
page read and write
4EA0000
direct allocation
page execute and read and write
2D6E000
stack
page read and write
B84000
heap
page read and write
3AAF000
stack
page read and write
B50000
direct allocation
page read and write
4851000
heap
page read and write
1D3A1000
heap
page read and write
2C90000
direct allocation
page execute and read and write
C9B000
unkown
page execute and read and write
380000
heap
page read and write
2ADE000
stack
page read and write
2C0F000
stack
page read and write
1260000
direct allocation
page execute and read and write
48B1000
heap
page read and write
48B1000
heap
page read and write
2CB0000
direct allocation
page execute and read and write
2C90000
heap
page read and write
432E000
stack
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
36AE000
stack
page read and write
1D393000
heap
page read and write
1D3B7000
heap
page read and write
B84000
heap
page read and write
23640000
trusted library allocation
page read and write
260F000
stack
page read and write
B84000
heap
page read and write
1D3BC000
heap
page read and write
4A80000
direct allocation
page read and write
4851000
heap
page read and write
E04000
heap
page read and write
4EB000
heap
page read and write
10F0000
unkown
page execute and read and write
3CAF000
stack
page read and write
E18000
heap
page read and write
74F000
stack
page read and write
356E000
stack
page read and write
4851000
heap
page read and write
48B1000
heap
page read and write
4851000
heap
page read and write
6FD72000
unkown
page readonly
B84000
heap
page read and write
1080000
direct allocation
page read and write
1167000
heap
page read and write
1080000
direct allocation
page read and write
1D396000
heap
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
4851000
heap
page read and write
372E000
stack
page read and write
1270000
heap
page read and write
B84000
heap
page read and write
1D395000
heap
page read and write
2CC7000
heap
page read and write
5E4000
heap
page read and write
1D30C000
stack
page read and write
1080000
direct allocation
page read and write
C0E000
stack
page read and write
B84000
heap
page read and write
901000
unkown
page execute and write copy
1D370000
heap
page read and write
A84000
heap
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
BC0000
direct allocation
page read and write
B84000
heap
page read and write
236BE000
stack
page read and write
4851000
heap
page read and write
B4A000
unkown
page write copy
B84000
heap
page read and write
DAE000
heap
page read and write
F4D000
unkown
page execute and write copy
48B1000
heap
page read and write
BEC000
stack
page read and write
3FC000
stack
page read and write
B84000
heap
page read and write
5FE000
stack
page read and write
AA4000
heap
page read and write
1112000
heap
page read and write
1D391000
heap
page read and write
4851000
heap
page read and write
E26000
unkown
page execute and read and write
1D399000
heap
page read and write
49A0000
trusted library allocation
page read and write
C99000
unkown
page write copy
1D3BC000
heap
page read and write
48B1000
heap
page read and write
4D8B000
stack
page read and write
3FEF000
stack
page read and write
335F000
stack
page read and write
2347B000
heap
page read and write
A90000
direct allocation
page read and write
2363E000
stack
page read and write
476F000
stack
page read and write
48B1000
heap
page read and write
1250000
direct allocation
page read and write
AA4000
heap
page read and write
5E50000
heap
page read and write
4D31000
direct allocation
page read and write
AA4000
heap
page read and write
394F000
stack
page read and write
B84000
heap
page read and write
B77000
heap
page read and write
D9C000
unkown
page write copy
386F000
stack
page read and write
CB0000
heap
page read and write
B84000
heap
page read and write
4851000
heap
page read and write
1D3A1000
heap
page read and write
A7E000
stack
page read and write
5D4C000
stack
page read and write
CC0000
direct allocation
page read and write
B84000
heap
page read and write
3E6000
unkown
page execute and read and write
E0E000
heap
page read and write
C10000
heap
page read and write
3FCF000
stack
page read and write
BC0000
direct allocation
page read and write
CC0000
direct allocation
page read and write
2CB0000
direct allocation
page execute and read and write
2D5E000
stack
page read and write
4CF0000
trusted library allocation
page read and write
1D39C000
heap
page read and write
C30000
unkown
page read and write
AA4000
heap
page read and write
B84000
heap
page read and write
115C000
heap
page read and write
B84000
heap
page read and write
4D40000
direct allocation
page read and write
4D40000
direct allocation
page read and write
890000
heap
page read and write
4851000
heap
page read and write
4851000
heap
page read and write
270F000
stack
page read and write
4851000
heap
page read and write
6F3000
stack
page read and write
42EF000
stack
page read and write
B84000
heap
page read and write
2E4F000
stack
page read and write
4572000
heap
page read and write
460E000
stack
page read and write
A90000
direct allocation
page read and write
3E8F000
stack
page read and write
900000
unkown
page readonly
2FDE000
stack
page read and write
1D20D000
stack
page read and write
48B1000
heap
page read and write
2E6F000
stack
page read and write
34EE000
stack
page read and write
4B60000
direct allocation
page execute and read and write
10F2000
unkown
page execute and write copy
8DB000
heap
page read and write
29EF000
stack
page read and write
360E000
stack
page read and write
B84000
heap
page read and write
399F000
stack
page read and write
6CBF0000
unkown
page read and write
4CCC000
stack
page read and write
2E9E000
stack
page read and write
48B1000
heap
page read and write
4D86000
direct allocation
page read and write
B50000
direct allocation
page read and write
2A1E000
stack
page read and write
45F1000
heap
page read and write
C92000
unkown
page execute and read and write
DAA000
heap
page read and write
4851000
heap
page read and write
DD5000
heap
page read and write
BC0000
direct allocation
page read and write
330F000
stack
page read and write
2CB0000
direct allocation
page execute and read and write
461F000
stack
page read and write
B84000
heap
page read and write
4BB0000
direct allocation
page execute and read and write
34CE000
stack
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
428E000
stack
page read and write
C30000
unkown
page read and write
AA4000
heap
page read and write
412F000
stack
page read and write
25B000
unkown
page execute and read and write
8AE000
stack
page read and write
4FAB000
stack
page read and write
415E000
stack
page read and write
4D3B000
stack
page read and write
4851000
heap
page read and write
3EAE000
stack
page read and write
4C90000
direct allocation
page execute and read and write
CC0000
direct allocation
page read and write
AA4000
heap
page read and write
2FCF000
stack
page read and write
DC2000
heap
page read and write
AA4000
heap
page read and write
4C00000
direct allocation
page execute and read and write
4570000
heap
page read and write
1D38B000
heap
page read and write
1D3A1000
heap
page read and write
C9B000
unkown
page execute and read and write
45F1000
heap
page read and write
AA4000
heap
page read and write
68A1000
heap
page read and write
AFA000
stack
page read and write
BC0000
direct allocation
page read and write
D21000
unkown
page execute and write copy
4BBF000
stack
page read and write
C30000
unkown
page readonly
36EF000
stack
page read and write
A90000
direct allocation
page read and write
48B1000
heap
page read and write
48B1000
heap
page read and write
B7E000
stack
page read and write
B84000
heap
page read and write
3D4E000
stack
page read and write
8DE000
heap
page read and write
E47000
heap
page read and write
23480000
heap
page read and write
B50000
direct allocation
page read and write
B84000
heap
page read and write
1D3AD000
heap
page read and write
1080000
direct allocation
page read and write
3BAE000
stack
page read and write
B84000
heap
page read and write
2F2E000
stack
page read and write
23400000
heap
page read and write
48B1000
heap
page read and write
AA4000
heap
page read and write
1D3A1000
heap
page read and write
48B1000
heap
page read and write
673E000
stack
page read and write
4851000
heap
page read and write
4571000
heap
page read and write
312E000
stack
page read and write
A90000
direct allocation
page read and write
420F000
stack
page read and write
400E000
stack
page read and write
3DEF000
stack
page read and write
48B1000
heap
page read and write
4C60000
direct allocation
page execute and read and write
B84000
heap
page read and write
1D387000
heap
page read and write
4851000
heap
page read and write
348F000
stack
page read and write
4C90000
trusted library allocation
page read and write
B84000
heap
page read and write
F25000
unkown
page execute and read and write
2C4E000
stack
page read and write
B4A000
unkown
page read and write
2E5F000
stack
page read and write
F4E000
unkown
page execute and write copy
B84000
heap
page read and write
B84000
heap
page read and write
388E000
stack
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
1D3A1000
heap
page read and write
D0E000
stack
page read and write
48B1000
heap
page read and write
4390000
heap
page read and write
4851000
heap
page read and write
5E4000
heap
page read and write
52C000
stack
page read and write
33AE000
stack
page read and write
527E000
stack
page read and write
3F0000
direct allocation
page read and write
4DB0000
heap
page read and write
A84000
heap
page read and write
4970000
direct allocation
page execute and read and write
AA4000
heap
page read and write
48B1000
heap
page read and write
48B1000
heap
page read and write
4851000
heap
page read and write
426F000
stack
page read and write
4851000
heap
page read and write
4970000
direct allocation
page execute and read and write
4851000
heap
page read and write
1D3A0000
heap
page read and write
1D3A1000
heap
page read and write
1D372000
heap
page read and write
B50000
direct allocation
page read and write
1D3AC000
heap
page read and write
3FEE000
stack
page read and write
D94000
heap
page read and write
425F000
stack
page read and write
3F0000
direct allocation
page read and write
4D40000
direct allocation
page read and write
C9B000
unkown
page execute and read and write
D50000
heap
page read and write
3E4F000
stack
page read and write
410F000
stack
page read and write
30DF000
stack
page read and write
BC0000
direct allocation
page read and write
F3F000
unkown
page execute and read and write
B84000
heap
page read and write
2D0F000
stack
page read and write
CDB000
unkown
page execute and read and write
AA4000
heap
page read and write
2BDF000
stack
page read and write
4E20000
direct allocation
page execute and read and write
AA4000
heap
page read and write
1D3A1000
heap
page read and write
4E30000
direct allocation
page execute and read and write
3E9F000
stack
page read and write
1080000
direct allocation
page read and write
6381000
heap
page read and write
325E000
stack
page read and write
4970000
direct allocation
page execute and read and write
2F9F000
stack
page read and write
23477000
heap
page read and write
2A4BC000
stack
page read and write
B84000
heap
page read and write
B84000
heap
page read and write
930000
heap
page read and write
3FAF000
stack
page read and write
1173000
heap
page read and write
B85000
heap
page read and write
E18000
heap
page read and write
B84000
heap
page read and write
48B1000
heap
page read and write
E0B000
heap
page read and write
422F000
stack
page read and write
3C0000
heap
page read and write
23864000
heap
page read and write
621E000
stack
page read and write
4AE1000
direct allocation
page read and write
68A0000
heap
page read and write
3E0000
heap
page read and write
3C0F000
stack
page read and write
4851000
heap
page read and write
B84000
heap
page read and write
8C0000
heap
page read and write
105B000
stack
page read and write
4851000
heap
page read and write
3F0000
direct allocation
page read and write
5E4000
heap
page read and write
1D38A000
heap
page read and write
DCE000
heap
page read and write
48B1000
heap
page read and write
48B1000
heap
page read and write
2D2F000
stack
page read and write
1080000
direct allocation
page read and write
4851000
heap
page read and write
4851000
heap
page read and write
6CA11000
unkown
page execute read
1D3A1000
heap
page read and write
B84000
heap
page read and write
30CF000
stack
page read and write
B50000
direct allocation
page read and write
3FDF000
stack
page read and write
B84000
heap
page read and write
4B50000
direct allocation
page execute and read and write
237BE000
stack
page read and write
B60000
heap
page read and write
103E000
unkown
page execute and write copy
3F2F000
stack
page read and write
47D0000
trusted library allocation
page read and write
C30000
unkown
page read and write
23400000
trusted library allocation
page read and write
259000
unkown
page write copy
DA0000
heap
page read and write
406F000
stack
page read and write
4E0000
heap
page read and write
5E4000
heap
page read and write
B84000
heap
page read and write
A7E000
stack
page read and write
1D391000
heap
page read and write
4EE0000
direct allocation
page execute and read and write
1D3B7000
heap
page read and write
118A000
heap
page read and write
334E000
stack
page read and write
48B1000
heap
page read and write
D20000
unkown
page readonly
6FE000
stack
page read and write
A67000
unkown
page execute and read and write
2D6F000
stack
page read and write
39DE000
stack
page read and write
1D41D000
heap
page read and write
3F0000
direct allocation
page read and write
3ECE000
stack
page read and write
B84000
heap
page read and write
48B1000
heap
page read and write
448F000
stack
page read and write
30AF000
stack
page read and write
2CB0000
direct allocation
page execute and read and write
4BD0000
direct allocation
page execute and read and write
4851000
heap
page read and write
3F0000
direct allocation
page read and write
1D3A1000
heap
page read and write
61ED4000
direct allocation
page readonly
48B1000
heap
page read and write
42AE000
stack
page read and write
436F000
stack
page read and write
3D0F000
stack
page read and write
B84000
heap
page read and write
CC0000
direct allocation
page read and write
103D000
unkown
page execute and write copy
3C1F000
stack
page read and write
324E000
stack
page read and write
CC0000
direct allocation
page read and write
AA4000
heap
page read and write
3F0000
direct allocation
page read and write
BC0000
direct allocation
page read and write
1CE1E000
stack
page read and write
320E000
stack
page read and write
384E000
stack
page read and write
50D000
unkown
page execute and read and write
3B1E000
stack
page read and write
2BCF000
stack
page read and write
B84000
heap
page read and write
4851000
heap
page read and write
5E0000
heap
page read and write
4BD0000
direct allocation
page execute and read and write
2F6F000
stack
page read and write
35CF000
stack
page read and write
138E000
stack
page read and write
2D1F000
stack
page read and write
B84000
heap
page read and write
4851000
heap
page read and write
361E000
stack
page read and write
4851000
heap
page read and write
4851000
heap
page read and write
D9C000
unkown
page write copy
45F0000
heap
page read and write
48B1000
heap
page read and write
BAE000
stack
page read and write
1D39D000
heap
page read and write
BC0000
direct allocation
page read and write
48B1000
heap
page read and write
D20000
unkown
page readonly
There are 1349 hidden memdumps, click here to show them.