IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\eDPQZkT[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1009006001\eDPQZkT.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1009009001\ead1a5c329.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsCAEHDBAAEC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BAAFCAFCBKFHJJJKKFHIDAAKFB
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\BGDHDAFI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\DHIDHIEGIIIECAKEBFBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\EHDGIJJDGCBKFIDHIEBK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\HJJJDAEG
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\IJEHIDHDAKJDHJKEBFIEHCAAEH
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KJKJKFCBKKJDGDHIDBGI
ASCII text, with very long lines (1765), with CRLF line terminators
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\16167446-e5d8-45fc-93d1-7eaafec8a498.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9310ebb8-78a9-45be-afe5-69023b4baf4d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\4e6594af-d094-4fb5-89ef-a15d353bbb21.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67445AB3-1AA0.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67445AB3-1FFC.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\03125f9c-66bc-47b3-814c-ebb5c574529c.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\05140d9d-6b45-47ad-b4ae-5e80d1eb3237.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2b0bb2ca-6d4e-4a2a-be2c-dadf3ad1c7af.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\424370ef-f6c3-4d23-b52b-62798975e487.tmp
Unicode text, UTF-8 text, with very long lines (17113), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\75a6471a-367b-41bd-bd17-1e4ccc6b0ddd.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\997d4206-4884-451c-88d8-40e5b0fef172.tmp
Unicode text, UTF-8 text, with very long lines (17278), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9bc954b9-bf98-4e60-90f6-ba2750184231.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0b25ec37-c822-4711-a714-f68ef52af6a5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6009456f-0656-4886-bda0-bc50a1b52559.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\665fb394-8c73-4ee6-b221-735f1c376760.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6a854b32-01e2-4583-8db8-2999f2ad48ba.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6aeb00b7-1fab-414e-ab66-458ed8f652df.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9deeb5b4-2706-4c4a-b766-009942d4d3ec.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3bdf2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2adab.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2c3d3.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2ed44.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF315fa.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34dd3.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3abe1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2eae3.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3348e.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377006518716523
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0bfb7416-9eac-4bbc-a849-d022f0ec406a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2d4b9ee9-d7e2-4bf9-b5db-4a8ed977608d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\87eae9e8-9964-428a-b573-6dd93d73632f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2c3e2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f82ed97e-51a3-4b02-b487-ca1ca4e39511.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a95765f2-3eb3-41ac-a86e-204346c324bb.tmp
Unicode text, UTF-8 text, with very long lines (17277), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b1786c60-e3cb-4fe3-be1e-343974803f98.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f3c00cf3-47e8-48b9-980b-b3f3c1e976db.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29919.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29929.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29a90.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2c191.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30744.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3abd1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4077e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d04d8897-4eb3-4c67-b1ea-0d21be6146e8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d8f67f46-3047-44f7-8334-b8387592fc7e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dc664b70-bedc-4d0e-a23f-9ac07077751c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ec1e68b0-a6de-4d72-83dd-b8c31d58dede.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ee26a2cb-dcd8-4f9e-939a-684ef4a22859.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ffefead9-020a-45e7-81c5-ff24fc5495b7.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\31893d51-4dd2-4fd1-8289-fee1c3230a46.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\35f9696c-706c-406e-bf4a-0a8a40e63aa1.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\5628bbe9-ef7f-482b-9b56-c1fabc725759.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\6c4b4029-8e55-4937-ab0e-ce964aaaaf02.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\840f6936-b03c-42da-a197-e662187c7d07.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\f579fa17-e028-447d-be1e-657442534647.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\ffda4c77-2e07-4c2f-bb9d-b075c9653b5f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_1153577029\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_1153577029\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_1153577029\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_1153577029\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_1153577029\ffda4c77-2e07-4c2f-bb9d-b075c9653b5f.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\5628bbe9-ef7f-482b-9b56-c1fabc725759.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8188_842167385\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:08:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:08:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:08:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:08:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:08:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 475
ASCII text, with very long lines (3516)
downloaded
Chrome Cache Entry: 476
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 477
ASCII text
downloaded
Chrome Cache Entry: 478
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 479
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 480
SVG Scalable Vector Graphics image
downloaded
There are 290 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2072,i,6352660947356166951,12031086605631171018,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2284,i,12587034906761633398,4416084436642061147,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1992,i,16538886290713624235,1857347339083574293,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6256 --field-trial-handle=1992,i,16538886290713624235,1857347339083574293,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6436 --field-trial-handle=1992,i,16538886290713624235,1857347339083574293,262144 /prefetch:8
malicious
C:\Users\user\DocumentsCAEHDBAAEC.exe
"C:\Users\user\DocumentsCAEHDBAAEC.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5988 --field-trial-handle=1992,i,16538886290713624235,1857347339083574293,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1009006001\eDPQZkT.exe
"C:\Users\user\AppData\Local\Temp\1009006001\eDPQZkT.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsCAEHDBAAEC.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 7 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://sb.scorecardresearch.com/b2?rn=1732532933075&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0A576580DC7A6D0124D170C2DDEE6CAA&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.219.111
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll$
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
http://31.41.244.11/files/randoV
unknown
https://c.msn.com/c.gif?rnd=1732532933075&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=354610ce91cb4454a7edd3a26242369f&activityId=354610ce91cb4454a7edd3a26242369f&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.110.205.119
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll8
unknown
https://sb.scorecardresearch.com/
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732532939876&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.24
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://frogs-severz.sbs//
unknown
https://drive.google.com/
unknown
https://frogs-severz.sbs/0
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
http://31.41.244.11/files/1724962075/eDPQZkT.exeA)
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
http://31.41.244.11/files/random.exe5062384760ac02b4ded8abeee1fb9a28c01515e801b41b110350bcecd522b999
unknown
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
172.217.21.36
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
185.215.113.206/c4becf79229cb002.php
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
http://31.41.244.11/files/random.exe)C:
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true
204.79.197.203
http://31.41.244.11/files/random.exe09009001
unknown
https://drive-daily-2.corp.google.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
http://31.41.244.11/files/random.exe5e801b41b110350bcecd522b9999a5536e6#E
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://drive-daily-5.corp.google.com/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
http://crl.micro
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
23.209.72.33
https://www.msn.com/web-notification-icon-light.png
unknown
https://chromewebstore.google.com/
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllz
unknown
http://31.41.244.11/files/1724962075/eDPQZkT.exe%)
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://185.215.113.206/c4becf79229cb002.php_
unknown
http://185.215.113.43/Zu7JuNko/index.phpW
unknown
http://31.41.244.11/files/random.exe50Dat
unknown
https://m.kugou.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732532939939&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.24
http://185.215.113.206/c4becf79229cb002.phpd
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732532933073&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
20.189.173.24
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
https://ntp.msn.com/edge/ntp
unknown
http://185.215.113.206/c4becf79229cb002.phpk
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mira-tmc.tm-4.office.com
52.123.243.184
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
172.217.17.78
frogs-severz.sbs
104.21.88.250
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.110
www.google.com
172.217.21.36
s-part-0035.t-0009.t-msedge.net
13.107.246.63
b-0005.b-dc-msedge.net
13.107.9.158
googlehosted.l.googleusercontent.com
172.217.19.225
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
property-imper.sbs
unknown
deff.nelreports.net
unknown
ntp.msn.com
unknown
apis.google.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.8
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
13.107.246.40
unknown
United States
152.195.19.97
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
23.209.72.33
unknown
United States
23.44.201.23
unknown
United States
204.79.197.239
unknown
United States
172.217.21.36
www.google.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
104.40.82.182
unknown
United States
172.64.41.3
unknown
United States
52.123.243.184
mira-tmc.tm-4.office.com
United States
13.107.9.158
b-0005.b-dc-msedge.net
United States
204.79.197.237
unknown
United States
23.44.201.21
unknown
United States
31.41.244.11
unknown
Russian Federation
172.217.17.78
plus.l.google.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
18.173.219.111
unknown
United States
20.189.173.24
unknown
United States
104.21.88.250
frogs-severz.sbs
United States
239.255.255.250
unknown
Reserved
23.44.201.7
unknown
United States
23.44.201.5
unknown
United States
104.117.182.56
unknown
United States
20.75.60.91
unknown
United States
127.0.0.1
unknown
unknown
204.79.197.203
unknown
United States
There are 24 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197716
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197716
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197716
WindowTabManagerFileMappingId
There are 94 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4B00000
direct allocation
page read and write
 malicious
49D0000
direct allocation
page read and write
 malicious
DF1000
unkown
page execute and read and write
 malicious
FB1000
unkown
page execute and read and write
 malicious
4DD0000
direct allocation
page read and write
 malicious
FB1000
unkown
page execute and read and write
 malicious
FB1000
unkown
page execute and read and write
 malicious
3F1000
unkown
page execute and read and write
 malicious
4D60000
direct allocation
page read and write
 malicious
F2E000
heap
page read and write
 malicious
4C20000
direct allocation
page read and write
 malicious
375F000
stack
page read and write
511E000
stack
page read and write
1020000
heap
page read and write
379E000
stack
page read and write
4BA0000
direct allocation
page execute and read and write
5A4000
heap
page read and write
3E3E000
stack
page read and write
874000
heap
page read and write
3A1E000
stack
page read and write
1D431000
heap
page read and write
2361C000
heap
page read and write
4951000
heap
page read and write
350F000
stack
page read and write
2383E000
stack
page read and write
DB0000
heap
page read and write
61ED0000
direct allocation
page read and write
45A1000
heap
page read and write
2D6F000
stack
page read and write
1471000
unkown
page execute and write copy
12B1000
unkown
page execute and write copy
4B20000
direct allocation
page execute and read and write
430E000
stack
page read and write
31CE000
stack
page read and write
2C07000
heap
page read and write
3B2E000
stack
page read and write
101B000
unkown
page execute and read and write
741000
heap
page read and write
1D428000
heap
page read and write
1D43E000
heap
page read and write
CBE000
heap
page read and write
1D415000
heap
page read and write
376E000
stack
page read and write
4C80000
direct allocation
page execute and read and write
3C2F000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
4C90000
direct allocation
page execute and read and write
874000
heap
page read and write
8BF9000
heap
page read and write
4D90000
direct allocation
page execute and read and write
A2E000
heap
page read and write
738000
heap
page read and write
23850000
trusted library allocation
page read and write
304E000
stack
page read and write
28FF000
stack
page read and write
5567000
trusted library allocation
page read and write
5539000
trusted library allocation
page read and write
3F4F000
stack
page read and write
3DDE000
stack
page read and write
4D1B000
stack
page read and write
27E0000
direct allocation
page read and write
1D41F000
heap
page read and write
980000
heap
page read and write
5543000
trusted library allocation
page read and write
D19000
heap
page read and write
4951000
heap
page read and write
34DF000
stack
page read and write
3F4E000
stack
page read and write
48C0000
direct allocation
page read and write
8BFB000
heap
page read and write
874000
heap
page read and write
1D524000
heap
page read and write
128C000
unkown
page execute and read and write
874000
heap
page read and write
874000
heap
page read and write
4BF0000
direct allocation
page execute and read and write
4BC0000
direct allocation
page execute and read and write
344E000
stack
page read and write
874000
heap
page read and write
4B0F000
stack
page read and write
CDF000
stack
page read and write
553000
unkown
page execute and write copy
4951000
heap
page read and write
8BD0000
heap
page read and write
5614000
trusted library allocation
page read and write
86E000
stack
page read and write
1D25D000
stack
page read and write
4E10000
direct allocation
page execute and read and write
55FE000
stack
page read and write
1D430000
heap
page read and write
4D10000
direct allocation
page execute and read and write
2A3E000
stack
page read and write
2BE0000
direct allocation
page read and write
12AE000
unkown
page execute and read and write
6CCBE000
unkown
page read and write
B04000
heap
page read and write
3CCF000
stack
page read and write
5A4000
heap
page read and write
874000
heap
page read and write
874000
heap
page read and write
4951000
heap
page read and write
D02000
heap
page read and write
4A30000
direct allocation
page read and write
45B0000
heap
page read and write
4DE0000
direct allocation
page execute and read and write
476F000
stack
page read and write
557E000
trusted library allocation
page read and write
2B9B000
stack
page read and write
874000
heap
page read and write
4CD0000
direct allocation
page execute and read and write
312E000
stack
page read and write
1D427000
heap
page read and write
874000
heap
page read and write
401F000
stack
page read and write
874000
heap
page read and write
8FC000
heap
page read and write
A6E000
heap
page read and write
63A000
unkown
page read and write
4DB0000
direct allocation
page execute and read and write
300F000
stack
page read and write
378F000
stack
page read and write
4D60000
direct allocation
page read and write
1D44A000
heap
page read and write
329E000
stack
page read and write
DBD000
heap
page read and write
45A1000
heap
page read and write
2C0B000
heap
page read and write
5F9E000
stack
page read and write
8E0000
heap
page read and write
27E0000
direct allocation
page read and write
23651000
heap
page read and write
45A1000
heap
page read and write
4670000
heap
page read and write
40BE000
stack
page read and write
4551000
heap
page read and write
372F000
stack
page read and write
1012000
unkown
page execute and read and write
BAF000
stack
page read and write
457F000
stack
page read and write
AF1000
heap
page read and write
48D1000
heap
page read and write
4551000
heap
page read and write
7320000
heap
page read and write
4B3E000
stack
page read and write
4B30000
direct allocation
page execute and read and write
357E000
stack
page read and write
874000
heap
page read and write
D4E000
stack
page read and write
6CAE0000
unkown
page readonly
874000
heap
page read and write
32CF000
stack
page read and write
C6E000
stack
page read and write
521F000
stack
page read and write
5A4000
heap
page read and write
4951000
heap
page read and write
7C7000
unkown
page execute and read and write
1D431000
heap
page read and write
301E000
stack
page read and write
3AB000
stack
page read and write
9DE000
heap
page read and write
4551000
heap
page read and write
4C80000
direct allocation
page execute and read and write
4BCD000
stack
page read and write
893E000
stack
page read and write
FBC000
heap
page read and write
4551000
heap
page read and write
4551000
heap
page read and write
4551000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
FF2000
unkown
page execute and read and write
874000
heap
page read and write
5A4000
heap
page read and write
1D44C000
heap
page read and write
4BE0000
direct allocation
page execute and read and write
45A1000
heap
page read and write
294000
unkown
page execute and read and write
550E000
stack
page read and write
5A4000
heap
page read and write
875000
heap
page read and write
4951000
heap
page read and write
394E000
stack
page read and write
874000
heap
page read and write
4951000
heap
page read and write
8C5000
heap
page read and write
454F000
stack
page read and write
13BE000
stack
page read and write
4DC0000
direct allocation
page execute and read and write
AC8000
heap
page read and write
5510000
trusted library allocation
page read and write
874000
heap
page read and write
3A4E000
stack
page read and write
874000
heap
page read and write
4551000
heap
page read and write
4551000
heap
page read and write
2A17000
heap
page read and write
910000
heap
page read and write
1D43B000
heap
page read and write
37CE000
stack
page read and write
874000
heap
page read and write
85E000
stack
page read and write
27E0000
direct allocation
page read and write
2A8F000
stack
page read and write
2F3E000
stack
page read and write
FB0000
unkown
page read and write
9D7000
heap
page read and write
415F000
stack
page read and write
4951000
heap
page read and write
874000
heap
page read and write
361F000
stack
page read and write
107000
unkown
page write copy
874000
heap
page read and write
B04000
heap
page read and write
4551000
heap
page read and write
12CF000
unkown
page execute and write copy
8B0000
direct allocation
page read and write
45A1000
heap
page read and write
30EF000
stack
page read and write
874000
heap
page read and write
874000
heap
page read and write
433E000
stack
page read and write
1D44A000
heap
page read and write
874000
heap
page read and write
D8D000
heap
page read and write
4951000
heap
page read and write
83C000
stack
page read and write
874000
heap
page read and write
528E000
stack
page read and write
1D43B000
heap
page read and write
3B5E000
stack
page read and write
E1F000
stack
page read and write
5D0000
heap
page read and write
1019000
unkown
page write copy
1D453000
heap
page read and write
48C0000
direct allocation
page read and write
38DE000
stack
page read and write
874000
heap
page read and write
1D44C000
heap
page read and write
5A4000
heap
page read and write
48D0000
heap
page read and write
4C60000
direct allocation
page execute and read and write
4F40000
direct allocation
page execute and read and write
1D43E000
heap
page read and write
874000
heap
page read and write
5741000
trusted library allocation
page read and write
DE0000
direct allocation
page read and write
5521000
trusted library allocation
page read and write
78B000
stack
page read and write
3D0E000
stack
page read and write
336F000
stack
page read and write
4A31000
direct allocation
page read and write
594B000
stack
page read and write
63C000
unkown
page execute and read and write
874000
heap
page read and write
AC1000
heap
page read and write
874000
heap
page read and write
D1E000
stack
page read and write
12CF000
unkown
page execute and write copy
DE0000
direct allocation
page read and write
AF2000
heap
page read and write
A7F000
heap
page read and write
4661000
heap
page read and write
4551000
heap
page read and write
874000
heap
page read and write
4951000
heap
page read and write
4C19000
trusted library allocation
page read and write
874000
heap
page read and write
4760000
heap
page read and write
D8B000
stack
page read and write
DF1000
unkown
page execute and write copy
D8E000
heap
page read and write
63FF000
stack
page read and write
A20000
heap
page read and write
1D43B000
heap
page read and write
1D429000
heap
page read and write
4551000
heap
page read and write
5A4000
heap
page read and write
4D80000
direct allocation
page execute and read and write
5A4000
heap
page read and write
447E000
stack
page read and write
4D0D000
stack
page read and write
4D90000
direct allocation
page execute and read and write
61EB7000
direct allocation
page readonly
8B0000
direct allocation
page read and write
874000
heap
page read and write
4551000
heap
page read and write
8B0000
direct allocation
page read and write
DE0000
direct allocation
page read and write
41CF000
stack
page read and write
146E000
unkown
page execute and read and write
2F0F000
stack
page read and write
4D90000
direct allocation
page execute and read and write
4661000
heap
page read and write
874000
heap
page read and write
339F000
stack
page read and write
970000
heap
page read and write
4551000
heap
page read and write
27E0000
direct allocation
page read and write
2BE0000
direct allocation
page read and write
4BB0000
direct allocation
page execute and read and write
39DF000
stack
page read and write
2A5F000
stack
page read and write
2C0E000
heap
page read and write
23625000
heap
page read and write
4F20000
direct allocation
page execute and read and write
43EE000
stack
page read and write
41FE000
stack
page read and write
1D44C000
heap
page read and write
8D6000
unkown
page execute and read and write
3B1F000
stack
page read and write
DE0000
direct allocation
page read and write
DA0000
direct allocation
page read and write
EAF000
stack
page read and write
1D431000
heap
page read and write
3F0F000
stack
page read and write
F7E000
stack
page read and write
4551000
heap
page read and write
3B1F000
stack
page read and write
1D429000
heap
page read and write
2A550000
heap
page read and write
4951000
heap
page read and write
874000
heap
page read and write
874000
heap
page read and write
55D000
stack
page read and write
B04000
heap
page read and write
4F60000
direct allocation
page execute and read and write
5A4000
heap
page read and write
325F000
stack
page read and write
4F30000
direct allocation
page execute and read and write
2CBE000
stack
page read and write
6CCBF000
unkown
page write copy
4CC0000
direct allocation
page execute and read and write
CBA000
heap
page read and write
1D41F000
heap
page read and write
874000
heap
page read and write
F3E000
stack
page read and write
48C0000
direct allocation
page read and write
5549000
trusted library allocation
page read and write
4951000
heap
page read and write
FCD000
heap
page read and write
444E000
stack
page read and write
235D0000
trusted library allocation
page read and write
107000
unkown
page read and write
4B30000
direct allocation
page execute and read and write
5536000
trusted library allocation
page read and write
D9E000
stack
page read and write
37BF000
stack
page read and write
DE0000
direct allocation
page read and write
4D10000
trusted library allocation
page read and write
551B000
trusted library allocation
page read and write
CEA000
heap
page read and write
874000
heap
page read and write
800000
heap
page read and write
5FF0000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
5A4000
heap
page read and write
4951000
heap
page read and write
80E000
stack
page read and write
48C0000
direct allocation
page read and write
1D431000
heap
page read and write
343E000
stack
page read and write
4D60000
direct allocation
page read and write
4951000
heap
page read and write
2353B000
heap
page read and write
63A000
unkown
page write copy
5536000
trusted library allocation
page read and write
4B30000
direct allocation
page execute and read and write
47A1000
heap
page read and write
ADC000
heap
page read and write
45A1000
heap
page read and write
874000
heap
page read and write
8F0000
unkown
page execute and write copy
1019000
unkown
page write copy
33FF000
stack
page read and write
874000
heap
page read and write
4E4E000
stack
page read and write
4A30000
direct allocation
page read and write
2B5F000
stack
page read and write
874000
heap
page read and write
4551000
heap
page read and write
401F000
stack
page read and write
874000
heap
page read and write
235D0000
trusted library allocation
page read and write
874000
heap
page read and write
408E000
stack
page read and write
4C80000
direct allocation
page execute and read and write
3FEF000
stack
page read and write
5A4000
heap
page read and write
418F000
stack
page read and write
ABD000
heap
page read and write
5A4000
heap
page read and write
5584000
trusted library allocation
page read and write
4B90000
direct allocation
page execute and read and write
2B7E000
stack
page read and write
2D0F000
stack
page read and write
874000
heap
page read and write
4951000
heap
page read and write
874000
heap
page read and write
235D0000
heap
page read and write
5531000
trusted library allocation
page read and write
A9B000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
12B8000
unkown
page execute and read and write
1D431000
heap
page read and write
874000
heap
page read and write
B50000
heap
page read and write
DE0000
direct allocation
page read and write
5A4000
heap
page read and write
5517000
trusted library allocation
page read and write
308E000
stack
page read and write
429F000
stack
page read and write
DE0000
direct allocation
page read and write
3D9F000
stack
page read and write
404F000
stack
page read and write
4551000
heap
page read and write
4E0D000
stack
page read and write
B04000
heap
page read and write
8B0000
direct allocation
page read and write
5518000
trusted library allocation
page read and write
4F80000
direct allocation
page execute and read and write
2ADE000
stack
page read and write
41BF000
stack
page read and write
1D426000
heap
page read and write
27F7000
heap
page read and write
32FE000
stack
page read and write
2BE0000
direct allocation
page read and write
37FE000
stack
page read and write
874000
heap
page read and write
EFE000
stack
page read and write
1D423000
heap
page read and write
540E000
stack
page read and write
1D426000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
5569000
trusted library allocation
page read and write
4951000
heap
page read and write
874000
heap
page read and write
1D44C000
heap
page read and write
4B70000
direct allocation
page execute and read and write
47A1000
heap
page read and write
FA0000
direct allocation
page read and write
23672000
heap
page read and write
4EC0000
direct allocation
page execute and read and write
874000
heap
page read and write
2FDF000
stack
page read and write
FA3000
heap
page read and write
4551000
heap
page read and write
3D9F000
stack
page read and write
3CBF000
stack
page read and write
4951000
heap
page read and write
874000
heap
page read and write
874000
heap
page read and write
4D90000
direct allocation
page execute and read and write
4551000
heap
page read and write
365E000
stack
page read and write
AF1000
heap
page read and write
3BCE000
stack
page read and write
54FE000
stack
page read and write
353F000
stack
page read and write
23610000
heap
page read and write
3A7E000
stack
page read and write
E5B000
unkown
page execute and read and write
874000
heap
page read and write
4551000
heap
page read and write
434E000
stack
page read and write
3CCE000
stack
page read and write
BA0000
heap
page read and write
874000
heap
page read and write
4BE0000
trusted library allocation
page read and write
874000
heap
page read and write
EFE000
stack
page read and write
3C8E000
stack
page read and write
5549000
trusted library allocation
page read and write
5569000
trusted library allocation
page read and write
43DF000
stack
page read and write
5A4000
heap
page read and write
86FB000
stack
page read and write
1D44B000
heap
page read and write
11B2000
unkown
page execute and read and write
4EB4000
heap
page read and write
375F000
stack
page read and write
557E000
trusted library allocation
page read and write
874000
heap
page read and write
405E000
stack
page read and write
2D5F000
stack
page read and write
4EE0000
direct allocation
page execute and read and write
42DE000
stack
page read and write
FB0000
unkown
page readonly
1D453000
heap
page read and write
DE0000
direct allocation
page read and write
1D43E000
heap
page read and write
90E000
stack
page read and write
3F0000
unkown
page readonly
874000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
4951000
heap
page read and write
F87000
heap
page read and write
4DD0000
direct allocation
page execute and read and write
1D44C000
heap
page read and write
2E6F000
stack
page read and write
874000
heap
page read and write
874000
heap
page read and write
4D70000
direct allocation
page execute and read and write
4E20000
direct allocation
page execute and read and write
874000
heap
page read and write
B90000
heap
page read and write
48C0000
direct allocation
page read and write
4BD0000
direct allocation
page execute and read and write
50B0000
remote allocation
page read and write
1D417000
heap
page read and write
874000
heap
page read and write
5515000
trusted library allocation
page read and write
10F8000
unkown
page execute and read and write
3A1E000
stack
page read and write
4951000
heap
page read and write
4BD0000
direct allocation
page execute and read and write
4F8E000
stack
page read and write
874000
heap
page read and write
D86000
heap
page read and write
4551000
heap
page read and write
1471000
unkown
page execute and write copy
2A44C000
stack
page read and write
4F50000
direct allocation
page execute and read and write
3F0000
unkown
page read and write
4551000
heap
page read and write
34EE000
stack
page read and write
5536000
trusted library allocation
page read and write
50B0000
remote allocation
page read and write
5FF5000
heap
page read and write
1D423000
heap
page read and write
874000
heap
page read and write
4551000
heap
page read and write
FB0000
unkown
page readonly
49C000
stack
page read and write
238EF000
heap
page read and write
4551000
heap
page read and write
5553000
trusted library allocation
page read and write
FC7000
heap
page read and write
4EE0000
direct allocation
page execute and read and write
3B4F000
stack
page read and write
1D419000
heap
page read and write
4C70000
direct allocation
page execute and read and write
2C1F000
stack
page read and write
416E000
stack
page read and write
5549000
trusted library allocation
page read and write
874000
heap
page read and write
469E000
stack
page read and write
874000
heap
page read and write
4551000
heap
page read and write
4551000
heap
page read and write
1D44A000
heap
page read and write
5A4000
heap
page read and write
361F000
stack
page read and write
4551000
heap
page read and write
35EF000
stack
page read and write
329E000
stack
page read and write
FB0000
unkown
page readonly
4951000
heap
page read and write
B1000
unkown
page execute and read and write
1CEAE000
stack
page read and write
62FF000
stack
page read and write
4951000
heap
page read and write
7321000
heap
page read and write
45A1000
heap
page read and write
4F90000
direct allocation
page execute and read and write
4551000
heap
page read and write
FB1000
unkown
page execute and write copy
480F000
stack
page read and write
4951000
heap
page read and write
874000
heap
page read and write
4EE0000
direct allocation
page execute and read and write
4551000
heap
page read and write
A70000
heap
page read and write
2FEE000
stack
page read and write
4551000
heap
page read and write
4B90000
direct allocation
page execute and read and write
7198000
heap
page read and write
525E000
stack
page read and write
874000
heap
page read and write
236D0000
trusted library allocation
page read and write
39DF000
stack
page read and write
61ECD000
direct allocation
page readonly
628000
unkown
page execute and read and write
874000
heap
page read and write
5A4000
heap
page read and write
1015000
heap
page read and write
5563000
trusted library allocation
page read and write
875000
heap
page read and write
379E000
stack
page read and write
5A4000
heap
page read and write
1D15D000
stack
page read and write
F7E000
stack
page read and write
874000
heap
page read and write
12CE000
unkown
page execute and write copy
5A4000
heap
page read and write
1D430000
heap
page read and write
4C00000
direct allocation
page execute and read and write
1D438000
heap
page read and write
27F0000
heap
page read and write
45A1000
heap
page read and write
B10000
heap
page read and write
33AE000
stack
page read and write
BF0000
heap
page read and write
304F000
stack
page read and write
DA0000
direct allocation
page read and write
4661000
heap
page read and write
874000
heap
page read and write
1100000
unkown
page execute and read and write
3EEE000
stack
page read and write
27E0000
direct allocation
page read and write
2C8F000
stack
page read and write
705000
heap
page read and write
2ECF000
stack
page read and write
2B3F000
stack
page read and write
5A4000
heap
page read and write
870000
heap
page read and write
12B1000
unkown
page execute and write copy
4953000
heap
page read and write
748000
heap
page read and write
1D418000
heap
page read and write
A98000
heap
page read and write
33CF000
stack
page read and write
EF8000
stack
page read and write
3C5F000
stack
page read and write
2B5E000
stack
page read and write
5A4000
heap
page read and write
4551000
heap
page read and write
5569000
trusted library allocation
page read and write
110E000
unkown
page execute and write copy
311F000
stack
page read and write
43DF000
stack
page read and write
3EDF000
stack
page read and write
33DE000
stack
page read and write
B04000
heap
page read and write
DA0000
direct allocation
page read and write
1D431000
heap
page read and write
5567000
trusted library allocation
page read and write
1D430000
heap
page read and write
39AF000
stack
page read and write
2DFE000
stack
page read and write
4551000
heap
page read and write
D25000
heap
page read and write
4B10000
direct allocation
page execute and read and write
1019000
unkown
page write copy
354E000
stack
page read and write
4F6E000
stack
page read and write
4951000
heap
page read and write
5531000
trusted library allocation
page read and write
A50000
heap
page read and write
23493000
heap
page read and write
FC2000
heap
page read and write
1D423000
heap
page read and write
238F7000
heap
page read and write
4EB0000
heap
page read and write
278E000
stack
page read and write
874000
heap
page read and write
874000
heap
page read and write
1D431000
heap
page read and write
875000
heap
page read and write
7420000
heap
page read and write
27E0000
direct allocation
page read and write
B1000
unkown
page execute and write copy
5A0000
heap
page read and write
3B3000
unkown
page execute and write copy
238F5000
heap
page read and write
311F000
stack
page read and write
2D8F000
stack
page read and write
4990000
trusted library allocation
page read and write
AE3000
heap
page read and write
3C6E000
stack
page read and write
87FC000
stack
page read and write
27E0000
direct allocation
page read and write
A2A000
heap
page read and write
45CE000
stack
page read and write
4CF0000
direct allocation
page execute and read and write
45A1000
heap
page read and write
2C5F000
stack
page read and write
5536000
trusted library allocation
page read and write
874000
heap
page read and write
1019000
unkown
page write copy
4951000
heap
page read and write
B04000
heap
page read and write
AEC000
heap
page read and write
874000
heap
page read and write
F73000
heap
page read and write
874000
heap
page read and write
2BDF000
stack
page read and write
2A54C000
stack
page read and write
5FDE000
stack
page read and write
8E0000
unkown
page execute and read and write
38CF000
stack
page read and write
2BE0000
direct allocation
page read and write
4951000
heap
page read and write
358E000
stack
page read and write
8EB000
heap
page read and write
3F7E000
stack
page read and write
3F1E000
stack
page read and write
27CC000
stack
page read and write
2C1E000
stack
page read and write
1D43E000
heap
page read and write
511E000
stack
page read and write
4BA0000
direct allocation
page execute and read and write
4C80000
direct allocation
page execute and read and write
4F30000
direct allocation
page execute and read and write
4951000
heap
page read and write
4951000
heap
page read and write
5A4000
heap
page read and write
71F000
heap
page read and write
42AE000
stack
page read and write
B2C000
stack
page read and write
4D60000
direct allocation
page execute and read and write
38AE000
stack
page read and write
4951000
heap
page read and write
1D415000
heap
page read and write
874000
heap
page read and write
DA0000
direct allocation
page read and write
1D43A000
heap
page read and write
2BE0000
direct allocation
page read and write
4B00000
direct allocation
page read and write
2DCE000
stack
page read and write
479F000
stack
page read and write
4F70000
direct allocation
page execute and read and write
1D43E000
heap
page read and write
50B0000
remote allocation
page read and write
4551000
heap
page read and write
8B0000
direct allocation
page read and write
874000
heap
page read and write
47A1000
heap
page read and write
61ED3000
direct allocation
page read and write
DF0000
unkown
page read and write
1CD6E000
stack
page read and write
4ED0000
direct allocation
page execute and read and write
2A0E000
stack
page read and write
1D42B000
heap
page read and write
45A1000
heap
page read and write
4A74000
direct allocation
page read and write
5567000
trusted library allocation
page read and write
4551000
heap
page read and write
4551000
heap
page read and write
3DCF000
stack
page read and write
5A4000
heap
page read and write
3B8F000
stack
page read and write
4951000
heap
page read and write
7190000
heap
page read and write
2BDE000
stack
page read and write
2D9E000
stack
page read and write
4551000
heap
page read and write
4951000
heap
page read and write
5A4000
heap
page read and write
6CA40000
unkown
page readonly
12B8000
unkown
page execute and read and write
48C0000
direct allocation
page read and write
443F000
stack
page read and write
5A4000
heap
page read and write
F71000
heap
page read and write
330E000
stack
page read and write
ABD000
heap
page read and write
DDE000
stack
page read and write
364F000
stack
page read and write
4951000
heap
page read and write
5A4000
heap
page read and write
AC1000
heap
page read and write
23628000
heap
page read and write
2E0F000
stack
page read and write
1D447000
heap
page read and write
AC9000
heap
page read and write
8B0000
direct allocation
page read and write
553C000
trusted library allocation
page read and write
50DF000
stack
page read and write
5A4000
heap
page read and write
49B5000
heap
page read and write
874000
heap
page read and write
1D41D000
heap
page read and write
AA3000
heap
page read and write
4E5F000
stack
page read and write
4951000
heap
page read and write
AC1000
heap
page read and write
351E000
stack
page read and write
D7E000
heap
page read and write
27E0000
direct allocation
page read and write
412F000
stack
page read and write
4F1F000
stack
page read and write
2E9F000
stack
page read and write
444F000
stack
page read and write
6CCC0000
unkown
page read and write
5A4000
heap
page read and write
5559000
trusted library allocation
page read and write
4951000
heap
page read and write
27E0000
direct allocation
page read and write
4D00000
direct allocation
page execute and read and write
AF1000
heap
page read and write
53AF000
stack
page read and write
5A4C000
stack
page read and write
93D000
stack
page read and write
12CE000
unkown
page execute and read and write
553C000
trusted library allocation
page read and write
48C0000
direct allocation
page read and write
874000
heap
page read and write
1D29E000
stack
page read and write
5539000
trusted library allocation
page read and write
EF3000
stack
page read and write
3EAE000
stack
page read and write
455E000
stack
page read and write
23631000
heap
page read and write
874000
heap
page read and write
38FF000
stack
page read and write
CF8000
heap
page read and write
4551000
heap
page read and write
2EFF000
stack
page read and write
B0000
unkown
page read and write
4951000
heap
page read and write
5A4000
heap
page read and write
4F50000
direct allocation
page execute and read and write
5548000
trusted library allocation
page read and write
2B1F000
stack
page read and write
874000
heap
page read and write
1D445000
heap
page read and write
CB0000
heap
page read and write
1D43B000
heap
page read and write
45A1000
heap
page read and write
DE0000
direct allocation
page read and write
236D0000
trusted library allocation
page read and write
4A5000
unkown
page execute and read and write
4551000
heap
page read and write
322F000
stack
page read and write
1D447000
heap
page read and write
874000
heap
page read and write
6CCC5000
unkown
page readonly
462F000
stack
page read and write
874000
heap
page read and write
4551000
heap
page read and write
4A2D000
stack
page read and write
146E000
unkown
page execute and read and write
23612000
heap
page read and write
8B0000
direct allocation
page read and write
45A1000
heap
page read and write
4551000
heap
page read and write
4951000
heap
page read and write
4951000
heap
page read and write
5FF6000
heap
page read and write
408E000
stack
page read and write
47A1000
heap
page read and write
45A1000
heap
page read and write
4F60000
direct allocation
page execute and read and write
551B000
trusted library allocation
page read and write
4B30000
direct allocation
page execute and read and write
AFB000
stack
page read and write
4551000
heap
page read and write
42DE000
stack
page read and write
5539000
trusted library allocation
page read and write
37CF000
stack
page read and write
3D6F000
stack
page read and write
128C000
unkown
page execute and read and write
61E00000
direct allocation
page execute and read and write
8AD000
unkown
page execute and read and write
874000
heap
page read and write
4C1C000
stack
page read and write
1019000
unkown
page write copy
4CA0000
direct allocation
page execute and read and write
4951000
heap
page read and write
FA0000
direct allocation
page execute and read and write
458F000
stack
page read and write
4660000
heap
page read and write
874000
heap
page read and write
1D448000
heap
page read and write
238E0000
heap
page read and write
326E000
stack
page read and write
39EE000
stack
page read and write
ABD000
heap
page read and write
2BE0000
direct allocation
page read and write
ABD000
heap
page read and write
8EF000
unkown
page execute and write copy
4951000
heap
page read and write
ABD000
heap
page read and write
4551000
heap
page read and write
4661000
heap
page read and write
23698000
heap
page read and write
874000
heap
page read and write
875000
heap
page read and write
12CE000
unkown
page execute and read and write
45A1000
heap
page read and write
1D449000
heap
page read and write
48D1000
heap
page read and write
4551000
heap
page read and write
DBB000
heap
page read and write
874000
heap
page read and write
2BE0000
direct allocation
page read and write
4BC0000
direct allocation
page execute and read and write
45A1000
heap
page read and write
5840000
heap
page read and write
B04000
heap
page read and write
6CAD2000
unkown
page readonly
A7E000
heap
page read and write
875000
heap
page read and write
12CE000
unkown
page execute and write copy
303F000
stack
page read and write
4D5E000
stack
page read and write
B55000
heap
page read and write
2D5F000
stack
page read and write
61ED4000
direct allocation
page readonly
12C0000
unkown
page execute and read and write
DA0000
direct allocation
page read and write
4990000
heap
page read and write
4E1C000
stack
page read and write
874000
heap
page read and write
875000
heap
page read and write
5A4000
heap
page read and write
4551000
heap
page read and write
4551000
heap
page read and write
317F000
stack
page read and write
41CE000
stack
page read and write
2FAF000
stack
page read and write
AA0000
heap
page read and write
5A4000
heap
page read and write
554B000
trusted library allocation
page read and write
235F0000
heap
page read and write
4951000
heap
page read and write
1D44C000
heap
page read and write
1D43B000
heap
page read and write
2EDE000
stack
page read and write
1D430000
heap
page read and write
4EE0000
direct allocation
page execute and read and write
3F8E000
stack
page read and write
759000
heap
page read and write
5548000
trusted library allocation
page read and write
4551000
heap
page read and write
5A4000
heap
page read and write
874000
heap
page read and write
3C9E000
stack
page read and write
1D446000
heap
page read and write
109000
unkown
page execute and read and write
70A000
heap
page read and write
1D458000
heap
page read and write
23614000
heap
page read and write
2C5E000
stack
page read and write
7330000
heap
page read and write
4C80000
direct allocation
page execute and read and write
4551000
heap
page read and write
874000
heap
page read and write
4951000
heap
page read and write
4F00000
direct allocation
page execute and read and write
8B0000
direct allocation
page read and write
874000
heap
page read and write
874000
heap
page read and write
6CA41000
unkown
page execute read
3B2000
unkown
page execute and read and write
874000
heap
page read and write
27D0000
heap
page read and write
9BE000
heap
page read and write
4951000
heap
page read and write
3B7F000
stack
page read and write
4951000
heap
page read and write
A95000
unkown
page execute and read and write
4EB0000
direct allocation
page execute and read and write
4951000
heap
page read and write
465F000
stack
page read and write
874000
heap
page read and write
1D42D000
heap
page read and write
AC1000
heap
page read and write
4551000
heap
page read and write
48AF000
stack
page read and write
2BE0000
direct allocation
page read and write
FAE000
stack
page read and write
B10000
heap
page read and write
F00000
heap
page read and write
521F000
stack
page read and write
4551000
heap
page read and write
340E000
stack
page read and write
874000
heap
page read and write
1D402000
heap
page read and write
B04000
heap
page read and write
874000
heap
page read and write
4BC000
unkown
page execute and read and write
3F1E000
stack
page read and write
5A4000
heap
page read and write
4551000
heap
page read and write
48B0000
heap
page read and write
61E01000
direct allocation
page execute read
B08000
heap
page read and write
45A1000
heap
page read and write
874000
heap
page read and write
874000
heap
page read and write
4951000
heap
page read and write
48C0000
direct allocation
page read and write
2F4E000
stack
page read and write
23616000
heap
page read and write
5A4000
heap
page read and write
44EF000
stack
page read and write
4951000
heap
page read and write
CAE000
stack
page read and write
4D9E000
stack
page read and write
3DAE000
stack
page read and write
1CE6F000
stack
page read and write
48D1000
heap
page read and write
5543000
trusted library allocation
page read and write
EBE000
stack
page read and write
61EB4000
direct allocation
page read and write
61FF000
stack
page read and write
5588000
trusted library allocation
page read and write
2C5E000
stack
page read and write
4951000
heap
page read and write
4D90000
trusted library allocation
page read and write
FD4000
heap
page read and write
874000
heap
page read and write
328F000
stack
page read and write
238FD000
heap
page read and write
45A1000
heap
page read and write
4951000
heap
page read and write
29CE000
stack
page read and write
127E000
stack
page read and write
2A10000
heap
page read and write
4951000
heap
page read and write
5A4000
heap
page read and write
48C0000
direct allocation
page read and write
1D43B000
heap
page read and write
6CAE1000
unkown
page execute read
4DD0000
direct allocation
page read and write
CF6000
heap
page read and write
4951000
heap
page read and write
4951000
heap
page read and write
380E000
stack
page read and write
CFE000
stack
page read and write
5584000
trusted library allocation
page read and write
5569000
trusted library allocation
page read and write
27E0000
direct allocation
page read and write
4B40000
direct allocation
page execute and read and write
4E30000
direct allocation
page execute and read and write
27E0000
direct allocation
page read and write
33DE000
stack
page read and write
27FD000
heap
page read and write
4551000
heap
page read and write
5516000
trusted library allocation
page read and write
113E000
stack
page read and write
101B000
unkown
page execute and read and write
390E000
stack
page read and write
4671000
heap
page read and write
2A551000
heap
page read and write
2BE0000
direct allocation
page read and write
470E000
stack
page read and write
874000
heap
page read and write
2B8F000
stack
page read and write
2BE0000
direct allocation
page read and write
1471000
unkown
page execute and write copy
39C000
unkown
page execute and read and write
5A4000
heap
page read and write
1D431000
heap
page read and write
DA0000
direct allocation
page read and write
45A1000
heap
page read and write
4A0C000
stack
page read and write
1D39C000
stack
page read and write
4951000
heap
page read and write
2BE0000
direct allocation
page read and write
7F0000
heap
page read and write
1D427000
heap
page read and write
4951000
heap
page read and write
1D41F000
heap
page read and write
A96000
unkown
page execute and write copy
5A4000
heap
page read and write
4DD0000
direct allocation
page read and write
1D41B000
heap
page read and write
4B50000
direct allocation
page execute and read and write
874000
heap
page read and write
DA0000
direct allocation
page read and write
8A0000
heap
page read and write
F5000
unkown
page execute and read and write
B0000
unkown
page readonly
5A4000
heap
page read and write
315E000
stack
page read and write
B10000
heap
page read and write
4551000
heap
page read and write
430F000
stack
page read and write
9D0000
heap
page read and write
FD9000
heap
page read and write
4551000
heap
page read and write
874000
heap
page read and write
59D000
stack
page read and write
1D445000
heap
page read and write
4951000
heap
page read and write
47AE000
stack
page read and write
1471000
unkown
page execute and write copy
8ACC000
stack
page read and write
F20000
heap
page read and write
4551000
heap
page read and write
365E000
stack
page read and write
DE0000
direct allocation
page read and write
4951000
heap
page read and write
539D000
stack
page read and write
FB0000
unkown
page read and write
441E000
stack
page read and write
45A1000
heap
page read and write
12C0000
unkown
page execute and read and write
4951000
heap
page read and write
56B6000
trusted library allocation
page read and write
B04000
heap
page read and write
874000
heap
page read and write
874000
heap
page read and write
874000
heap
page read and write
883E000
stack
page read and write
AF1000
heap
page read and write
4551000
heap
page read and write
4A7C000
stack
page read and write
874000
heap
page read and write
101B000
unkown
page execute and read and write
5A4000
heap
page read and write
29FF000
stack
page read and write
3A0F000
stack
page read and write
5A4000
heap
page read and write
5549000
trusted library allocation
page read and write
875000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
DA0000
direct allocation
page read and write
1D453000
heap
page read and write
874000
heap
page read and write
4551000
heap
page read and write
4551000
heap
page read and write
B04000
heap
page read and write
4F70000
direct allocation
page execute and read and write
FB1000
unkown
page execute and write copy
6C0000
heap
page read and write
389F000
stack
page read and write
874000
heap
page read and write
DA0000
direct allocation
page read and write
874000
heap
page read and write
874000
heap
page read and write
1D417000
heap
page read and write
ADB000
heap
page read and write
45A0000
heap
page read and write
1D431000
heap
page read and write
3F3F000
stack
page read and write
874000
heap
page read and write
874000
heap
page read and write
874000
heap
page read and write
298F000
stack
page read and write
5A4000
heap
page read and write
4C50000
direct allocation
page execute and read and write
43AF000
stack
page read and write
874000
heap
page read and write
4E9F000
stack
page read and write
3DFF000
stack
page read and write
4951000
heap
page read and write
FB0000
unkown
page read and write
8C0000
heap
page read and write
4951000
heap
page read and write
402E000
stack
page read and write
DE0000
direct allocation
page read and write
FB1000
unkown
page execute and write copy
6CABD000
unkown
page readonly
3A4F000
stack
page read and write
4B7F000
stack
page read and write
2D9E000
stack
page read and write
36CE000
stack
page read and write
3E0E000
stack
page read and write
1012000
unkown
page execute and read and write
AF1000
heap
page read and write
552000
unkown
page execute and read and write
45A1000
heap
page read and write
340F000
stack
page read and write
1D430000
heap
page read and write
1D43E000
heap
page read and write
6CACE000
unkown
page read and write
4551000
heap
page read and write
373000
unkown
page execute and read and write
2C7F000
stack
page read and write
97E000
stack
page read and write
2C67000
heap
page read and write
2362E000
heap
page read and write
508F000
stack
page read and write
B00000
heap
page read and write
405E000
stack
page read and write
48C0000
direct allocation
page read and write
4951000
heap
page read and write
874000
heap
page read and write
1471000
unkown
page execute and write copy
9BA000
heap
page read and write
1D44C000
heap
page read and write
4970000
heap
page read and write
48C0000
direct allocation
page read and write
874000
heap
page read and write
2C00000
heap
page read and write
351E000
stack
page read and write
4E9E000
stack
page read and write
4F9E000
stack
page read and write
A9F000
heap
page read and write
4951000
heap
page read and write
4D90000
direct allocation
page execute and read and write
DA0000
direct allocation
page read and write
DE0000
direct allocation
page read and write
557E000
trusted library allocation
page read and write
1471000
unkown
page execute and write copy
386F000
stack
page read and write
2FDF000
stack
page read and write
34DF000
stack
page read and write
452E000
stack
page read and write
6CB000
heap
page read and write
4C3F000
stack
page read and write
AF2000
heap
page read and write
DA0000
direct allocation
page read and write
4550000
heap
page read and write
4951000
heap
page read and write
48C0000
direct allocation
page read and write
61ECC000
direct allocation
page read and write
441E000
stack
page read and write
4C80000
direct allocation
page execute and read and write
1D445000
heap
page read and write
3DDE000
stack
page read and write
12CF000
unkown
page execute and write copy
1012000
unkown
page execute and read and write
27E0000
direct allocation
page read and write
4951000
heap
page read and write
2DBF000
stack
page read and write
465F000
stack
page read and write
40CE000
stack
page read and write
48C0000
direct allocation
page read and write
10CC000
unkown
page execute and read and write
4951000
heap
page read and write
390F000
stack
page read and write
4951000
heap
page read and write
559A000
trusted library allocation
page read and write
4DD0000
direct allocation
page read and write
3A3F000
stack
page read and write
710000
heap
page read and write
429F000
stack
page read and write
874000
heap
page read and write
4B60000
direct allocation
page execute and read and write
874000
heap
page read and write
3CFE000
stack
page read and write
4551000
heap
page read and write
4951000
heap
page read and write
5539000
trusted library allocation
page read and write
874000
heap
page read and write
5521000
trusted library allocation
page read and write
484E000
stack
page read and write
874000
heap
page read and write
4F10000
direct allocation
page execute and read and write
874000
heap
page read and write
4EE0000
direct allocation
page execute and read and write
4960000
heap
page read and write
1D40B000
heap
page read and write
4551000
heap
page read and write
5A4000
heap
page read and write
38DE000
stack
page read and write
2EDE000
stack
page read and write
4EF0000
direct allocation
page execute and read and write
DA0000
direct allocation
page read and write
8B0000
direct allocation
page read and write
874000
heap
page read and write
4551000
heap
page read and write
1D400000
heap
page read and write
1D417000
heap
page read and write
36BE000
stack
page read and write
146E000
unkown
page execute and read and write
12C0000
unkown
page execute and read and write
4B80000
direct allocation
page execute and read and write
1D427000
heap
page read and write
8BCC000
stack
page read and write
42CF000
stack
page read and write
4580000
heap
page read and write
1D430000
heap
page read and write
4951000
heap
page read and write
4950000
heap
page read and write
5A4000
heap
page read and write
A1E000
stack
page read and write
E59000
unkown
page write copy
318F000
stack
page read and write
2F0E000
stack
page read and write
42FF000
stack
page read and write
557000
unkown
page execute and read and write
4EE0000
direct allocation
page execute and read and write
4A30000
direct allocation
page read and write
8B0000
direct allocation
page read and write
393E000
stack
page read and write
466E000
stack
page read and write
7F0000
heap
page read and write
870000
heap
page read and write
1CFAE000
stack
page read and write
474000
unkown
page execute and read and write
11B2000
unkown
page execute and read and write
8EF000
unkown
page execute and read and write
4E00000
direct allocation
page execute and read and write
1D43E000
heap
page read and write
4D5F000
stack
page read and write
494F000
stack
page read and write
874000
heap
page read and write
1D41F000
heap
page read and write
4551000
heap
page read and write
559A000
trusted library allocation
page read and write
AEF000
heap
page read and write
451F000
stack
page read and write
4BC0000
direct allocation
page execute and read and write
6400000
heap
page read and write
4551000
heap
page read and write
1D445000
heap
page read and write
8B0000
direct allocation
page read and write
123E000
stack
page read and write
1D446000
heap
page read and write
AE3000
heap
page read and write
4551000
heap
page read and write
874000
heap
page read and write
4E06000
direct allocation
page read and write
4AB0000
trusted library allocation
page read and write
1D416000
heap
page read and write
B00000
heap
page read and write
27E0000
direct allocation
page read and write
4951000
heap
page read and write
9B0000
heap
page read and write
B04000
heap
page read and write
874000
heap
page read and write
2E9F000
stack
page read and write
420E000
stack
page read and write
4F4F000
stack
page read and write
4551000
heap
page read and write
2BE0000
direct allocation
page read and write
4DF0000
direct allocation
page execute and read and write
3E0F000
stack
page read and write
DE0000
direct allocation
page read and write
45A1000
heap
page read and write
45A1000
heap
page read and write
B04000
heap
page read and write
E59000
unkown
page write copy
874000
heap
page read and write
1D42B000
heap
page read and write
426F000
stack
page read and write
325F000
stack
page read and write
1D427000
heap
page read and write
3EDF000
stack
page read and write
3B5E000
stack
page read and write
1D01E000
stack
page read and write
4B30000
direct allocation
page execute and read and write
3B8E000
stack
page read and write
DE0000
direct allocation
page read and write
4551000
heap
page read and write
48C0000
direct allocation
page read and write
5A4000
heap
page read and write
1D11F000
stack
page read and write
1D44C000
heap
page read and write
3BBE000
stack
page read and write
D5C000
heap
page read and write
3E4E000
stack
page read and write
3B2000
unkown
page execute and write copy
549C000
stack
page read and write
AEE000
stack
page read and write
4C5E000
stack
page read and write
1CD2F000
stack
page read and write
5567000
trusted library allocation
page read and write
110F000
unkown
page execute and write copy
314F000
stack
page read and write
315E000
stack
page read and write
1D430000
heap
page read and write
874000
heap
page read and write
5A4000
heap
page read and write
8B0000
direct allocation
page read and write
874000
heap
page read and write
4560000
heap
page read and write
8B0000
direct allocation
page read and write
874000
heap
page read and write
1D425000
heap
page read and write
4B61000
direct allocation
page read and write
4551000
heap
page read and write
1D427000
heap
page read and write
F80000
heap
page read and write
4D90000
direct allocation
page execute and read and write
2BE0000
direct allocation
page read and write
4551000
heap
page read and write
45A1000
heap
page read and write
407F000
stack
page read and write
1D417000
heap
page read and write
B04000
heap
page read and write
5521000
trusted library allocation
page read and write
3A8E000
stack
page read and write
1D41F000
heap
page read and write
1D41F000
heap
page read and write
7330000
heap
page read and write
F2A000
heap
page read and write
4551000
heap
page read and write
34AF000
stack
page read and write
874000
heap
page read and write
12CE000
unkown
page execute and write copy
4C81000
direct allocation
page read and write
A66000
heap
page read and write
128C000
unkown
page execute and read and write
4551000
heap
page read and write
FA0000
direct allocation
page read and write
3A3000
unkown
page execute and read and write
368F000
stack
page read and write
874000
heap
page read and write
4FDE000
stack
page read and write
4A30000
direct allocation
page read and write
3F1000
unkown
page execute and write copy
4F60000
direct allocation
page execute and read and write
874000
heap
page read and write
367F000
stack
page read and write
4F40000
direct allocation
page execute and read and write
362E000
stack
page read and write
1D447000
heap
page read and write
6990000
trusted library allocation
page read and write
4551000
heap
page read and write
F90000
direct allocation
page read and write
419E000
stack
page read and write
368E000
stack
page read and write
3AEF000
stack
page read and write
12B8000
unkown
page execute and read and write
5A4000
heap
page read and write
5521000
trusted library allocation
page read and write
2EAE000
stack
page read and write
4551000
heap
page read and write
389F000
stack
page read and write
45C000
stack
page read and write
1D431000
heap
page read and write
4951000
heap
page read and write
4BB0000
direct allocation
page execute and read and write
4951000
heap
page read and write
4951000
heap
page read and write
D5E000
stack
page read and write
419E000
stack
page read and write
5534000
trusted library allocation
page read and write
339F000
stack
page read and write
874000
heap
page read and write
427000
unkown
page execute and read and write
5A4000
heap
page read and write
1D418000
heap
page read and write
1D430000
heap
page read and write
32BF000
stack
page read and write
874000
heap
page read and write
E52000
unkown
page execute and read and write
47A0000
heap
page read and write
5F5E000
stack
page read and write
9BD000
stack
page read and write
301E000
stack
page read and write
DA0000
direct allocation
page read and write
1025000
heap
page read and write
52A0000
heap
page read and write
4951000
heap
page read and write
4951000
heap
page read and write
1019000
unkown
page write copy
307E000
stack
page read and write
4F80000
direct allocation
page execute and read and write
110E000
unkown
page execute and read and write
535E000
stack
page read and write
46A0000
trusted library allocation
page read and write
DB7000
heap
page read and write
2C60000
heap
page read and write
732E000
heap
page read and write
5A4000
heap
page read and write
4551000
heap
page read and write
DA0000
direct allocation
page read and write
874000
heap
page read and write
2373E000
stack
page read and write
6FA000
stack
page read and write
D90000
heap
page read and write
137E000
stack
page read and write
12CE000
unkown
page execute and read and write
46CF000
stack
page read and write
875000
heap
page read and write
354F000
stack
page read and write
1D43E000
heap
page read and write
B04000
heap
page read and write
455E000
stack
page read and write
F90000
direct allocation
page read and write
4951000
heap
page read and write
448E000
stack
page read and write
4551000
heap
page read and write
6CC7F000
unkown
page readonly
415F000
stack
page read and write
47A1000
heap
page read and write
874000
heap
page read and write
4551000
heap
page read and write
4551000
heap
page read and write
318E000
stack
page read and write
AC1000
heap
page read and write
1D445000
heap
page read and write
47A1000
heap
page read and write
1D43E000
heap
page read and write
298F000
stack
page read and write
B04000
heap
page read and write
4B00000
direct allocation
page read and write
1D520000
trusted library allocation
page read and write
11B2000
unkown
page execute and read and write
DF0000
unkown
page readonly
4DC1000
direct allocation
page read and write
1D42D000
heap
page read and write
31BE000
stack
page read and write
1D41E000
heap
page read and write
874000
heap
page read and write
23669000
heap
page read and write
5A4000
heap
page read and write
B08000
heap
page read and write
3C9E000
stack
page read and write
27E0000
direct allocation
page read and write
451F000
stack
page read and write
440F000
stack
page read and write
3C5F000
stack
page read and write
4B30000
direct allocation
page execute and read and write
B09000
heap
page read and write
2BE0000
direct allocation
page read and write
8B0000
direct allocation
page read and write
32CE000
stack
page read and write
238ED000
heap
page read and write
D77000
heap
page read and write
There are 1486 hidden memdumps, click here to show them.