IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1008938001\9f1158ad0a.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsIDHJEBGIEB.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AAAAKJKJEBGHJKFHIDGC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\DBKKFCBAKKFBGCBFHJDG
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\DHIDHIEGIIIECAKEBFBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\GDHIIIIE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\HDBGHDHCGHCAAKEBKECBKFIIDA
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\IJECBGIJDGCAEBFIIECAKFHIJE
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KEHCAFHI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3657ef61-23a0-4a27-a870-cd6ae2935267.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4561dd33-14f7-4a0a-aea0-8c90dd31eb1b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7da3f507-ac52-4f74-a72d-339c2076a82f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\b92762a4-5a83-46bc-9019-0ca2cb1f4758.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6744012C-1E8C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\025c97bd-d7c3-476b-965b-5ebe28746227.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1d59b81e-39ac-4b28-83b5-d7012790ffed.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\382b7f89-9a56-4827-b30a-ab94cac2929d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\567d7f09-eba0-4c58-8210-fa9aab88a449.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\61c7a361-28a8-4b2b-a388-9a286bff681c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6af1e54f-c074-402b-8282-0aa22b149f7f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\84c46078-5877-46ff-8acd-d19217cc270f.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\278a6f0b-323e-400e-91f4-f01d25656987.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3dbe5cc1-fdfb-408a-b061-a3d19c29e3fd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\741e7551-bb67-4154-accf-3150541b5da4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\82e8a746-4089-4a5d-af46-ae5fce5fe77d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4cbd8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3b68f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ce9c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a7bb76e0-22c6-474e-847d-2f1e807bf773.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c648f0b4-f22b-4423-8188-85e3d68b5e8b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4080b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44591.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4bb6d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4080b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF43b11.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF440be.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376983598759831
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8f6048df-e7e6-48f0-98bf-1a8949683e72.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\959190c1-3229-4ea0-8730-eec7a20114b2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9e77beb3-6118-4cf8-9bd1-0cd8a1060643.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3ce9c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ae8cef0f-695b-4914-b48f-928a1bcb9b41.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ad8f7b9b-b222-44c3-884c-c57225b206f4.tmp
Unicode text, UTF-8 text, with very long lines (16790), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bdb3e836-9651-423d-bc61-10111741396b.tmp
Unicode text, UTF-8 text, with very long lines (17547), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e1341f50-885a-41cc-bdd9-f3f8d9119d46.tmp
Unicode text, UTF-8 text, with very long lines (17547), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a8c4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a8d4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3aa7a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3d17a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41c1f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4bb4d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF51c3a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a043e54e-d903-45bf-a888-4cfb1b7d7fe0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a7912b61-1160-4c89-a14e-0f11f830433a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b2e2060a-82bd-4af7-99e9-14c7d35ce0fe.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d6e709f8-3566-4d81-aac7-d440e876c056.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e5685fbc-0949-4621-a32b-2696832fc613.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\05b8e4f3-c5ff-4864-b27d-ade409b7882d.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\25977636-62be-46c7-948c-2dab25d6131f.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\3224bb7f-546b-4fea-b851-a018f00eee3f.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\5fec5ebe-8d1d-43cc-ad18-0986d214c664.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\6ea345fd-ceed-442f-9eec-eb8451912eec.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\9a74795c-fffb-4019-910d-fa6abf6ffe37.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\f299f61c-c6e9-487c-afb2-1bee3a7187fa.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\05b8e4f3-c5ff-4864-b27d-ade409b7882d.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_1689824082\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_604110570\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_604110570\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_604110570\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_604110570\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7820_604110570\f299f61c-c6e9-487c-afb2-1bee3a7187fa.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 537
ASCII text, with very long lines (822)
downloaded
Chrome Cache Entry: 538
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 539
ASCII text
downloaded
Chrome Cache Entry: 540
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 541
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 542
SVG Scalable Vector Graphics image
downloaded
There are 281 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2172,i,7858906980099681468,10361499139629388727,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2340,i,18394194686308781120,9106912296226367801,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2744 --field-trial-handle=2032,i,9866007363658274551,316886010182620687,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6452 --field-trial-handle=2032,i,9866007363658274551,316886010182620687,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6700 --field-trial-handle=2032,i,9866007363658274551,316886010182620687,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7096 --field-trial-handle=2032,i,9866007363658274551,316886010182620687,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7096 --field-trial-handle=2032,i,9866007363658274551,316886010182620687,262144 /prefetch:8
malicious
C:\Users\user\DocumentsIDHJEBGIEB.exe
"C:\Users\user\DocumentsIDHJEBGIEB.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6744 --field-trial-handle=2032,i,9866007363658274551,316886010182620687,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1008938001\9f1158ad0a.exe
"C:\Users\user\AppData\Local\Temp\1008938001\9f1158ad0a.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsIDHJEBGIEB.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://msn.comXIDv10X
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://sb.scorecardresearch.com/b?rn=1732510010756&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3C5B860E698662B2092E934C680C6309&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.164.116.39
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402415262_1QYE6F4QD8CN041QB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
http://185.215.113.206/c4becf79229cb002.phpURE=x86PROCESSOR_
unknown
https://sb.scorecardresearch.com/
unknown
https://deff.nelreports.net/api/report
unknown
https://www.youtube.com
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402414228_1EUMX2S6TUEXTBXLL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.68
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732510017705&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.13
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402415261_1RYOARG5S55IRLQU7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
http://185.215.113.206/c4becf79229cb002.phpGdO
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402456886_16PSERWAUMTCB5AWR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://www.ecosia.org/newtab/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllw
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206ngineer
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239399109665_1344PV668L57B53FJ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://bzib.nelreports.net/api/report?cat=bingbusiness
23.200.0.9
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
34.116.198.130
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
https://browser.events.data.msn.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402414375_1AVQBVS8V3X3ACPMA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732510010753&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.13
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
http://185.215.113.206/c4becf79229cb002.phpzB
unknown
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tse1.mm.bing.net/th?id=OADD2.10239402414229_1P4RDVHBQE93FAZFW&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
http://31.41.244.11/files/random.exe50623847d
unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
https://tidal.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://ntp.msn.com
unknown
https://browser.events.data.msn.cn/
unknown
http://185.215.113.206/c4becf79229cb002.phpy
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402415510_1LQQ8WSBAXW97X0WT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://gaana.com/
unknown
https://outlook.live.com/mail/compose?isExtension=true
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
fg.microsoft.map.fastly.net
199.232.214.172
chrome.cloudflare-dns.com
172.64.41.3
bg.microsoft.map.fastly.net
199.232.214.172
home.fvtekk5pn.top
34.116.198.130
plus.l.google.com
172.217.17.78
play.google.com
172.217.19.238
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.57
www.google.com
142.250.181.68
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
172.217.19.225
ax-0001.ax-msedge.net
150.171.27.10
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 9 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.40
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
18.164.116.39
unknown
United States
2.16.158.96
unknown
European Union
23.200.0.9
unknown
United States
23.209.72.33
unknown
United States
20.110.205.119
unknown
United States
23.44.201.21
unknown
United States
172.217.17.78
plus.l.google.com
United States
23.44.133.31
unknown
United States
18.165.220.57
sb.scorecardresearch.com
United States
185.215.113.16
unknown
Portugal
239.255.255.250
unknown
Reserved
104.117.182.56
unknown
United States
127.0.0.1
unknown
unknown
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
192.168.2.16
unknown
unknown
20.189.173.13
unknown
United States
142.250.181.68
www.google.com
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
23.44.201.43
unknown
United States
31.41.244.11
unknown
Russian Federation
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
2.16.158.184
unknown
European Union
23.44.201.12
unknown
United States
23.101.168.44
unknown
United States
There are 20 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\984138
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\984138
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\984138
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\984138
WindowTabManagerFileMappingId
There are 145 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4E50000
direct allocation
page read and write
 malicious
31000
unkown
page execute and read and write
 malicious
4B10000
direct allocation
page read and write
 malicious
4820000
direct allocation
page read and write
 malicious
D71000
unkown
page execute and read and write
 malicious
31000
unkown
page execute and read and write
 malicious
31000
unkown
page execute and read and write
 malicious
A01000
unkown
page execute and read and write
 malicious
64E000
heap
page read and write
 malicious
4820000
direct allocation
page read and write
 malicious
4820000
direct allocation
page read and write
 malicious
49D1000
heap
page read and write
386E000
stack
page read and write
343000
unkown
page execute and write copy
231F0000
heap
page read and write
4691000
heap
page read and write
42CF000
stack
page read and write
1D171000
heap
page read and write
485B000
stack
page read and write
49D9000
heap
page read and write
1D17E000
heap
page read and write
6A7000
heap
page read and write
AD0000
direct allocation
page read and write
4381000
heap
page read and write
B74000
heap
page read and write
C7E000
stack
page read and write
4391000
heap
page read and write
4391000
heap
page read and write
485E000
stack
page read and write
B74000
heap
page read and write
604000
heap
page read and write
6CA01000
unkown
page execute read
71B000
heap
page read and write
49B0000
direct allocation
page execute and read and write
B74000
heap
page read and write
5F0000
heap
page read and write
2D87000
heap
page read and write
2E6E000
stack
page read and write
1D198000
heap
page read and write
2BAF000
stack
page read and write
1D198000
heap
page read and write
6A29000
heap
page read and write
2A17C000
stack
page read and write
4F8000
stack
page read and write
4391000
heap
page read and write
31EF000
stack
page read and write
49D9000
heap
page read and write
4A20000
direct allocation
page execute and read and write
604000
heap
page read and write
49A0000
direct allocation
page execute and read and write
49C0000
direct allocation
page execute and read and write
32C0000
heap
page read and write
B74000
heap
page read and write
2A7F000
stack
page read and write
604000
heap
page read and write
77C0000
heap
page read and write
49A0000
direct allocation
page execute and read and write
2D2E000
stack
page read and write
AE0000
heap
page read and write
B74000
heap
page read and write
4691000
heap
page read and write
B75000
heap
page read and write
6D9E000
stack
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
2343E000
stack
page read and write
4970000
direct allocation
page execute and read and write
4691000
heap
page read and write
232AC000
heap
page read and write
B74000
heap
page read and write
DD9000
unkown
page write copy
49D9000
heap
page read and write
3AAF000
stack
page read and write
1D183000
heap
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
1D18C000
heap
page read and write
B74000
heap
page read and write
61ED3000
direct allocation
page read and write
1D171000
heap
page read and write
B74000
heap
page read and write
231D0000
heap
page read and write
AD3000
unkown
page execute and read and write
49B0000
direct allocation
page execute and read and write
8FD000
stack
page read and write
5F0000
heap
page read and write
660F000
stack
page read and write
49D0000
direct allocation
page execute and read and write
4691000
heap
page read and write
63CE000
stack
page read and write
2DCE000
stack
page read and write
25C0000
heap
page read and write
2CEF000
stack
page read and write
4FC0000
direct allocation
page execute and read and write
25E0000
direct allocation
page read and write
5060000
direct allocation
page execute and read and write
604000
heap
page read and write
2BEE000
stack
page read and write
27EF000
stack
page read and write
232D0000
trusted library allocation
page read and write
2FC000
unkown
page execute and read and write
B74000
heap
page read and write
49D1000
heap
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
4820000
direct allocation
page read and write
CA5000
heap
page read and write
B74000
heap
page read and write
50AD000
stack
page read and write
4FE000
stack
page read and write
4691000
heap
page read and write
49D9000
heap
page read and write
B31000
unkown
page execute and write copy
6285000
heap
page read and write
4980000
direct allocation
page execute and read and write
B74000
heap
page read and write
3C0F000
stack
page read and write
B74000
heap
page read and write
4691000
heap
page read and write
4691000
heap
page read and write
25D0000
direct allocation
page read and write
BD0000
heap
page read and write
4691000
heap
page read and write
4691000
heap
page read and write
4480000
heap
page read and write
4DE000
unkown
page execute and write copy
4391000
heap
page read and write
1D265000
heap
page read and write
4391000
heap
page read and write
4AD0000
trusted library allocation
page read and write
23210000
heap
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
3D6E000
stack
page read and write
2F6F000
stack
page read and write
4381000
heap
page read and write
386E000
stack
page read and write
99000
unkown
page write copy
43A0000
heap
page read and write
49D9000
heap
page read and write
4391000
heap
page read and write
49A0000
direct allocation
page execute and read and write
49D9000
heap
page read and write
A00000
unkown
page readonly
8DCE000
stack
page read and write
B74000
heap
page read and write
64A000
heap
page read and write
4391000
heap
page read and write
4391000
heap
page read and write
C38000
unkown
page execute and read and write
6CA00000
unkown
page readonly
1D171000
heap
page read and write
382F000
stack
page read and write
B74000
heap
page read and write
5020000
direct allocation
page execute and read and write
6C9E000
stack
page read and write
346F000
stack
page read and write
C2D000
heap
page read and write
4790000
trusted library allocation
page read and write
1D195000
heap
page read and write
1D0DD000
stack
page read and write
8B8B000
stack
page read and write
39AE000
stack
page read and write
34CE000
stack
page read and write
49E9000
heap
page read and write
61ECC000
direct allocation
page read and write
49C0000
direct allocation
page execute and read and write
2FAE000
stack
page read and write
1D171000
heap
page read and write
1D171000
heap
page read and write
6CBDE000
unkown
page read and write
2E8F000
stack
page read and write
51CC000
stack
page read and write
4F3000
stack
page read and write
B74000
heap
page read and write
604000
heap
page read and write
225000
unkown
page execute and read and write
4391000
heap
page read and write
9B0000
heap
page read and write
30CF000
stack
page read and write
4391000
heap
page read and write
604000
heap
page read and write
31000
unkown
page execute and write copy
1D14E000
heap
page read and write
CBC000
heap
page read and write
B74000
heap
page read and write
4DC000
unkown
page execute and read and write
347F000
stack
page read and write
36FF000
stack
page read and write
3BFF000
stack
page read and write
CAA000
heap
page read and write
383F000
stack
page read and write
4381000
heap
page read and write
414E000
stack
page read and write
604000
heap
page read and write
1D17B000
heap
page read and write
B74000
heap
page read and write
249E000
stack
page read and write
4391000
heap
page read and write
4391000
heap
page read and write
630000
direct allocation
page read and write
B74000
heap
page read and write
2BFE000
stack
page read and write
B74000
heap
page read and write
4A30000
direct allocation
page execute and read and write
4F8F000
stack
page read and write
1CBCE000
stack
page read and write
D70000
unkown
page readonly
710000
heap
page read and write
460F000
stack
page read and write
1D163000
heap
page read and write
1D17E000
heap
page read and write
342000
unkown
page execute and write copy
C3F000
stack
page read and write
25C0000
heap
page read and write
AD0000
direct allocation
page read and write
30000
unkown
page read and write
2D8E000
heap
page read and write
4691000
heap
page read and write
B74000
heap
page read and write
32C000
unkown
page execute and read and write
408E000
stack
page read and write
1D171000
heap
page read and write
478E000
stack
page read and write
1D17B000
heap
page read and write
92000
unkown
page execute and read and write
630000
direct allocation
page read and write
4391000
heap
page read and write
1CC000
stack
page read and write
B74000
heap
page read and write
49D1000
heap
page read and write
B74000
heap
page read and write
604000
heap
page read and write
1D167000
heap
page read and write
4395000
heap
page read and write
4391000
heap
page read and write
C97000
heap
page read and write
A37000
unkown
page execute and read and write
14F3000
unkown
page execute and read and write
1D17B000
heap
page read and write
1D171000
heap
page read and write
31EF000
stack
page read and write
340E000
stack
page read and write
B74000
heap
page read and write
15C1000
unkown
page execute and read and write
B74000
heap
page read and write
630000
direct allocation
page read and write
4A10000
direct allocation
page execute and read and write
DDB000
unkown
page execute and read and write
25F7000
heap
page read and write
5000000
direct allocation
page execute and read and write
49D1000
heap
page read and write
1082000
unkown
page execute and write copy
B74000
heap
page read and write
604000
heap
page read and write
37CE000
stack
page read and write
1D17E000
heap
page read and write
4691000
heap
page read and write
25D0000
direct allocation
page read and write
337E000
stack
page read and write
1D165000
heap
page read and write
4380000
heap
page read and write
4391000
heap
page read and write
49D9000
heap
page read and write
1D171000
heap
page read and write
604000
heap
page read and write
49A0000
direct allocation
page execute and read and write
25D0000
direct allocation
page read and write
B74000
heap
page read and write
2ECF000
stack
page read and write
A00000
unkown
page read and write
8B0000
heap
page read and write
604000
heap
page read and write
61EB4000
direct allocation
page read and write
4370000
heap
page read and write
B74000
heap
page read and write
4A40000
direct allocation
page execute and read and write
4C90000
direct allocation
page execute and read and write
F65000
unkown
page execute and read and write
30000
unkown
page read and write
2A318000
heap
page read and write
322E000
stack
page read and write
1D157000
heap
page read and write
25BF000
stack
page read and write
3B4F000
stack
page read and write
1D163000
heap
page read and write
23632000
heap
page read and write
334000
unkown
page execute and read and write
1D184000
heap
page read and write
604000
heap
page read and write
4381000
heap
page read and write
4391000
heap
page read and write
25D0000
direct allocation
page read and write
5050000
direct allocation
page execute and read and write
4691000
heap
page read and write
412E000
stack
page read and write
4820000
direct allocation
page read and write
1D159000
heap
page read and write
283E000
stack
page read and write
2D70000
direct allocation
page read and write
1D167000
heap
page read and write
350F000
stack
page read and write
2BAF000
stack
page read and write
3FCF000
stack
page read and write
426E000
stack
page read and write
27EF000
stack
page read and write
23638000
heap
page read and write
83D000
stack
page read and write
2A2F0000
heap
page read and write
1D157000
heap
page read and write
B74000
heap
page read and write
A01000
unkown
page execute and write copy
25E0000
direct allocation
page read and write
4B46000
direct allocation
page read and write
B74000
heap
page read and write
92000
unkown
page execute and read and write
35BF000
stack
page read and write
4691000
heap
page read and write
1D15F000
heap
page read and write
B74000
heap
page read and write
49A0000
direct allocation
page execute and read and write
2AAE000
stack
page read and write
23636000
heap
page read and write
2B4F000
stack
page read and write
7FA000
stack
page read and write
B67000
unkown
page execute and read and write
4C60000
direct allocation
page execute and read and write
49D1000
heap
page read and write
1D187000
heap
page read and write
410F000
stack
page read and write
C00000
heap
page read and write
709000
heap
page read and write
34AE000
stack
page read and write
4391000
heap
page read and write
EB8000
unkown
page execute and read and write
CBC000
heap
page read and write
46A2000
heap
page read and write
4691000
heap
page read and write
4691000
heap
page read and write
B74000
heap
page read and write
400E000
stack
page read and write
4391000
heap
page read and write
4391000
heap
page read and write
49D9000
heap
page read and write
57C000
stack
page read and write
4691000
heap
page read and write
15C2000
unkown
page execute and write copy
25D0000
direct allocation
page read and write
604000
heap
page read and write
1D16D000
heap
page read and write
2D80000
heap
page read and write
3D4F000
stack
page read and write
348F000
stack
page read and write
5E0000
heap
page read and write
4691000
heap
page read and write
25E0000
direct allocation
page read and write
2363E000
heap
page read and write
300F000
stack
page read and write
437F000
stack
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
1D186000
heap
page read and write
3ABF000
stack
page read and write
474F000
stack
page read and write
CBD000
heap
page read and write
33CF000
stack
page read and write
6CBE0000
unkown
page read and write
49D9000
heap
page read and write
36EF000
stack
page read and write
AD0000
direct allocation
page read and write
67A0000
heap
page read and write
B74000
heap
page read and write
43B0000
heap
page read and write
3FBF000
stack
page read and write
CA3000
heap
page read and write
282E000
stack
page read and write
4391000
heap
page read and write
3C4E000
stack
page read and write
61E01000
direct allocation
page execute read
424F000
stack
page read and write
960000
heap
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
30000
unkown
page readonly
1D18C000
heap
page read and write
B74000
heap
page read and write
3DCF000
stack
page read and write
2A4F000
stack
page read and write
1D167000
heap
page read and write
630000
direct allocation
page read and write
4691000
heap
page read and write
49C0000
direct allocation
page execute and read and write
C71000
heap
page read and write
1D14B000
heap
page read and write
CBC000
heap
page read and write
24E0000
heap
page read and write
49F0000
direct allocation
page execute and read and write
4391000
heap
page read and write
CAA000
heap
page read and write
2A6F000
stack
page read and write
604000
heap
page read and write
6A0C000
stack
page read and write
6A2A000
heap
page read and write
CA8000
heap
page read and write
25E0000
direct allocation
page read and write
4FE0000
direct allocation
page execute and read and write
68F000
heap
page read and write
4DE000
unkown
page execute and write copy
8FD000
stack
page read and write
70C000
heap
page read and write
4691000
heap
page read and write
2A6F000
stack
page read and write
B75000
heap
page read and write
9EE000
heap
page read and write
49A0000
direct allocation
page execute and read and write
B74000
heap
page read and write
30AF000
stack
page read and write
77B1000
heap
page read and write
6CBDF000
unkown
page write copy
AD0000
direct allocation
page read and write
AC0000
heap
page read and write
232D0000
trusted library allocation
page read and write
505F000
stack
page read and write
4691000
heap
page read and write
3D2F000
stack
page read and write
715000
heap
page read and write
3B8E000
stack
page read and write
49A0000
direct allocation
page execute and read and write
4391000
heap
page read and write
1D17E000
heap
page read and write
4C4F000
stack
page read and write
396F000
stack
page read and write
2D4E000
stack
page read and write
B74000
heap
page read and write
604000
heap
page read and write
49CF000
stack
page read and write
48CE000
stack
page read and write
96B000
heap
page read and write
604000
heap
page read and write
604000
heap
page read and write
7620000
heap
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
121E000
unkown
page execute and write copy
336E000
stack
page read and write
4FC0000
direct allocation
page execute and read and write
604000
heap
page read and write
B74000
heap
page read and write
1D17E000
heap
page read and write
B74000
heap
page read and write
B3E000
stack
page read and write
40EF000
stack
page read and write
57C000
stack
page read and write
485E000
stack
page read and write
480C000
stack
page read and write
4391000
heap
page read and write
2333E000
stack
page read and write
1D198000
heap
page read and write
1D189000
heap
page read and write
3F4E000
stack
page read and write
920000
heap
page read and write
31000
unkown
page execute and write copy
374E000
stack
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
25BC000
stack
page read and write
4391000
heap
page read and write
589C000
stack
page read and write
966000
heap
page read and write
890000
heap
page read and write
B74000
heap
page read and write
1D167000
heap
page read and write
324E000
stack
page read and write
4391000
heap
page read and write
333F000
stack
page read and write
9C000
unkown
page execute and read and write
D70000
unkown
page read and write
1778000
unkown
page execute and read and write
49A0000
direct allocation
page execute and read and write
B74000
heap
page read and write
9F0000
direct allocation
page read and write
B74000
heap
page read and write
1D142000
heap
page read and write
B74000
heap
page read and write
225000
unkown
page execute and read and write
CA6000
heap
page read and write
ADE000
stack
page read and write
4691000
heap
page read and write
1D183000
heap
page read and write
4691000
heap
page read and write
1D171000
heap
page read and write
6E20000
trusted library allocation
page read and write
4A30000
direct allocation
page execute and read and write
EFD000
unkown
page execute and write copy
B74000
heap
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
2BBF000
stack
page read and write
4DCF000
stack
page read and write
99000
unkown
page write copy
4391000
heap
page read and write
31000
unkown
page execute and write copy
25E0000
direct allocation
page read and write
4691000
heap
page read and write
4391000
heap
page read and write
25E0000
direct allocation
page read and write
674F000
stack
page read and write
2F8F000
stack
page read and write
2D50000
direct allocation
page read and write
8FD000
stack
page read and write
4C60000
heap
page read and write
DD5000
unkown
page execute and read and write
9CE000
stack
page read and write
2D50000
direct allocation
page read and write
25E7000
heap
page read and write
46E6000
heap
page read and write
49D0000
direct allocation
page execute and read and write
CA5000
heap
page read and write
EE4000
unkown
page execute and read and write
10A1000
unkown
page execute and read and write
2BEE000
stack
page read and write
3EBE000
stack
page read and write
4A20000
direct allocation
page execute and read and write
4391000
heap
page read and write
1D171000
heap
page read and write
1D155000
heap
page read and write
1D169000
heap
page read and write
B74000
heap
page read and write
1CACE000
stack
page read and write
4391000
heap
page read and write
1D171000
heap
page read and write
1D194000
heap
page read and write
C8F000
heap
page read and write
4881000
direct allocation
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
722000
heap
page read and write
B74000
heap
page read and write
1D18C000
heap
page read and write
41CE000
stack
page read and write
B74000
heap
page read and write
A60000
heap
page read and write
4691000
heap
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
1D157000
heap
page read and write
4691000
heap
page read and write
7629000
heap
page read and write
3ACF000
stack
page read and write
3C8F000
stack
page read and write
B74000
heap
page read and write
1082000
unkown
page execute and read and write
30BF000
stack
page read and write
77B0000
heap
page read and write
4391000
heap
page read and write
52CF000
stack
page read and write
704000
heap
page read and write
4391000
heap
page read and write
1D183000
heap
page read and write
388E000
stack
page read and write
1241000
unkown
page execute and read and write
4FC8000
stack
page read and write
30000
unkown
page readonly
1D192000
heap
page read and write
25D0000
direct allocation
page read and write
D1F000
stack
page read and write
5030000
direct allocation
page execute and read and write
B74000
heap
page read and write
49A0000
direct allocation
page execute and read and write
1D17B000
heap
page read and write
DD9000
unkown
page write copy
4370000
heap
page read and write
4391000
heap
page read and write
3E0E000
stack
page read and write
B74000
heap
page read and write
397F000
stack
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
BDE000
heap
page read and write
4391000
heap
page read and write
9F0000
direct allocation
page read and write
1CF9C000
stack
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
9E0000
heap
page read and write
2348E000
stack
page read and write
1D18C000
heap
page read and write
B40000
heap
page read and write
640000
heap
page read and write
14F1000
unkown
page execute and read and write
9AB000
heap
page read and write
B74000
heap
page read and write
5FE000
stack
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
4691000
heap
page read and write
15C1000
unkown
page execute and write copy
630000
direct allocation
page read and write
61E00000
direct allocation
page execute and read and write
2FC000
unkown
page execute and read and write
B74000
heap
page read and write
51ED000
stack
page read and write
604000
heap
page read and write
15AB000
unkown
page execute and read and write
390E000
stack
page read and write
450E000
stack
page read and write
9EB000
heap
page read and write
9E7000
heap
page read and write
3D7E000
stack
page read and write
13C1000
unkown
page execute and read and write
334000
unkown
page execute and read and write
4E8E000
stack
page read and write
225000
unkown
page execute and read and write
4691000
heap
page read and write
4391000
heap
page read and write
6286000
heap
page read and write
77C0000
heap
page read and write
6CB9F000
unkown
page readonly
C13000
heap
page read and write
3EAE000
stack
page read and write
4391000
heap
page read and write
440F000
stack
page read and write
600000
heap
page read and write
1D166000
heap
page read and write
4B4B000
stack
page read and write
3AEE000
stack
page read and write
320F000
stack
page read and write
49F0000
direct allocation
page execute and read and write
4391000
heap
page read and write
282E000
stack
page read and write
1CE4F000
stack
page read and write
413E000
stack
page read and write
106C000
unkown
page execute and read and write
B74000
heap
page read and write
9BE000
heap
page read and write
CA6000
heap
page read and write
B75000
heap
page read and write
B74000
heap
page read and write
1D171000
heap
page read and write
25E0000
direct allocation
page read and write
B74000
heap
page read and write
4691000
heap
page read and write
232C6000
heap
page read and write
2E7E000
stack
page read and write
4391000
heap
page read and write
378F000
stack
page read and write
CA5000
heap
page read and write
2CCF000
stack
page read and write
1D15B000
heap
page read and write
516B000
stack
page read and write
4691000
heap
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
C4A000
unkown
page read and write
1CC0E000
stack
page read and write
49E0000
direct allocation
page execute and read and write
630000
direct allocation
page read and write
B74000
heap
page read and write
342000
unkown
page execute and read and write
B74000
heap
page read and write
296E000
stack
page read and write
332F000
stack
page read and write
4691000
heap
page read and write
495F000
stack
page read and write
382F000
stack
page read and write
49A0000
direct allocation
page execute and read and write
34CF000
stack
page read and write
3AAF000
stack
page read and write
4391000
heap
page read and write
257E000
stack
page read and write
4391000
heap
page read and write
4FC0000
direct allocation
page execute and read and write
B74000
heap
page read and write
B74000
heap
page read and write
4690000
heap
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
4820000
direct allocation
page read and write
4691000
heap
page read and write
4390000
heap
page read and write
960000
heap
page read and write
EFC000
unkown
page execute and read and write
35EE000
stack
page read and write
342000
unkown
page execute and write copy
AD0000
direct allocation
page read and write
2FCE000
stack
page read and write
604000
heap
page read and write
604000
heap
page read and write
3C3E000
stack
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
4691000
heap
page read and write
25F0000
heap
page read and write
B74000
heap
page read and write
5730000
heap
page read and write
4490000
trusted library allocation
page read and write
1D170000
heap
page read and write
25E0000
direct allocation
page read and write
25D0000
direct allocation
page read and write
4391000
heap
page read and write
4980000
direct allocation
page execute and read and write
4FD0000
direct allocation
page execute and read and write
92000
unkown
page execute and read and write
4A10000
direct allocation
page execute and read and write
98C000
stack
page read and write
3F0F000
stack
page read and write
939000
heap
page read and write
95E000
stack
page read and write
40EF000
stack
page read and write
99000
unkown
page write copy
63C000
stack
page read and write
B74000
heap
page read and write
360E000
stack
page read and write
4691000
heap
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
604000
heap
page read and write
604000
heap
page read and write
49A0000
direct allocation
page execute and read and write
B2E000
stack
page read and write
4381000
heap
page read and write
332F000
stack
page read and write
468F000
stack
page read and write
4691000
heap
page read and write
384F000
stack
page read and write
4F90000
direct allocation
page execute and read and write
4391000
heap
page read and write
B74000
heap
page read and write
6A10000
heap
page read and write
A8E000
stack
page read and write
334000
unkown
page execute and read and write
2F0E000
stack
page read and write
4881000
direct allocation
page read and write
3B0E000
stack
page read and write
1C98E000
stack
page read and write
64CF000
stack
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
2329E000
heap
page read and write
49A0000
direct allocation
page execute and read and write
3E7F000
stack
page read and write
4A40000
direct allocation
page execute and read and write
426E000
stack
page read and write
4E0E000
stack
page read and write
4391000
heap
page read and write
4DC000
unkown
page execute and read and write
B74000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
3A4E000
stack
page read and write
B74000
heap
page read and write
6C960000
unkown
page readonly
1D167000
heap
page read and write
2E6E000
stack
page read and write
1D170000
heap
page read and write
336E000
stack
page read and write
2A2F1000
heap
page read and write
10A2000
unkown
page execute and write copy
B74000
heap
page read and write
B2A000
heap
page read and write
604000
heap
page read and write
343000
unkown
page execute and write copy
2CFF000
stack
page read and write
2D50000
direct allocation
page read and write
34BE000
stack
page read and write
49E0000
direct allocation
page execute and read and write
B74000
heap
page read and write
B74000
heap
page read and write
346F000
stack
page read and write
30AF000
stack
page read and write
31FF000
stack
page read and write
880000
heap
page read and write
30000
unkown
page readonly
40FF000
stack
page read and write
38CF000
stack
page read and write
99000
unkown
page write copy
4FC0000
direct allocation
page execute and read and write
4691000
heap
page read and write
2D50000
direct allocation
page read and write
1D169000
heap
page read and write
39BE000
stack
page read and write
2D50000
direct allocation
page read and write
3D6E000
stack
page read and write
49A0000
direct allocation
page execute and read and write
5010000
direct allocation
page execute and read and write
30EE000
stack
page read and write
2A1E0000
heap
page read and write
3CCE000
stack
page read and write
B74000
heap
page read and write
1D169000
heap
page read and write
6C9EE000
unkown
page read and write
4FC0000
direct allocation
page execute and read and write
49D9000
heap
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
4691000
heap
page read and write
39AE000
stack
page read and write
15B2000
unkown
page execute and read and write
604000
heap
page read and write
9B000
unkown
page execute and read and write
2D0C000
stack
page read and write
B74000
heap
page read and write
94E000
stack
page read and write
4990000
direct allocation
page execute and read and write
C4C000
unkown
page execute and read and write
4691000
heap
page read and write
1D16D000
heap
page read and write
2CEF000
stack
page read and write
B74000
heap
page read and write
103C000
unkown
page execute and read and write
4C8F000
stack
page read and write
4CCE000
stack
page read and write
B74000
heap
page read and write
690C000
stack
page read and write
4691000
heap
page read and write
B74000
heap
page read and write
604000
heap
page read and write
C9E000
heap
page read and write
B74000
heap
page read and write
495F000
stack
page read and write
292F000
stack
page read and write
BDA000
heap
page read and write
4A00000
direct allocation
page execute and read and write
B74000
heap
page read and write
4C90000
direct allocation
page execute and read and write
90E000
stack
page read and write
630000
direct allocation
page read and write
49D8000
heap
page read and write
292F000
stack
page read and write
1D18C000
heap
page read and write
B74000
heap
page read and write
49D1000
heap
page read and write
AEE000
stack
page read and write
1D192000
heap
page read and write
3E6F000
stack
page read and write
4391000
heap
page read and write
9B000
unkown
page execute and read and write
B74000
heap
page read and write
4391000
heap
page read and write
231D0000
trusted library allocation
page read and write
4391000
heap
page read and write
1D167000
heap
page read and write
430E000
stack
page read and write
318E000
stack
page read and write
454F000
stack
page read and write
1D17E000
heap
page read and write
24E7000
heap
page read and write
B74000
heap
page read and write
310E000
stack
page read and write
4381000
heap
page read and write
B74000
heap
page read and write
1D189000
heap
page read and write
B74000
heap
page read and write
4390000
heap
page read and write
1D187000
heap
page read and write
372E000
stack
page read and write
436F000
stack
page read and write
25D0000
direct allocation
page read and write
438F000
stack
page read and write
54AE000
stack
page read and write
61EB7000
direct allocation
page readonly
604000
heap
page read and write
1D187000
heap
page read and write
98F000
heap
page read and write
436F000
stack
page read and write
2D50000
direct allocation
page read and write
4F5E000
stack
page read and write
6CBE5000
unkown
page readonly
B70000
heap
page read and write
650E000
stack
page read and write
604000
heap
page read and write
49A0000
direct allocation
page execute and read and write
30000
unkown
page read and write
1D260000
trusted library allocation
page read and write
2D3E000
stack
page read and write
AD0000
direct allocation
page read and write
3FEE000
stack
page read and write
43CE000
stack
page read and write
2F6F000
stack
page read and write
5E0000
heap
page read and write
1D187000
heap
page read and write
B74000
heap
page read and write
1D17E000
heap
page read and write
6C961000
unkown
page execute read
4391000
heap
page read and write
4DC000
unkown
page execute and read and write
C97000
heap
page read and write
1CE9D000
stack
page read and write
39CE000
stack
page read and write
3D3F000
stack
page read and write
49A0000
direct allocation
page execute and read and write
34AE000
stack
page read and write
4391000
heap
page read and write
4F0E000
stack
page read and write
AD0000
direct allocation
page read and write
296E000
stack
page read and write
4691000
heap
page read and write
25E0000
heap
page read and write
1CFDE000
stack
page read and write
488F000
stack
page read and write
2D2E000
stack
page read and write
3FEE000
stack
page read and write
CC5000
heap
page read and write
2AAE000
stack
page read and write
4391000
heap
page read and write
294F000
stack
page read and write
4990000
direct allocation
page execute and read and write
4990000
direct allocation
page execute and read and write
6280000
heap
page read and write
D7E000
stack
page read and write
AAE000
stack
page read and write
418F000
stack
page read and write
950000
heap
page read and write
2D50000
direct allocation
page read and write
1D156000
heap
page read and write
1D17E000
heap
page read and write
B75000
heap
page read and write
4820000
direct allocation
page read and write
B1E000
stack
page read and write
4691000
heap
page read and write
4391000
heap
page read and write
49E0000
direct allocation
page execute and read and write
4FC0000
direct allocation
page execute and read and write
49D1000
heap
page read and write
1D18A000
heap
page read and write
44CF000
stack
page read and write
AD0000
direct allocation
page read and write
4391000
heap
page read and write
30EE000
stack
page read and write
B74000
heap
page read and write
1D17E000
heap
page read and write
CC5000
heap
page read and write
4691000
heap
page read and write
B75000
heap
page read and write
630000
direct allocation
page read and write
396F000
stack
page read and write
B74000
heap
page read and write
23590000
trusted library allocation
page read and write
6C9DD000
unkown
page readonly
BBE000
stack
page read and write
2FAE000
stack
page read and write
35CF000
stack
page read and write
8C8C000
stack
page read and write
61ED0000
direct allocation
page read and write
57C000
stack
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
1D17E000
heap
page read and write
1D163000
heap
page read and write
4391000
heap
page read and write
B75000
heap
page read and write
25E0000
direct allocation
page read and write
3AFE000
stack
page read and write
664E000
stack
page read and write
1D192000
heap
page read and write
630000
direct allocation
page read and write
1D18C000
heap
page read and write
5180000
heap
page read and write
B74000
heap
page read and write
25E0000
direct allocation
page read and write
4490000
trusted library allocation
page read and write
1D140000
heap
page read and write
1D17E000
heap
page read and write
B30000
unkown
page readonly
4691000
heap
page read and write
2D50000
direct allocation
page read and write
3BEF000
stack
page read and write
EFC000
unkown
page execute and write copy
B74000
heap
page read and write
1D18C000
heap
page read and write
4970000
direct allocation
page execute and read and write
4691000
heap
page read and write
49D9000
heap
page read and write
6750000
heap
page read and write
1D155000
heap
page read and write
630000
direct allocation
page read and write
1D171000
heap
page read and write
373E000
stack
page read and write
2D50000
direct allocation
page read and write
334F000
stack
page read and write
C71000
heap
page read and write
3C2E000
stack
page read and write
DD2000
unkown
page execute and read and write
354E000
stack
page read and write
B74000
heap
page read and write
142E000
stack
page read and write
49D0000
direct allocation
page execute and read and write
4980000
direct allocation
page execute and read and write
422F000
stack
page read and write
AD0000
direct allocation
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
25D0000
direct allocation
page read and write
4EB1000
direct allocation
page read and write
3EAE000
stack
page read and write
26EF000
stack
page read and write
49F0000
direct allocation
page execute and read and write
B74000
heap
page read and write
53AD000
stack
page read and write
25E0000
direct allocation
page read and write
49D1000
heap
page read and write
4DE000
unkown
page execute and write copy
4691000
heap
page read and write
AD0000
direct allocation
page read and write
2ABE000
stack
page read and write
293F000
stack
page read and write
372E000
stack
page read and write
49D1000
heap
page read and write
25E0000
direct allocation
page read and write
B2E000
heap
page read and write
604000
heap
page read and write
2E2F000
stack
page read and write
5C0000
heap
page read and write
4A00000
direct allocation
page execute and read and write
4391000
heap
page read and write
B74000
heap
page read and write
49D9000
heap
page read and write
4FB0000
direct allocation
page execute and read and write
4A20000
direct allocation
page execute and read and write
B74000
heap
page read and write
1D171000
heap
page read and write
4480000
trusted library allocation
page read and write
C9E000
heap
page read and write
1D171000
heap
page read and write
B74000
heap
page read and write
427E000
stack
page read and write
4FF0000
direct allocation
page execute and read and write
495F000
stack
page read and write
314F000
stack
page read and write
B74000
heap
page read and write
4691000
heap
page read and write
4820000
direct allocation
page read and write
AD0000
direct allocation
page read and write
30FE000
stack
page read and write
B74000
heap
page read and write
3AEE000
stack
page read and write
27FF000
stack
page read and write
604000
heap
page read and write
AE5000
heap
page read and write
225000
unkown
page execute and read and write
9F0000
direct allocation
page read and write
579B000
stack
page read and write
AB5000
unkown
page execute and read and write
51AD000
stack
page read and write
25D0000
direct allocation
page read and write
32CE000
stack
page read and write
304E000
stack
page read and write
1D18C000
heap
page read and write
4B4C000
stack
page read and write
9B000
unkown
page execute and read and write
2E2F000
stack
page read and write
604000
heap
page read and write
2D50000
direct allocation
page read and write
D60000
heap
page read and write
49A0000
direct allocation
page execute and read and write
4A30000
direct allocation
page execute and read and write
2D50000
direct allocation
page read and write
B74000
heap
page read and write
979000
heap
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
49D0000
heap
page read and write
1D183000
heap
page read and write
4A40000
direct allocation
page execute and read and write
52ED000
stack
page read and write
32C000
unkown
page execute and read and write
4691000
heap
page read and write
132F000
stack
page read and write
4381000
heap
page read and write
B74000
heap
page read and write
4691000
heap
page read and write
458E000
stack
page read and write
1D194000
heap
page read and write
4C80000
direct allocation
page execute and read and write
4391000
heap
page read and write
3C2E000
stack
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
630000
direct allocation
page read and write
49D9000
heap
page read and write
342000
unkown
page execute and read and write
3E8F000
stack
page read and write
C6D000
heap
page read and write
49D1000
heap
page read and write
C4A000
unkown
page write copy
604000
heap
page read and write
AD0000
direct allocation
page read and write
25E0000
direct allocation
page read and write
1D17E000
heap
page read and write
1D171000
heap
page read and write
3E6F000
stack
page read and write
AD0000
direct allocation
page read and write
604000
heap
page read and write
5AE000
stack
page read and write
49D1000
heap
page read and write
B74000
heap
page read and write
530000
heap
page read and write
398F000
stack
page read and write
177A000
unkown
page execute and write copy
B74000
heap
page read and write
2F7F000
stack
page read and write
4691000
heap
page read and write
B30000
unkown
page readonly
B74000
heap
page read and write
4391000
heap
page read and write
B74000
heap
page read and write
4391000
heap
page read and write
9BA000
heap
page read and write
23231000
heap
page read and write
4A10000
direct allocation
page execute and read and write
B74000
heap
page read and write
4391000
heap
page read and write
3FFE000
stack
page read and write
5184000
heap
page read and write
297E000
stack
page read and write
1D18C000
heap
page read and write
620000
heap
page read and write
94E000
stack
page read and write
B74000
heap
page read and write
1CD4E000
stack
page read and write
2D50000
direct allocation
page read and write
B74000
heap
page read and write
322E000
stack
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
930000
heap
page read and write
B74000
heap
page read and write
342000
unkown
page execute and write copy
24DE000
stack
page read and write
B74000
heap
page read and write
B74000
heap
page read and write
49D1000
heap
page read and write
B74000
heap
page read and write
323E000
stack
page read and write
727000
heap
page read and write
B74000
heap
page read and write
1074000
unkown
page execute and read and write
6FB000
stack
page read and write
1CD0F000
stack
page read and write
4391000
heap
page read and write
B31000
unkown
page execute and write copy
2358F000
stack
page read and write
B74000
heap
page read and write
1D166000
heap
page read and write
1D186000
heap
page read and write
197F000
stack
page read and write
2D70000
direct allocation
page read and write
4691000
heap
page read and write
25ED000
heap
page read and write
2D8F000
stack
page read and write
364F000
stack
page read and write
693000
heap
page read and write
342000
unkown
page execute and read and write
231D0000
trusted library allocation
page read and write
B20000
heap
page read and write
2FBE000
stack
page read and write
B74000
heap
page read and write
2D50000
direct allocation
page read and write
AD0000
direct allocation
page read and write
73C000
heap
page read and write
4391000
heap
page read and write
1D18C000
heap
page read and write
630000
direct allocation
page read and write
99000
unkown
page write copy
604000
heap
page read and write
AD0000
unkown
page execute and read and write
4391000
heap
page read and write
35FE000
stack
page read and write
444E000
stack
page read and write
404F000
stack
page read and write
99000
unkown
page write copy
26FF000
stack
page read and write
61ECD000
direct allocation
page readonly
4391000
heap
page read and write
4B8E000
stack
page read and write
49B0000
direct allocation
page execute and read and write
77BE000
heap
page read and write
B74000
heap
page read and write
2C4F000
stack
page read and write
387E000
stack
page read and write
3FAF000
stack
page read and write
25D0000
direct allocation
page read and write
630000
direct allocation
page read and write
3BEF000
stack
page read and write
B74000
heap
page read and write
25D0000
direct allocation
page read and write
36EF000
stack
page read and write
1D18C000
heap
page read and write
49A0000
direct allocation
page execute and read and write
B74000
heap
page read and write
EEC000
unkown
page execute and read and write
2E3F000
stack
page read and write
630000
direct allocation
page read and write
25EF000
stack
page read and write
1083000
unkown
page execute and write copy
B74000
heap
page read and write
4820000
direct allocation
page read and write
2FC000
unkown
page execute and read and write
32C000
unkown
page execute and read and write
B74000
heap
page read and write
D0E000
stack
page read and write
328F000
stack
page read and write
6A11000
heap
page read and write
604000
heap
page read and write
4391000
heap
page read and write
5C5000
heap
page read and write
A84000
unkown
page execute and read and write
4FA0000
direct allocation
page execute and read and write
25D0000
direct allocation
page read and write
338E000
stack
page read and write
422F000
stack
page read and write
3D2F000
stack
page read and write
3A0F000
stack
page read and write
464E000
stack
page read and write
61ED4000
direct allocation
page readonly
B74000
heap
page read and write
4691000
heap
page read and write
3FAF000
stack
page read and write
412E000
stack
page read and write
B74000
heap
page read and write
CA5000
heap
page read and write
2C8E000
stack
page read and write
4691000
heap
page read and write
25D0000
direct allocation
page read and write
35EE000
stack
page read and write
4970000
direct allocation
page execute and read and write
540000
heap
page read and write
4A00000
direct allocation
page execute and read and write
B75000
heap
page read and write
604000
heap
page read and write
B74000
heap
page read and write
8CCE000
stack
page read and write
6C2000
heap
page read and write
3ECE000
stack
page read and write
2362A000
heap
page read and write
1D18C000
heap
page read and write
C1F000
heap
page read and write
1D157000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
B74000
heap
page read and write
2D50000
direct allocation
page read and write
4691000
heap
page read and write
604000
heap
page read and write
CBF000
stack
page read and write
1CA8F000
stack
page read and write
4691000
heap
page read and write
4391000
heap
page read and write
49A0000
direct allocation
page execute and read and write
604000
heap
page read and write
1D18C000
heap
page read and write
2A2EC000
stack
page read and write
6C9F2000
unkown
page readonly
4691000
heap
page read and write
CC5000
heap
page read and write
604000
heap
page read and write
604000
heap
page read and write
368E000
stack
page read and write
4391000
heap
page read and write
3D8E000
stack
page read and write
604000
heap
page read and write
1D198000
heap
page read and write
121C000
unkown
page execute and read and write
1D179000
heap
page read and write
97A000
heap
page read and write
4C70000
direct allocation
page execute and read and write
423F000
stack
page read and write
428E000
stack
page read and write
4881000
direct allocation
page read and write
D71000
unkown
page execute and write copy
1D14E000
heap
page read and write
370F000
stack
page read and write
D5E000
stack
page read and write
4391000
heap
page read and write
35AF000
stack
page read and write
25E0000
direct allocation
page read and write
5040000
direct allocation
page execute and read and write
1D198000
heap
page read and write
4691000
heap
page read and write
343000
unkown
page execute and write copy
26EF000
stack
page read and write
49D9000
heap
page read and write
35AF000
stack
page read and write
There are 1274 hidden memdumps, click here to show them.