IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsDBGIJEHIID.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFHJJEHIEBKKFIDHDGHJ
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\ProgramData\BKFIJJEG
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\CGIDGCGIEGDGDGDGHJKKKJKECG
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EBGDHJECFCFCAKFHCFID
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\FCAAAAFB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\IDAAKEHJDHJKEBFHJEGD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\IDHIEBAAKJDHIECAAFHCAECAFC
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2461e19e-54b0-4fa4-808d-3467bf6c4063.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\65da54d9-7f86-4b4d-9dd9-dccb368361f1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9c3d9301-5c69-49e1-9fef-29bb72a8a43b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\9f730c4b-b423-489c-9699-095f3ea834da.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6744B3B9-1F84.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\33489f3d-be99-49b9-b818-666623242108.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4f3100f0-dd32-448e-ace1-d45e8a099651.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\62f3a47b-edd8-4ee9-99cf-53e19891e6ba.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\74886a0f-977c-46dd-ab9d-ee7e85f39608.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9e8cde91-769a-4160-9050-540d6f803127.tmp
Unicode text, UTF-8 text, with very long lines (17103), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0dbacdee-1900-4f09-bb13-c36d12a3267d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\624f1f14-d910-4c11-8f39-b26d276ef684.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6c665975-4782-4f57-87b2-ceeeaa93ede2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF49e30.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3900c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a672.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b0362305-850d-4925-93ef-66580b033c15.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b3f94d09-5032-4631-8f61-b0f786b1f873.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ed7c3956-ab80-4f92-a888-e70735984623.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3d7b4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ff9e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF430b1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF48ac7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3c7c6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF4173d.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377029307817533
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2592f1be-4665-43ba-82d6-d373343ea5c9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7f8ebbdc-d330-4ca5-af27-104c60f35051.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\95b72a2c-efd3-44f1-a62e-51409514a91d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3a672.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\bcc71b01-bb3e-4e6e-987e-9e6a6e90bb9a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aaa81e57-8a9d-4779-8a93-7828fe49f3f9.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ae60b1a6-d54e-404b-995c-f06881de6b9f.tmp
Unicode text, UTF-8 text, with very long lines (17453), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c0167cad-76ea-4379-98dd-ea1cfdfef666.tmp
Unicode text, UTF-8 text, with very long lines (17288), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c3b6abec-d92a-4ba1-9dbc-6998557b25b6.tmp
Unicode text, UTF-8 text, with very long lines (17453), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\db730c8d-eae9-4274-a5e9-512b66711dbf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3780f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3781f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF379d4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a0c5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3eace.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48aa8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4e82a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a7a4b366-87f3-4527-8c18-6808a6b7e350.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ceac8e79-720e-4474-b60a-dace1dc7957f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f3832d71-328e-4de6-ba19-b78a73fe7ec7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f7c65973-8a93-4abd-9b65-4a9c10b0386e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fe9dbd4a-8473-4525-8434-b228c24f058d.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\13a8fad1-b855-4ca2-a3ee-ccafb8d9779a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\14d62d30-3ab3-41d3-9523-93154228d015.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\5d326151-ac7b-4e08-885d-affe6edc98fa.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\8c85f3df-d23f-4142-a69e-31ac7e35d33c.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\e596b36d-9b0b-47ed-a282-14e9aaae0b9f.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\edd194f2-820e-4972-85e8-c4edd0551f20.tmp
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\f1588c3f-c65c-4661-9ea0-51d6a717b9aa.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_1309210953\14d62d30-3ab3-41d3-9523-93154228d015.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_1309210953\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_1309210953\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_1309210953\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_1309210953\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\13a8fad1-b855-4ca2-a3ee-ccafb8d9779a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8068_660546537\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 16:28:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 16:28:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 16:28:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 16:28:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 16:28:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 463
ASCII text, with very long lines (7332)
downloaded
Chrome Cache Entry: 464
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 465
ASCII text
downloaded
Chrome Cache Entry: 466
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 467
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 468
SVG Scalable Vector Graphics image
downloaded
There are 285 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2388,i,17089066467111702127,3519208974984720801,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2224,i,13681611062045776192,15171286190731383131,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3004 --field-trial-handle=2488,i,14213947528394681601,11574082288306542738,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6484 --field-trial-handle=2488,i,14213947528394681601,11574082288306542738,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6624 --field-trial-handle=2488,i,14213947528394681601,11574082288306542738,262144 /prefetch:8
malicious
C:\Users\user\DocumentsDBGIJEHIID.exe
"C:\Users\user\DocumentsDBGIJEHIID.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6740 --field-trial-handle=2488,i,14213947528394681601,11574082288306542738,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDBGIJEHIID.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732555728972&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://31.41.244.11/files/random.exe09078001
unknown
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll8
unknown
https://sb.scorecardresearch.com/
unknown
http://31.41.244.11/files/random.exe1
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://31.41.244.11/
unknown
http://31.41.244.11/files/random.exeem32
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732555729006&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732555729989&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732555730556&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://c.msn.com/c.gif?rnd=1732555723259&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a424a4266fd6446fa9509a4e2b847ee6&activityId=a424a4266fd6446fa9509a4e2b847ee6&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=5A297632BA2E4052A243C3E0B8EBA7FF&MUID=1C9027A36A1F6A1B109A32E16B066B17
20.110.205.119
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.68
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732555729985&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
https://sb.scorecardresearch.com/b?rn=1732555723260&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C9027A36A1F6A1B109A32E16B066B17&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.238.49.74
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
185.215.113.206/c4becf79229cb002.php
http://185.215.113.206lfons
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://drive-daily-5.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php6
unknown
http://31.41.244.11//Zu7JuNko/index.php
unknown
http://185.215.113.206/c4becf79229cb002.php9
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
http://31.41.244.11/215.113.43/Zu7JuNko/index.php
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
23.200.88.38
http://185.215.113.206/c4becf79229cb002.phpB
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
http://31.41.244.11/files/random.exe3b31
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
https://chromewebstore.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpJ
unknown
http://31.41.244.11/files/random.exephp
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
http://185.215.113.16/mine/random.exe/=
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://m.kugou.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpd
unknown
http://31.41.244.11/files/random.exe50623oded
unknown
https://www.office.com
unknown
http://185.215.113.206/c4becf79229cb002.phpa
unknown
https://outlook.live.com/mail/0/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.181.110
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
3.160.188.18
www.google.com
142.250.181.68
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
172.217.19.225
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.5
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
23.44.133.41
unknown
United States
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
13.107.246.40
unknown
United States
4.152.199.46
unknown
United States
23.200.88.38
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
18.238.49.74
unknown
United States
162.159.61.3
unknown
United States
23.44.203.82
unknown
United States
23.44.203.80
unknown
United States
142.250.181.68
www.google.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
31.41.244.11
unknown
Russian Federation
13.107.21.237
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
185.215.113.16
unknown
Portugal
239.255.255.250
unknown
Reserved
23.44.203.90
unknown
United States
104.117.182.59
unknown
United States
20.96.153.111
unknown
United States
127.0.0.1
unknown
unknown
13.89.179.8
unknown
United States
There are 17 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197814
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197814
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197814
WindowTabManagerFileMappingId
There are 93 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5180000
direct allocation
page read and write
 malicious
941000
unkown
page execute and read and write
 malicious
52E0000
direct allocation
page read and write
 malicious
A51000
unkown
page execute and read and write
 malicious
A51000
unkown
page execute and read and write
 malicious
A51000
unkown
page execute and read and write
 malicious
FAE000
heap
page read and write
 malicious
5220000
direct allocation
page read and write
 malicious
4CF0000
direct allocation
page read and write
 malicious
311000
unkown
page execute and read and write
 malicious
50F0000
direct allocation
page read and write
 malicious
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1463000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
52F0000
direct allocation
page execute and read and write
A50000
unkown
page readonly
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D45F000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
45BF000
stack
page read and write
1224000
heap
page read and write
5430000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D48D000
heap
page read and write
483F000
stack
page read and write
1224000
heap
page read and write
30EE000
stack
page read and write
1224000
heap
page read and write
163F000
stack
page read and write
4851000
heap
page read and write
492E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1600000
heap
page read and write
4D91000
heap
page read and write
4D91000
heap
page read and write
53F0000
direct allocation
page execute and read and write
1224000
heap
page read and write
310000
unkown
page readonly
1225000
heap
page read and write
1224000
heap
page read and write
1360000
direct allocation
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1463000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3050000
direct allocation
page read and write
1225000
heap
page read and write
1464000
heap
page read and write
1224000
heap
page read and write
4840000
direct allocation
page read and write
D38000
stack
page read and write
1D00F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1D490000
heap
page read and write
7CC000
unkown
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D482000
heap
page read and write
5260000
direct allocation
page execute and read and write
1464000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
2CBF000
stack
page read and write
1224000
heap
page read and write
1D467000
heap
page read and write
4D91000
heap
page read and write
61ECD000
direct allocation
page readonly
3187000
heap
page read and write
1D46F000
heap
page read and write
1464000
heap
page read and write
129E000
stack
page read and write
1225000
heap
page read and write
1464000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
51BE000
stack
page read and write
38EE000
stack
page read and write
4C61000
heap
page read and write
4D91000
heap
page read and write
43EF000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
1224000
heap
page read and write
470E000
stack
page read and write
1224000
heap
page read and write
35DF000
stack
page read and write
1D46B000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
A50000
unkown
page readonly
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
39DE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
13E0000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
52F0000
direct allocation
page execute and read and write
1224000
heap
page read and write
393F000
stack
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3050000
direct allocation
page read and write
522F000
stack
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
160A000
heap
page read and write
430F000
stack
page read and write
1224000
heap
page read and write
1D46B000
heap
page read and write
159B000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4CE0000
direct allocation
page read and write
D54000
unkown
page execute and read and write
1D48B000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1D46B000
heap
page read and write
339E000
stack
page read and write
1224000
heap
page read and write
4E2F000
stack
page read and write
4BCF000
stack
page read and write
144D000
heap
page read and write
4D91000
heap
page read and write
6C8F000
stack
page read and write
390F000
stack
page read and write
1224000
heap
page read and write
1D46F000
heap
page read and write
52D0000
direct allocation
page execute and read and write
2F3F000
stack
page read and write
1D485000
heap
page read and write
1224000
heap
page read and write
4CF1000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
13E3000
heap
page read and write
53A0000
direct allocation
page execute and read and write
15F6000
heap
page read and write
1225000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
7FC000
unkown
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1CC2F000
stack
page read and write
F6B000
heap
page read and write
23620000
trusted library allocation
page read and write
61ED3000
direct allocation
page read and write
45CE000
stack
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
173F000
stack
page read and write
4C6E000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D19D000
stack
page read and write
1D46C000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1460000
heap
page read and write
1224000
heap
page read and write
4840000
direct allocation
page read and write
D3E000
unkown
page execute and read and write
15DA000
heap
page read and write
3050000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4A2F000
stack
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
49EE000
stack
page read and write
EE8000
unkown
page execute and write copy
477000
unkown
page execute and read and write
1224000
heap
page read and write
61E00000
direct allocation
page execute and read and write
1D485000
heap
page read and write
475F000
stack
page read and write
5180000
direct allocation
page read and write
1224000
heap
page read and write
1027000
heap
page read and write
1224000
heap
page read and write
6646000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3E3F000
stack
page read and write
4D91000
heap
page read and write
1454000
heap
page read and write
143E000
stack
page read and write
C3C000
stack
page read and write
1464000
heap
page read and write
4D91000
heap
page read and write
D10000
unkown
page execute and read and write
1224000
heap
page read and write
1360000
direct allocation
page read and write
1D475000
heap
page read and write
15DE000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
6C73F000
unkown
page readonly
1225000
heap
page read and write
1D45D000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3C1F000
stack
page read and write
1224000
heap
page read and write
5220000
direct allocation
page read and write
5300000
direct allocation
page execute and read and write
236B9000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
52C0000
direct allocation
page execute and read and write
1590000
heap
page read and write
1225000
heap
page read and write
2BBB000
stack
page read and write
4854000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
307F000
stack
page read and write
1224000
heap
page read and write
1463000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D48A000
heap
page read and write
1224000
heap
page read and write
312E000
stack
page read and write
49DF000
stack
page read and write
53D0000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D2C000
stack
page read and write
1225000
heap
page read and write
36EF000
stack
page read and write
D3E000
stack
page read and write
53A0000
direct allocation
page execute and read and write
1224000
heap
page read and write
236F1000
heap
page read and write
5370000
direct allocation
page execute and read and write
1224000
heap
page read and write
473E000
stack
page read and write
1224000
heap
page read and write
40BF000
stack
page read and write
1224000
heap
page read and write
1360000
direct allocation
page read and write
7F3000
unkown
page execute and read and write
190E000
stack
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
4E60000
direct allocation
page execute and read and write
1464000
heap
page read and write
466F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
4B2E000
stack
page read and write
4A8F000
stack
page read and write
1D462000
heap
page read and write
46AE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
1225000
heap
page read and write
590F000
stack
page read and write
1360000
direct allocation
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
311000
unkown
page execute and write copy
3BBF000
stack
page read and write
1224000
heap
page read and write
452F000
stack
page read and write
1224000
heap
page read and write
2FDF000
stack
page read and write
37CF000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5484000
heap
page read and write
1360000
direct allocation
page read and write
558E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
333E000
stack
page read and write
5470000
direct allocation
page execute and read and write
39AE000
stack
page read and write
1224000
heap
page read and write
1D46D000
heap
page read and write
145C000
heap
page read and write
1224000
heap
page read and write
4860000
heap
page read and write
4851000
heap
page read and write
5300000
direct allocation
page execute and read and write
531E000
stack
page read and write
348F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
580E000
stack
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
4851000
heap
page read and write
3FEE000
stack
page read and write
31AF000
stack
page read and write
1224000
heap
page read and write
1D446000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5280000
direct allocation
page execute and read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D475000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4E80000
direct allocation
page execute and read and write
4D91000
heap
page read and write
326F000
stack
page read and write
1224000
heap
page read and write
23720000
trusted library allocation
page read and write
1224000
heap
page read and write
AB2000
unkown
page execute and read and write
1224000
heap
page read and write
C39000
unkown
page execute and read and write
1224000
heap
page read and write
1225000
heap
page read and write
678E000
stack
page read and write
338F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
408F000
stack
page read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
4840000
direct allocation
page read and write
5341000
direct allocation
page read and write
C44000
unkown
page execute and read and write
1224000
heap
page read and write
AB9000
unkown
page write copy
399F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
4CE0000
direct allocation
page read and write
1D467000
heap
page read and write
1224000
heap
page read and write
157E000
stack
page read and write
1224000
heap
page read and write
5340000
direct allocation
page execute and read and write
1360000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
D45000
unkown
page execute and read and write
1D485000
heap
page read and write
347E000
stack
page read and write
4D91000
heap
page read and write
416F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
236DF000
heap
page read and write
1D46D000
heap
page read and write
484E000
stack
page read and write
FA0000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
3E6F000
stack
page read and write
34EF000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
3E7E000
stack
page read and write
125C000
stack
page read and write
1224000
heap
page read and write
316E000
stack
page read and write
1224000
heap
page read and write
1D475000
heap
page read and write
1D463000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
44DF000
stack
page read and write
5350000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
A50000
unkown
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
180F000
stack
page read and write
55C000
unkown
page execute and read and write
8CF3000
heap
page read and write
411F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
9A9000
unkown
page execute and read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
EE8000
unkown
page execute and write copy
4A6E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3050000
direct allocation
page read and write
5370000
direct allocation
page execute and read and write
1224000
heap
page read and write
133E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
6640000
heap
page read and write
1224000
heap
page read and write
941000
unkown
page execute and write copy
13FB000
heap
page read and write
1224000
heap
page read and write
4840000
direct allocation
page read and write
3A4F000
stack
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
39EF000
stack
page read and write
1224000
heap
page read and write
554B000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
D3E000
unkown
page execute and read and write
1224000
heap
page read and write
4D91000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
144C000
heap
page read and write
5CEC000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
1224000
heap
page read and write
2357E000
heap
page read and write
142F000
heap
page read and write
A51000
unkown
page execute and write copy
4851000
heap
page read and write
4840000
direct allocation
page read and write
4D91000
heap
page read and write
44BE000
stack
page read and write
52BF000
stack
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
4840000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
35AF000
stack
page read and write
4D91000
heap
page read and write
444F000
stack
page read and write
3170000
direct allocation
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
A50000
unkown
page read and write
D54000
unkown
page execute and write copy
1224000
heap
page read and write
1360000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
6C77E000
unkown
page read and write
4851000
heap
page read and write
44AE000
stack
page read and write
15BE000
stack
page read and write
1224000
heap
page read and write
5500000
direct allocation
page execute and read and write
52D0000
direct allocation
page execute and read and write
3E9F000
stack
page read and write
3EEF000
stack
page read and write
D54000
unkown
page execute and write copy
5240000
direct allocation
page execute and read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
54F0000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
FED000
stack
page read and write
396F000
stack
page read and write
1224000
heap
page read and write
52E0000
direct allocation
page read and write
1D46A000
heap
page read and write
144C000
heap
page read and write
1D45B000
heap
page read and write
13D0000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1CDAE000
stack
page read and write
4851000
heap
page read and write
1D464000
heap
page read and write
1224000
heap
page read and write
4CF1000
heap
page read and write
6C780000
unkown
page read and write
1225000
heap
page read and write
6C5A0000
unkown
page readonly
44EE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D475000
heap
page read and write
1224000
heap
page read and write
C39000
unkown
page execute and read and write
1224000
heap
page read and write
4CE0000
direct allocation
page read and write
C2E000
unkown
page execute and read and write
4E51000
heap
page read and write
3D0E000
stack
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
4D91000
heap
page read and write
1D45B000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
56CE000
stack
page read and write
1224000
heap
page read and write
412E000
stack
page read and write
4851000
heap
page read and write
462E000
stack
page read and write
1CC6E000
stack
page read and write
4851000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
AB9000
unkown
page write copy
4BAE000
stack
page read and write
37AE000
stack
page read and write
1224000
heap
page read and write
426E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
EE6000
unkown
page execute and read and write
4D91000
heap
page read and write
1360000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1360000
direct allocation
page read and write
1224000
heap
page read and write
2394C000
heap
page read and write
DA5000
heap
page read and write
1D452000
heap
page read and write
48AE000
stack
page read and write
1610000
heap
page read and write
6E1C000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
157E000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
458E000
stack
page read and write
306D000
heap
page read and write
AB2000
unkown
page execute and read and write
1224000
heap
page read and write
328F000
stack
page read and write
1224000
heap
page read and write
6F90000
trusted library allocation
page read and write
1224000
heap
page read and write
53B0000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
69CF000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
4CF1000
heap
page read and write
1224000
heap
page read and write
D55000
unkown
page execute and write copy
3170000
direct allocation
page read and write
30A0000
heap
page read and write
1224000
heap
page read and write
158E000
stack
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
4D90000
heap
page read and write
DD6000
unkown
page execute and read and write
3A7F000
stack
page read and write
1224000
heap
page read and write
5380000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
13EE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
461F000
stack
page read and write
1464000
heap
page read and write
1224000
heap
page read and write
1365000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
4E70000
direct allocation
page execute and read and write
375E000
stack
page read and write
1D482000
heap
page read and write
1225000
heap
page read and write
4CC0000
heap
page read and write
47AF000
stack
page read and write
4C2F000
stack
page read and write
402F000
stack
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
4840000
direct allocation
page read and write
5360000
direct allocation
page execute and read and write
3B1E000
stack
page read and write
4840000
direct allocation
page read and write
2FBB000
stack
page read and write
135D000
stack
page read and write
FAA000
heap
page read and write
F60000
heap
page read and write
4D91000
heap
page read and write
4851000
heap
page read and write
1D05D000
stack
page read and write
3050000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D451000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5380000
direct allocation
page execute and read and write
1D463000
heap
page read and write
1224000
heap
page read and write
5A5F000
stack
page read and write
F70000
heap
page read and write
1464000
heap
page read and write
36FE000
stack
page read and write
4CE0000
direct allocation
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
F7C000
stack
page read and write
1448000
heap
page read and write
9A9000
unkown
page write copy
1224000
heap
page read and write
4851000
heap
page read and write
2A59C000
stack
page read and write
1224000
heap
page read and write
4D60000
trusted library allocation
page read and write
1D474000
heap
page read and write
4E50000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4C0E000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
45EF000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
30BE000
stack
page read and write
1224000
heap
page read and write
3A2E000
stack
page read and write
61ECC000
direct allocation
page read and write
3B6E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1615000
heap
page read and write
15FE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
54C0000
direct allocation
page execute and read and write
1224000
heap
page read and write
6B4C000
stack
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
6C785000
unkown
page readonly
1D47E000
heap
page read and write
5270000
direct allocation
page execute and read and write
1224000
heap
page read and write
32FF000
stack
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
54B0000
direct allocation
page execute and read and write
1224000
heap
page read and write
55A000
unkown
page write copy
1D48A000
heap
page read and write
4E51000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
48EF000
stack
page read and write
5440000
direct allocation
page execute and read and write
1224000
heap
page read and write
4C61000
heap
page read and write
316F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1D45A000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D475000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
433F000
stack
page read and write
2F7E000
stack
page read and write
4D91000
heap
page read and write
1D560000
trusted library allocation
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
6C58E000
unkown
page read and write
1CEAF000
stack
page read and write
5300000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
30DF000
stack
page read and write
6C57D000
unkown
page readonly
4D91000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5270000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
541F000
stack
page read and write
6C592000
unkown
page readonly
1224000
heap
page read and write
143E000
stack
page read and write
3AAF000
stack
page read and write
D45000
unkown
page execute and read and write
1360000
direct allocation
page read and write
F80000
heap
page read and write
68CE000
stack
page read and write
116A000
stack
page read and write
52B0000
direct allocation
page execute and read and write
5290000
direct allocation
page execute and read and write
1D467000
heap
page read and write
429D000
stack
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
4C61000
heap
page read and write
236C1000
heap
page read and write
144C000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
A50000
unkown
page readonly
1224000
heap
page read and write
1D48E000
heap
page read and write
1224000
heap
page read and write
5281000
direct allocation
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
EE6000
unkown
page execute and read and write
5270000
direct allocation
page execute and read and write
2393E000
heap
page read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
1224000
heap
page read and write
46FF000
stack
page read and write
1360000
direct allocation
page read and write
1224000
heap
page read and write
439F000
stack
page read and write
4AEF000
stack
page read and write
3DC000
unkown
page execute and read and write
40CE000
stack
page read and write
4D6F000
stack
page read and write
3D6E000
stack
page read and write
4851000
heap
page read and write
442E000
stack
page read and write
1224000
heap
page read and write
4840000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
37FF000
stack
page read and write
1D45B000
heap
page read and write
415E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1454000
heap
page read and write
1224000
heap
page read and write
43DE000
stack
page read and write
ABB000
unkown
page execute and read and write
1224000
heap
page read and write
34DE000
stack
page read and write
54A0000
direct allocation
page execute and read and write
4D91000
heap
page read and write
595E000
stack
page read and write
3170000
direct allocation
page read and write
4851000
heap
page read and write
1D15D000
stack
page read and write
1463000
heap
page read and write
525C000
stack
page read and write
940000
unkown
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
42EE000
stack
page read and write
1224000
heap
page read and write
3060000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
61E01000
direct allocation
page execute read
663E000
stack
page read and write
1224000
heap
page read and write
12FD000
stack
page read and write
1D45B000
heap
page read and write
D55000
unkown
page execute and write copy
3D5F000
stack
page read and write
1224000
heap
page read and write
434E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4C90000
trusted library allocation
page read and write
1224000
heap
page read and write
5270000
direct allocation
page execute and read and write
4851000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
2D5E000
stack
page read and write
1224000
heap
page read and write
2E5E000
stack
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
61EB7000
direct allocation
page readonly
1224000
heap
page read and write
1224000
heap
page read and write
3F4F000
stack
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
236CE000
heap
page read and write
1D45B000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5310000
direct allocation
page execute and read and write
1224000
heap
page read and write
9AA000
unkown
page execute and write copy
1224000
heap
page read and write
343F000
stack
page read and write
1224000
heap
page read and write
6E3000
unkown
page execute and read and write
1D471000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
FEC000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
451E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
4CF0000
heap
page read and write
53A0000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
4E70000
direct allocation
page execute and read and write
4E7E000
stack
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
4851000
heap
page read and write
4E90000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
472F000
stack
page read and write
1224000
heap
page read and write
1D474000
heap
page read and write
4851000
heap
page read and write
144C000
heap
page read and write
309E000
stack
page read and write
4CE0000
direct allocation
page read and write
1D490000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
55A000
unkown
page read and write
4851000
heap
page read and write
1225000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
447F000
stack
page read and write
1224000
heap
page read and write
305E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
DA0000
heap
page read and write
1224000
heap
page read and write
D3E000
unkown
page execute and read and write
1224000
heap
page read and write
6B8E000
stack
page read and write
1224000
heap
page read and write
1D47C000
heap
page read and write
1224000
heap
page read and write
31FE000
stack
page read and write
1225000
heap
page read and write
5220000
direct allocation
page read and write
23940000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5310000
direct allocation
page execute and read and write
1476000
heap
page read and write
1D469000
heap
page read and write
23620000
heap
page read and write
D54000
unkown
page execute and write copy
1224000
heap
page read and write
4E4F000
stack
page read and write
3DEE000
stack
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
5460000
direct allocation
page execute and read and write
3ABE000
stack
page read and write
1224000
heap
page read and write
1D48B000
heap
page read and write
2379E000
stack
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
1D482000
heap
page read and write
1D43D000
stack
page read and write
D55000
unkown
page execute and write copy
1400000
heap
page read and write
368F000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
32AF000
stack
page read and write
145C000
heap
page read and write
52E0000
direct allocation
page read and write
1D475000
heap
page read and write
1224000
heap
page read and write
347000
unkown
page execute and read and write
4851000
heap
page read and write
4CF1000
heap
page read and write
154E000
stack
page read and write
3050000
direct allocation
page read and write
4C62000
heap
page read and write
4840000
direct allocation
page read and write
A51000
unkown
page execute and write copy
1224000
heap
page read and write
336F000
stack
page read and write
144C000
heap
page read and write
AB9000
unkown
page write copy
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
4DF0000
trusted library allocation
page read and write
8CC0000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5300000
direct allocation
page execute and read and write
3FBE000
stack
page read and write
1224000
heap
page read and write
C44000
unkown
page execute and write copy
1224000
heap
page read and write
6645000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
389E000
stack
page read and write
380E000
stack
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
4F50000
trusted library allocation
page read and write
6A4C000
stack
page read and write
3C2E000
stack
page read and write
5480000
direct allocation
page execute and read and write
53A0000
direct allocation
page execute and read and write
1D45B000
heap
page read and write
1D46B000
heap
page read and write
EFD000
stack
page read and write
5480000
heap
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
5410000
direct allocation
page execute and read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3C6F000
stack
page read and write
2A5A1000
heap
page read and write
940000
unkown
page readonly
145C000
heap
page read and write
8EBC000
stack
page read and write
1D488000
heap
page read and write
1360000
direct allocation
page read and write
AB9000
unkown
page write copy
1224000
heap
page read and write
1D459000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1454000
heap
page read and write
1D48F000
heap
page read and write
1D482000
heap
page read and write
41AE000
stack
page read and write
1224000
heap
page read and write
51E1000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D70000
heap
page read and write
1464000
heap
page read and write
1225000
heap
page read and write
1008000
heap
page read and write
3F2E000
stack
page read and write
5151000
direct allocation
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
DB0000
heap
page read and write
1224000
heap
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
3B8E000
stack
page read and write
1D474000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5420000
direct allocation
page execute and read and write
1224000
heap
page read and write
1D46B000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1D490000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1D490000
heap
page read and write
3170000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D0F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
9AB000
unkown
page execute and read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
2F9F000
stack
page read and write
5BED000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
61EB4000
direct allocation
page read and write
2FDC000
stack
page read and write
1D490000
heap
page read and write
1224000
heap
page read and write
61ED0000
direct allocation
page read and write
ABB000
unkown
page execute and read and write
1225000
heap
page read and write
1224000
heap
page read and write
1464000
heap
page read and write
5460000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
145F000
heap
page read and write
1D474000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
A51000
unkown
page execute and write copy
7921000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
535F000
stack
page read and write
1408000
heap
page read and write
5300000
direct allocation
page execute and read and write
1224000
heap
page read and write
52E0000
direct allocation
page execute and read and write
311E000
stack
page read and write
1405000
heap
page read and write
4E50000
heap
page read and write
3180000
heap
page read and write
C45000
unkown
page execute and write copy
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
5250000
direct allocation
page execute and read and write
4851000
heap
page read and write
13AE000
stack
page read and write
1224000
heap
page read and write
386E000
stack
page read and write
1225000
heap
page read and write
5300000
direct allocation
page execute and read and write
1224000
heap
page read and write
D45000
unkown
page execute and read and write
7799000
heap
page read and write
4D26000
direct allocation
page read and write
1224000
heap
page read and write
5460000
direct allocation
page execute and read and write
1460000
heap
page read and write
1224000
heap
page read and write
33AF000
stack
page read and write
236A1000
heap
page read and write
303E000
stack
page read and write
1225000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1D475000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
2389E000
stack
page read and write
479E000
stack
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
6A00000
heap
page read and write
4CE0000
direct allocation
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3ADF000
stack
page read and write
D10000
unkown
page execute and read and write
1224000
heap
page read and write
1D475000
heap
page read and write
1224000
heap
page read and write
FF0000
heap
page read and write
1224000
heap
page read and write
1CD6F000
stack
page read and write
142F000
heap
page read and write
1360000
direct allocation
page read and write
4D91000
heap
page read and write
80B000
unkown
page execute and write copy
8CC1000
heap
page read and write
1224000
heap
page read and write
EE6000
unkown
page execute and read and write
C00000
unkown
page execute and read and write
23681000
heap
page read and write
4851000
heap
page read and write
3050000
direct allocation
page read and write
1D46E000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
80A000
unkown
page execute and write copy
1224000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
362F000
stack
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
3CCF000
stack
page read and write
1240000
heap
page read and write
31BF000
stack
page read and write
1220000
heap
page read and write
1224000
heap
page read and write
F3E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D475000
heap
page read and write
7790000
heap
page read and write
1224000
heap
page read and write
5440000
direct allocation
page execute and read and write
1224000
heap
page read and write
4851000
heap
page read and write
2B7F000
stack
page read and write
1225000
heap
page read and write
1225000
heap
page read and write
436F000
stack
page read and write
2394D000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
372E000
stack
page read and write
548000
unkown
page execute and read and write
1224000
heap
page read and write
6C77F000
unkown
page write copy
1224000
heap
page read and write
1D48A000
heap
page read and write
1224000
heap
page read and write
13D2000
heap
page read and write
4840000
direct allocation
page read and write
D54000
unkown
page execute and read and write
1464000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4CF1000
heap
page read and write
1224000
heap
page read and write
1350000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
2E9E000
stack
page read and write
1224000
heap
page read and write
1D48B000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
3FDF000
stack
page read and write
137E000
heap
page read and write
5400000
direct allocation
page execute and read and write
2A5A1000
heap
page read and write
9A9000
unkown
page write copy
1224000
heap
page read and write
4D91000
heap
page read and write
1D566000
heap
page read and write
53A0000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
236E4000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
13C0000
heap
page read and write
4D91000
heap
page read and write
138A000
heap
page read and write
1D440000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
11D0000
heap
page read and write
FE0000
heap
page read and write
52E0000
direct allocation
page execute and read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D4E000
stack
page read and write
1224000
heap
page read and write
4CAF000
stack
page read and write
1224000
heap
page read and write
4E51000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4CE0000
direct allocation
page read and write
53A0000
direct allocation
page execute and read and write
1224000
heap
page read and write
5390000
direct allocation
page execute and read and write
4851000
heap
page read and write
4ACE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1340000
heap
page read and write
1224000
heap
page read and write
385F000
stack
page read and write
5490000
direct allocation
page execute and read and write
1D475000
heap
page read and write
1380000
heap
page read and write
4D91000
heap
page read and write
1360000
direct allocation
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
13E2000
heap
page read and write
1D460000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
520C000
stack
page read and write
5180000
direct allocation
page read and write
35BE000
stack
page read and write
1D478000
heap
page read and write
1224000
heap
page read and write
6C500000
unkown
page readonly
1224000
heap
page read and write
1450000
heap
page read and write
1224000
heap
page read and write
4CB0000
heap
page read and write
3040000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
4D91000
heap
page read and write
E90000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
57CE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4C61000
heap
page read and write
41CF000
stack
page read and write
1224000
heap
page read and write
3CFF000
stack
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
145C000
heap
page read and write
4851000
heap
page read and write
674F000
stack
page read and write
401E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4840000
direct allocation
page read and write
36BF000
stack
page read and write
1D490000
heap
page read and write
5270000
direct allocation
page execute and read and write
1D46B000
heap
page read and write
4D91000
heap
page read and write
1D461000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
3050000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
119E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4C5F000
stack
page read and write
3F8E000
stack
page read and write
42AF000
stack
page read and write
C39000
unkown
page execute and read and write
1D482000
heap
page read and write
1225000
heap
page read and write
4840000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3EAE000
stack
page read and write
394E000
stack
page read and write
46CF000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1370000
heap
page read and write
5330000
direct allocation
page execute and read and write
376F000
stack
page read and write
47EE000
stack
page read and write
2CFE000
stack
page read and write
1D475000
heap
page read and write
1360000
direct allocation
page read and write
1224000
heap
page read and write
3D3E000
stack
page read and write
54D0000
direct allocation
page execute and read and write
568F000
stack
page read and write
4D91000
heap
page read and write
54E0000
direct allocation
page execute and read and write
448E000
stack
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
3AEE000
stack
page read and write
1224000
heap
page read and write
48DE000
stack
page read and write
145C000
heap
page read and write
1224000
heap
page read and write
161A000
heap
page read and write
3050000
direct allocation
page read and write
4E51000
heap
page read and write
1D471000
heap
page read and write
1224000
heap
page read and write
383E000
stack
page read and write
106B000
stack
page read and write
41FF000
stack
page read and write
301E000
stack
page read and write
45FE000
stack
page read and write
1225000
heap
page read and write
F67000
heap
page read and write
1224000
heap
page read and write
138E000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4E90000
trusted library allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
2E3E000
stack
page read and write
1D463000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5BAE000
stack
page read and write
494F000
stack
page read and write
1459000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
5460000
direct allocation
page execute and read and write
1225000
heap
page read and write
5430000
direct allocation
page execute and read and write
1224000
heap
page read and write
4B6F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1440000
heap
page read and write
B29000
unkown
page execute and read and write
1224000
heap
page read and write
4B1F000
stack
page read and write
2A49B000
stack
page read and write
1D482000
heap
page read and write
1400000
heap
page read and write
349F000
stack
page read and write
4CF1000
heap
page read and write
1225000
heap
page read and write
4851000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
EE8000
unkown
page execute and write copy
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
7920000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
53A0000
direct allocation
page execute and read and write
4850000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
688F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
F6E000
heap
page read and write
11E0000
heap
page read and write
1464000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
6E20000
heap
page read and write
AB9000
unkown
page write copy
1224000
heap
page read and write
1224000
heap
page read and write
1D4F5000
heap
page read and write
1224000
heap
page read and write
2FFE000
stack
page read and write
ABB000
unkown
page execute and read and write
145C000
heap
page read and write
1464000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D462000
heap
page read and write
1224000
heap
page read and write
3EDE000
stack
page read and write
1224000
heap
page read and write
40FE000
stack
page read and write
1D490000
heap
page read and write
1224000
heap
page read and write
13F9000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
3C5E000
stack
page read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D33E000
stack
page read and write
AB9000
unkown
page write copy
3170000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1377000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
80A000
unkown
page execute and read and write
50F0000
direct allocation
page read and write
1D47D000
heap
page read and write
397E000
stack
page read and write
1224000
heap
page read and write
23640000
heap
page read and write
D33000
stack
page read and write
D10000
unkown
page execute and read and write
4A1E000
stack
page read and write
456E000
stack
page read and write
144E000
stack
page read and write
1224000
heap
page read and write
3050000
direct allocation
page read and write
3050000
direct allocation
page read and write
35EE000
stack
page read and write
178E000
stack
page read and write
3A8E000
stack
page read and write
1463000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
40EF000
stack
page read and write
1464000
heap
page read and write
325E000
stack
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3FAF000
stack
page read and write
1CF0E000
stack
page read and write
1D482000
heap
page read and write
3050000
direct allocation
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
D54000
unkown
page execute and read and write
34AE000
stack
page read and write
1225000
heap
page read and write
1D475000
heap
page read and write
23620000
trusted library allocation
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
23946000
heap
page read and write
53C0000
direct allocation
page execute and read and write
1224000
heap
page read and write
1D490000
heap
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
5460000
direct allocation
page execute and read and write
352E000
stack
page read and write
394000
unkown
page execute and read and write
7930000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1460000
heap
page read and write
792E000
heap
page read and write
49AF000
stack
page read and write
1D463000
heap
page read and write
3BCE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D490000
heap
page read and write
3050000
direct allocation
page read and write
1224000
heap
page read and write
3E4E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
43AE000
stack
page read and write
4E40000
direct allocation
page execute and read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
361E000
stack
page read and write
1D48B000
heap
page read and write
1224000
heap
page read and write
366E000
stack
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3B2F000
stack
page read and write
1D459000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
5270000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D490000
heap
page read and write
5450000
direct allocation
page execute and read and write
1224000
heap
page read and write
1225000
heap
page read and write
489F000
stack
page read and write
AB2000
unkown
page execute and read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
480F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D46A000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
382F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
358F000
stack
page read and write
1224000
heap
page read and write
6C5A1000
unkown
page execute read
1224000
heap
page read and write
406E000
stack
page read and write
53E0000
direct allocation
page execute and read and write
5390000
direct allocation
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3050000
direct allocation
page read and write
1224000
heap
page read and write
30A7000
heap
page read and write
3D2F000
stack
page read and write
335F000
stack
page read and write
1224000
heap
page read and write
425F000
stack
page read and write
1224000
heap
page read and write
357F000
stack
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4851000
heap
page read and write
3BFE000
stack
page read and write
1454000
heap
page read and write
498E000
stack
page read and write
36CE000
stack
page read and write
3C5000
unkown
page execute and read and write
52A0000
direct allocation
page execute and read and write
3F7F000
stack
page read and write
2DFF000
stack
page read and write
371F000
stack
page read and write
4D91000
heap
page read and write
422F000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
1D474000
heap
page read and write
1224000
heap
page read and write
3E0F000
stack
page read and write
1225000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1464000
heap
page read and write
238A0000
trusted library allocation
page read and write
1D44F000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
23945000
heap
page read and write
13CE000
heap
page read and write
346F000
stack
page read and write
1224000
heap
page read and write
142F000
heap
page read and write
234D4000
heap
page read and write
1224000
heap
page read and write
DD8000
unkown
page execute and write copy
1224000
heap
page read and write
9A2000
unkown
page execute and read and write
1224000
heap
page read and write
1224000
heap
page read and write
38AF000
stack
page read and write
5320000
direct allocation
page execute and read and write
4D91000
heap
page read and write
3BEF000
stack
page read and write
142F000
heap
page read and write
23720000
trusted library allocation
page read and write
23661000
heap
page read and write
512C000
stack
page read and write
1224000
heap
page read and write
5460000
direct allocation
page execute and read and write
1224000
heap
page read and write
3170000
direct allocation
page read and write
1224000
heap
page read and write
33EE000
stack
page read and write
1225000
heap
page read and write
1D451000
heap
page read and write
1D475000
heap
page read and write
6C501000
unkown
page execute read
5300000
direct allocation
page execute and read and write
C35000
unkown
page execute and read and write
1D475000
heap
page read and write
321F000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
465E000
stack
page read and write
1224000
heap
page read and write
420E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
3D9E000
stack
page read and write
1224000
heap
page read and write
2A7E000
stack
page read and write
1224000
heap
page read and write
13B7000
heap
page read and write
310000
unkown
page read and write
1224000
heap
page read and write
1225000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D474000
heap
page read and write
1D475000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1D485000
heap
page read and write
4851000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
A50000
unkown
page read and write
1224000
heap
page read and write
3067000
heap
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
4CE0000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
7930000
heap
page read and write
3DAF000
stack
page read and write
1224000
heap
page read and write
15F0000
heap
page read and write
61ED4000
direct allocation
page readonly
476E000
stack
page read and write
1224000
heap
page read and write
4840000
direct allocation
page read and write
4D91000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
486F000
stack
page read and write
1454000
heap
page read and write
1224000
heap
page read and write
4B5E000
stack
page read and write
4851000
heap
page read and write
161E000
heap
page read and write
1224000
heap
page read and write
3CAE000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
A3C000
stack
page read and write
1224000
heap
page read and write
2F7E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
437E000
stack
page read and write
4D91000
heap
page read and write
5AAE000
stack
page read and write
1224000
heap
page read and write
1D29C000
stack
page read and write
1224000
heap
page read and write
423E000
stack
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4D91000
heap
page read and write
1476000
heap
page read and write
4D91000
heap
page read and write
1D45B000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
4870000
heap
page read and write
4D91000
heap
page read and write
50F0000
direct allocation
page read and write
1224000
heap
page read and write
1224000
heap
page read and write
There are 1876 hidden memdumps, click here to show them.