IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsDBKKKEHDHC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BGCAFHCAKFBFIECAFIIJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\DGHIDHCAAKECGCBFIJDBAAFBGH
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EBFBFBFIIJDAKECAKKJEHCFIJK
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EHJKFCGHIDHCBGDHJKEB
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\FHDAFIID
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\GHJDGDBF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\IECBAFCAAKJDHJKFIEBG
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0f2e140b-806f-4973-a63c-1a7efdebd18b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\105d80ec-23d9-4ddb-a5cd-6f97ec4ff421.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\31c7ee0c-3c2f-46c2-b6e2-25a34bd5d74e.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6b9e6fdc-b8b4-4cf1-af62-34915fa08363.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8934160b-3bb2-48c9-99d2-42b6a78649af.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\1273b91a-9a80-4fd1-8881-ebe453cd4a46.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67450769-1CEC.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\177fb397-ac4c-46d3-964d-4c970eee639c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1e568550-e088-4f33-8eb7-8c618abc4681.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6086e4a3-de12-44c7-b877-5ce93cec6938.tmp
Unicode text, UTF-8 text, with very long lines (17555), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
OpenPGP Public Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\235cc606-a233-4fce-9d1e-57c163d2a5e0.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\46fdc821-d3ad-49e3-887c-6555d90a6576.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4b6d580f-630c-47a7-b58a-3c60327aa355.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\71ccdf0f-d692-441d-bbf9-662a63a9894b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4c1e5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3b557.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c600.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\da04f8fd-b7b5-4853-8a82-63ed0953e7a9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e4cdfaac-96a9-4551-87b6-68e32893b181.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f8e8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4245d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF45abf.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b022.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3ed01.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF43ef9.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377050732443437
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\09f5a610-dbe4-496e-b570-c0fff93993b9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\13ae2b37-e606-43ad-8c45-b7fecde78041.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3c600.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a3c2de98-76ec-4690-a7f3-811babacfe41.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a9c0e354-3538-436b-b7e2-20aec4b90753.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a82f21e1-d027-4ed2-8623-d9ef14e20358.tmp
Unicode text, UTF-8 text, with very long lines (17390), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c1b217ca-752a-4031-ac16-41abd127091f.tmp
Unicode text, UTF-8 text, with very long lines (17555), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cf2ffe9a-fcdc-4219-b646-417d01aa95f4.tmp
Unicode text, UTF-8 text, with very long lines (17205), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d1ebebfd-eb25-4fae-8c4a-fbd7bebc32c7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d33ddba1-54d6-4367-921e-15c73757b583.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\de1d4f1b-45f0-4870-8e5a-bcb277aead6c.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e95448a7-6482-4c4d-90ba-fa31f5db8540.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39d3b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39d4b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39ef0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c5e1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41a2b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4afb5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50f0b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b2dcb2e2-b125-4f30-a9f0-ab5f23e80a60.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bebf7213-2bd8-4c17-ad5b-0b6506f86834.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c49e7aa1-3f33-4618-8c30-a0ff321efb53.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\1009141001\cc0a932c85.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\23a5d671-0029-47a0-a239-f82c15c0e604.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\34d0534d-8df8-4502-ac1c-b17c5545f7ce.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\5309a0b4-bae9-4105-b93d-e2b0498bfe14.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\6fcba4d9-77aa-4992-b7f6-b50b556c06bf.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\740caac0-0f01-40d8-99c6-8c0a787e5090.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\ba376185-15ce-41ed-b868-e4e167ba0d46.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\dbb5af53-bfde-403d-8b65-703e23a7026a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_2050405795\dbb5af53-bfde-403d-8b65-703e23a7026a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\740caac0-0f01-40d8-99c6-8c0a787e5090.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7404_989055407\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 531
ASCII text, with very long lines (795)
downloaded
Chrome Cache Entry: 532
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 533
ASCII text
downloaded
Chrome Cache Entry: 534
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 535
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 536
SVG Scalable Vector Graphics image
downloaded
There are 281 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2204,i,16016120249375417697,2229644558360442611,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2264,i,13353248291220899786,2148692624632142094,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6440 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6604 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
malicious
C:\Users\user\DocumentsDBKKKEHDHC.exe
"C:\Users\user\DocumentsDBKKKEHDHC.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6028 --field-trial-handle=2068,i,10168677201670927820,4631142609524840128,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsDBKKKEHDHC.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 7 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577146763&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
51.104.15.253
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://sb.scorecardresearch.com/b?rn=1732577146766&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0675AFABBF8562701E27BAE9BE8263C5&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.132.23
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239381741591_1LPZQNFJIC0J01PB0&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://sb.scorecardresearch.com/
unknown
https://deff.nelreports.net/api/report
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://31.41.244.11/
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
http://185.215.113.206/c4becf79229cb002.php~u
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllj7
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.100
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllN7
unknown
http://185.215.113.206/c4becf79229cb002.phpgPreference.Verbt
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402613046_1VJ8MQN6OLRO0EVHP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
http://185.215.113.206/c4becf79229cb002.phpKEHDHC.exeata;
unknown
https://drive-daily-4.corp.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577154627&w=0&anoncknm=app_anon&NoResponseBody=true
51.104.15.253
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577154567&w=0&anoncknm=app_anon&NoResponseBody=true
51.104.15.253
https://bzib.nelreports.net/api/report?cat=bingbusiness
23.44.133.38
http://31.41.244.11/215.113.43/Zu7JuNko/index.php
unknown
http://31.41.244.11/files/random.exe0encodedD
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
http://31.41.244.11/files/random.exe3b31
unknown
https://chromewebstore.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577153624&w=0&anoncknm=app_anon&NoResponseBody=true
51.104.15.253
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732577153628&w=0&anoncknm=app_anon&NoResponseBody=true
51.104.15.253
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239378034177_1Y8HUQR0O0JRMMA4L&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
http://31.41.244.11/files/random.exe3b3
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
http://185.215.113.206/68b591d6548ec281/msvcp140.dll9
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://powerpoint.new?from=EdgeM365Shoreline
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
172.217.17.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.110
www.google.com
142.250.181.100
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
172.217.19.225
ax-0001.ax-msedge.net
150.171.27.10
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.40
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
18.173.132.23
unknown
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
23.209.72.32
unknown
United States
23.44.133.38
unknown
United States
20.110.205.119
unknown
United States
172.217.17.78
plus.l.google.com
United States
2.16.158.169
unknown
European Union
23.57.90.146
unknown
United States
185.215.113.16
unknown
Portugal
2.16.158.41
unknown
European Union
239.255.255.250
unknown
Reserved
104.117.182.56
unknown
United States
127.0.0.1
unknown
unknown
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
23.96.180.189
unknown
United States
152.195.19.97
unknown
United States
23.57.90.152
unknown
United States
204.79.197.219
unknown
United States
31.41.244.11
unknown
Russian Federation
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
51.104.15.253
unknown
United Kingdom
23.57.90.161
unknown
United States
142.250.181.100
www.google.com
United States
18.165.220.110
sb.scorecardresearch.com
United States
There are 19 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197682
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197682
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197682
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197682
WindowTabManagerFileMappingId
There are 97 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5270000
direct allocation
page read and write
 malicious
F1000
unkown
page execute and read and write
 malicious
A71000
unkown
page execute and read and write
 malicious
4A30000
direct allocation
page read and write
 malicious
A61000
unkown
page execute and read and write
 malicious
4CB0000
direct allocation
page read and write
 malicious
109E000
heap
page read and write
 malicious
4E40000
direct allocation
page read and write
 malicious
A61000
unkown
page execute and read and write
 malicious
6D4000
heap
page read and write
2397F000
heap
page read and write
6D4000
heap
page read and write
442E000
stack
page read and write
3067000
heap
page read and write
40AF000
stack
page read and write
45B1000
heap
page read and write
40EE000
stack
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
97F000
heap
page read and write
3BAF000
stack
page read and write
6D4000
heap
page read and write
1620000
heap
page read and write
3C6F000
stack
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
9AC000
heap
page read and write
45B1000
heap
page read and write
5FD0000
heap
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
A60000
direct allocation
page execute and read and write
372E000
stack
page read and write
6D4000
heap
page read and write
58CF000
stack
page read and write
2D50000
direct allocation
page read and write
49B1000
heap
page read and write
FCC000
stack
page read and write
107E000
stack
page read and write
45B0000
heap
page read and write
303E000
stack
page read and write
292C000
stack
page read and write
A60000
unkown
page read and write
6D4000
heap
page read and write
1410000
heap
page read and write
6D4000
heap
page read and write
D71000
unkown
page execute and read and write
1D4C5000
heap
page read and write
4E30000
direct allocation
page execute and read and write
1D4E0000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
9AC000
heap
page read and write
905000
heap
page read and write
1D4D8000
heap
page read and write
A3E000
stack
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
53F0000
direct allocation
page execute and read and write
4EA0000
direct allocation
page execute and read and write
F14000
heap
page read and write
1D4C5000
heap
page read and write
6D4000
heap
page read and write
ACB000
unkown
page execute and read and write
4831000
heap
page read and write
4A91000
direct allocation
page read and write
2B50000
direct allocation
page read and write
382F000
stack
page read and write
6D4000
heap
page read and write
1D4DB000
heap
page read and write
8B0000
direct allocation
page read and write
733D2000
unkown
page readonly
45B1000
heap
page read and write
BBC000
stack
page read and write
45B1000
heap
page read and write
49B1000
heap
page read and write
342F000
stack
page read and write
2D6F000
stack
page read and write
45B1000
heap
page read and write
1D4C0000
heap
page read and write
45B1000
heap
page read and write
4831000
heap
page read and write
1D4C5000
heap
page read and write
128E000
stack
page read and write
6D4000
heap
page read and write
4CAC000
stack
page read and write
4831000
heap
page read and write
3D6E000
stack
page read and write
6D4000
heap
page read and write
49B1000
heap
page read and write
F14000
heap
page read and write
45B1000
heap
page read and write
4B90000
direct allocation
page execute and read and write
5F1D000
stack
page read and write
6D4000
heap
page read and write
2BBE000
stack
page read and write
45B1000
heap
page read and write
9AD000
heap
page read and write
4FA0000
heap
page read and write
6D4000
heap
page read and write
386E000
stack
page read and write
4831000
heap
page read and write
45B2000
heap
page read and write
2A2F000
stack
page read and write
98E000
heap
page read and write
6D4000
heap
page read and write
580000
heap
page read and write
1D490000
heap
page read and write
61ED0000
direct allocation
page read and write
6D5000
heap
page read and write
6D4000
heap
page read and write
D50000
unkown
page execute and read and write
45B1000
heap
page read and write
3C2E000
stack
page read and write
23680000
heap
page read and write
61ED4000
direct allocation
page readonly
236D8000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
47EE000
stack
page read and write
45B1000
heap
page read and write
1610000
direct allocation
page read and write
1D4BC000
heap
page read and write
1149000
heap
page read and write
6CA21000
unkown
page execute read
4F8F000
stack
page read and write
4E40000
direct allocation
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
5CD000
unkown
page execute and read and write
6D4000
heap
page read and write
A60000
unkown
page read and write
D88000
unkown
page execute and write copy
4831000
heap
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
9FE000
stack
page read and write
6D4000
heap
page read and write
3B2F000
stack
page read and write
5F5E000
stack
page read and write
2D40000
heap
page read and write
2FAE000
stack
page read and write
4831000
heap
page read and write
49B1000
heap
page read and write
12FD000
stack
page read and write
14CF000
stack
page read and write
D87000
unkown
page execute and read and write
4CEE000
stack
page read and write
6D4000
heap
page read and write
5270000
direct allocation
page read and write
6D5000
heap
page read and write
396E000
stack
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
35AE000
stack
page read and write
4DF1000
heap
page read and write
1D4C1000
heap
page read and write
436F000
stack
page read and write
C60000
unkown
page execute and read and write
6D4000
heap
page read and write
65FC000
stack
page read and write
4DF1000
heap
page read and write
1D4E0000
heap
page read and write
45B1000
heap
page read and write
3FAE000
stack
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
1D4D7000
heap
page read and write
5E1B000
stack
page read and write
10D0000
heap
page read and write
A50000
direct allocation
page read and write
F14000
heap
page read and write
6D4000
heap
page read and write
F31000
unkown
page execute and read and write
48EF000
stack
page read and write
4831000
heap
page read and write
4FE0000
direct allocation
page execute and read and write
A50000
direct allocation
page read and write
40EF000
stack
page read and write
326F000
stack
page read and write
1D4BD000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
15DE000
stack
page read and write
53F0000
direct allocation
page execute and read and write
8B0000
direct allocation
page read and write
2D3E000
stack
page read and write
1610000
direct allocation
page read and write
412E000
stack
page read and write
2A5D0000
heap
page read and write
1610000
direct allocation
page read and write
F14000
heap
page read and write
402F000
stack
page read and write
1D4DC000
heap
page read and write
10E4000
heap
page read and write
49B0000
heap
page read and write
6D4000
heap
page read and write
A50000
direct allocation
page read and write
4831000
heap
page read and write
996000
heap
page read and write
4AB0000
trusted library allocation
page read and write
53F0000
direct allocation
page execute and read and write
1330000
heap
page read and write
3CAE000
stack
page read and write
AD9000
unkown
page write copy
49B1000
heap
page read and write
45B1000
heap
page read and write
933000
heap
page read and write
A50000
direct allocation
page read and write
1D4D2000
heap
page read and write
F14000
heap
page read and write
1D4C4000
heap
page read and write
45B1000
heap
page read and write
620000
heap
page read and write
3B6E000
stack
page read and write
31EF000
stack
page read and write
3FAE000
stack
page read and write
2A4C0000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
3CEF000
stack
page read and write
6D4000
heap
page read and write
4E40000
direct allocation
page read and write
4DF1000
heap
page read and write
F14000
heap
page read and write
49B1000
heap
page read and write
45C0000
heap
page read and write
6D4000
heap
page read and write
236C5000
heap
page read and write
1D4D7000
heap
page read and write
4C10000
direct allocation
page execute and read and write
52AE000
stack
page read and write
45B1000
heap
page read and write
733BD000
unkown
page readonly
6D4000
heap
page read and write
2B30000
heap
page read and write
5F0000
heap
page read and write
6D4000
heap
page read and write
1610000
direct allocation
page read and write
6D4000
heap
page read and write
1D09E000
stack
page read and write
4831000
heap
page read and write
4831000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
49B1000
heap
page read and write
60DF000
stack
page read and write
3E6E000
stack
page read and write
2B67000
heap
page read and write
41EF000
stack
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
F33000
unkown
page execute and write copy
514E000
stack
page read and write
1D4DF000
heap
page read and write
1D4DC000
heap
page read and write
39AE000
stack
page read and write
45B1000
heap
page read and write
AD9000
unkown
page write copy
49B1000
heap
page read and write
44AF000
stack
page read and write
8C0000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
5D4000
unkown
page execute and read and write
4FB0000
direct allocation
page execute and read and write
4DBC000
stack
page read and write
1D4D9000
heap
page read and write
45B1000
heap
page read and write
AC9000
unkown
page write copy
6D4000
heap
page read and write
3BEF000
stack
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
53E0000
direct allocation
page execute and read and write
1D4A2000
heap
page read and write
4831000
heap
page read and write
8B0000
direct allocation
page read and write
396F000
stack
page read and write
621E000
stack
page read and write
528E000
stack
page read and write
67D0000
heap
page read and write
422E000
stack
page read and write
2365D000
stack
page read and write
466F000
stack
page read and write
49B1000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
576E000
stack
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
1D4C1000
heap
page read and write
10F7000
heap
page read and write
236C3000
heap
page read and write
6D5000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
61EB7000
direct allocation
page readonly
3060000
heap
page read and write
30AE000
stack
page read and write
6D5000
heap
page read and write
1D32D000
stack
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
45B1000
heap
page read and write
524F000
stack
page read and write
1D4C5000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
1118000
heap
page read and write
38AF000
stack
page read and write
6D4000
heap
page read and write
4EF0000
trusted library allocation
page read and write
2F6E000
stack
page read and write
4831000
heap
page read and write
45B1000
heap
page read and write
4E20000
direct allocation
page execute and read and write
61ECC000
direct allocation
page read and write
4831000
heap
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
49B1000
heap
page read and write
C70000
unkown
page execute and read and write
476E000
stack
page read and write
1D4AA000
heap
page read and write
456E000
stack
page read and write
6B0000
heap
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
2A4BC000
stack
page read and write
1D4BA000
heap
page read and write
2AB000
stack
page read and write
995000
heap
page read and write
6D4000
heap
page read and write
F14000
heap
page read and write
A50000
direct allocation
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
2B6F000
stack
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
F43000
unkown
page execute and write copy
1490000
heap
page read and write
31EE000
stack
page read and write
4831000
heap
page read and write
610000
heap
page read and write
980000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
49B1000
heap
page read and write
57CE000
stack
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
1D4AD000
heap
page read and write
6D4000
heap
page read and write
236A1000
heap
page read and write
F10000
heap
page read and write
1D4AB000
heap
page read and write
8CA000
heap
page read and write
1D19F000
stack
page read and write
6380000
heap
page read and write
45B1000
heap
page read and write
3F2E000
stack
page read and write
61DF000
stack
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
1D4BB000
heap
page read and write
1D4C5000
heap
page read and write
F14000
heap
page read and write
F14000
heap
page read and write
6D4000
heap
page read and write
552D000
stack
page read and write
3AAE000
stack
page read and write
45B1000
heap
page read and write
2CEE000
stack
page read and write
1D4D2000
heap
page read and write
53F0000
direct allocation
page execute and read and write
6D4000
heap
page read and write
EF8000
stack
page read and write
D97000
unkown
page execute and read and write
6D4000
heap
page read and write
1D4D2000
heap
page read and write
4B6F000
stack
page read and write
4831000
heap
page read and write
6390000
heap
page read and write
49B1000
heap
page read and write
1D4E0000
heap
page read and write
F14000
heap
page read and write
4831000
heap
page read and write
49B1000
heap
page read and write
8B0000
direct allocation
page read and write
68B0000
trusted library allocation
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
1CF5E000
stack
page read and write
4831000
heap
page read and write
A1E000
stack
page read and write
23737000
heap
page read and write
4D11000
direct allocation
page read and write
4A6E000
stack
page read and write
6BE000
heap
page read and write
D78000
unkown
page execute and read and write
6D4000
heap
page read and write
452F000
stack
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
6CBFF000
unkown
page write copy
53D0000
direct allocation
page execute and read and write
492E000
stack
page read and write
4831000
heap
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
23971000
heap
page read and write
91F000
heap
page read and write
3BEE000
stack
page read and write
1D4E0000
heap
page read and write
45B1000
heap
page read and write
4B80000
direct allocation
page execute and read and write
682C000
stack
page read and write
236DC000
heap
page read and write
3D2E000
stack
page read and write
4C20000
direct allocation
page execute and read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
F0000
unkown
page read and write
6320000
heap
page read and write
F33000
unkown
page execute and write copy
342F000
stack
page read and write
45B1000
heap
page read and write
D88000
unkown
page execute and read and write
1D4C8000
heap
page read and write
44EE000
stack
page read and write
45B1000
heap
page read and write
53F0000
direct allocation
page execute and read and write
3E2F000
stack
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
4DF1000
heap
page read and write
1D4BE000
heap
page read and write
356F000
stack
page read and write
322E000
stack
page read and write
3AAE000
stack
page read and write
A60000
unkown
page readonly
352E000
stack
page read and write
6CBFE000
unkown
page read and write
4EC0000
direct allocation
page execute and read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
73B5000
heap
page read and write
9AC000
heap
page read and write
45B1000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
32AE000
stack
page read and write
F14000
heap
page read and write
4FA0000
direct allocation
page execute and read and write
1D4DC000
heap
page read and write
462E000
stack
page read and write
4831000
heap
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
2D50000
direct allocation
page read and write
3A2E000
stack
page read and write
33AF000
stack
page read and write
4E80000
direct allocation
page execute and read and write
6C0000
heap
page read and write
6D5000
heap
page read and write
1D4B9000
heap
page read and write
45B1000
heap
page read and write
36EF000
stack
page read and write
2AAE000
stack
page read and write
963000
heap
page read and write
1D4C5000
heap
page read and write
A50000
direct allocation
page read and write
4FF0000
direct allocation
page execute and read and write
2F2F000
stack
page read and write
23979000
heap
page read and write
8B0000
direct allocation
page read and write
D81000
unkown
page execute and read and write
4831000
heap
page read and write
8B0000
direct allocation
page read and write
4C78000
stack
page read and write
D40000
unkown
page execute and read and write
8B0000
direct allocation
page read and write
D88000
unkown
page execute and write copy
4831000
heap
page read and write
346F000
stack
page read and write
1129000
heap
page read and write
47AF000
stack
page read and write
566D000
stack
page read and write
F1000
unkown
page execute and write copy
AD2000
unkown
page execute and read and write
44AE000
stack
page read and write
49B1000
heap
page read and write
2CFC000
stack
page read and write
61ECD000
direct allocation
page readonly
6D4000
heap
page read and write
2D50000
direct allocation
page read and write
45B1000
heap
page read and write
1D4AB000
heap
page read and write
5460000
direct allocation
page execute and read and write
49B1000
heap
page read and write
AC2000
unkown
page execute and read and write
3AAF000
stack
page read and write
49B1000
heap
page read and write
31AF000
stack
page read and write
4DEF000
stack
page read and write
6D4000
heap
page read and write
52D1000
direct allocation
page read and write
8B0000
direct allocation
page read and write
6D4000
heap
page read and write
F14000
heap
page read and write
1D4E0000
heap
page read and write
6D4000
heap
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
1610000
direct allocation
page read and write
4831000
heap
page read and write
2D6B000
heap
page read and write
70B0000
heap
page read and write
1D4D2000
heap
page read and write
4831000
heap
page read and write
4831000
heap
page read and write
61EB4000
direct allocation
page read and write
AC9000
unkown
page write copy
1D4C5000
heap
page read and write
1D4D4000
heap
page read and write
3E6E000
stack
page read and write
6D4000
heap
page read and write
A50000
direct allocation
page read and write
4B90000
direct allocation
page execute and read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
8CE000
heap
page read and write
49B1000
heap
page read and write
8FD000
stack
page read and write
F14000
heap
page read and write
4DF0000
direct allocation
page execute and read and write
4E40000
direct allocation
page execute and read and write
6D4000
heap
page read and write
436E000
stack
page read and write
45B1000
heap
page read and write
631F000
stack
page read and write
4E20000
direct allocation
page execute and read and write
1D4BC000
heap
page read and write
4831000
heap
page read and write
30AE000
stack
page read and write
49B1000
heap
page read and write
1D4D2000
heap
page read and write
6D4000
heap
page read and write
A70000
unkown
page read and write
23660000
trusted library allocation
page read and write
538F000
stack
page read and write
4A14000
heap
page read and write
1D4C5000
heap
page read and write
6D4000
heap
page read and write
53C0000
direct allocation
page execute and read and write
45B1000
heap
page read and write
45B2000
heap
page read and write
6D4000
heap
page read and write
23660000
trusted library allocation
page read and write
1610000
direct allocation
page read and write
1D4D2000
heap
page read and write
6D4000
heap
page read and write
15F0000
heap
page read and write
F14000
heap
page read and write
6D4000
heap
page read and write
1010000
heap
page read and write
4E50000
direct allocation
page execute and read and write
6D4000
heap
page read and write
3FEE000
stack
page read and write
49B1000
heap
page read and write
4831000
heap
page read and write
2D50000
direct allocation
page read and write
F14000
heap
page read and write
6D4000
heap
page read and write
14CD000
stack
page read and write
2D6E000
heap
page read and write
103E000
stack
page read and write
70BA000
heap
page read and write
5490000
direct allocation
page execute and read and write
1495000
heap
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
2C6F000
stack
page read and write
422E000
stack
page read and write
4CAF000
stack
page read and write
4831000
heap
page read and write
1CDDF000
stack
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
238DF000
stack
page read and write
6D4000
heap
page read and write
4BD0000
direct allocation
page execute and read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
49B1000
heap
page read and write
4E20000
direct allocation
page execute and read and write
1D4DD000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
4831000
heap
page read and write
F14000
heap
page read and write
45B1000
heap
page read and write
44AE000
stack
page read and write
3DAF000
stack
page read and write
4831000
heap
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
236C2000
heap
page read and write
45B1000
heap
page read and write
1D4C5000
heap
page read and write
1D4D9000
heap
page read and write
2D50000
direct allocation
page read and write
F14000
heap
page read and write
1D4DF000
heap
page read and write
45B2000
heap
page read and write
45B1000
heap
page read and write
3040000
heap
page read and write
6D4000
heap
page read and write
3F6F000
stack
page read and write
2B2E000
stack
page read and write
2E6F000
stack
page read and write
4BAE000
stack
page read and write
5270000
direct allocation
page read and write
33A000
unkown
page write copy
328000
unkown
page execute and read and write
426E000
stack
page read and write
1D4E0000
heap
page read and write
45B1000
heap
page read and write
3BAF000
stack
page read and write
45B1000
heap
page read and write
4831000
heap
page read and write
F14000
heap
page read and write
997000
heap
page read and write
F14000
heap
page read and write
346E000
stack
page read and write
42EE000
stack
page read and write
5FD5000
heap
page read and write
35EE000
stack
page read and write
45B1000
heap
page read and write
F14000
heap
page read and write
45B1000
heap
page read and write
482F000
stack
page read and write
45B1000
heap
page read and write
1D4D2000
heap
page read and write
366E000
stack
page read and write
4FD0000
direct allocation
page execute and read and write
5410000
direct allocation
page execute and read and write
436E000
stack
page read and write
4840000
heap
page read and write
1D4D2000
heap
page read and write
6D4000
heap
page read and write
46EF000
stack
page read and write
6D4000
heap
page read and write
AC2000
unkown
page execute and read and write
23760000
trusted library allocation
page read and write
1D4C5000
heap
page read and write
472F000
stack
page read and write
4FD0000
direct allocation
page execute and read and write
1D4C5000
heap
page read and write
4831000
heap
page read and write
2E2E000
stack
page read and write
6D4000
heap
page read and write
D87000
unkown
page execute and read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
4E20000
direct allocation
page execute and read and write
A50000
direct allocation
page read and write
1D4D9000
heap
page read and write
6D4000
heap
page read and write
2D50000
direct allocation
page read and write
6D4000
heap
page read and write
7390000
heap
page read and write
61ED3000
direct allocation
page read and write
45B1000
heap
page read and write
780000
unkown
page execute and read and write
39EF000
stack
page read and write
1D4B7000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
781000
unkown
page execute and write copy
45B1000
heap
page read and write
2D50000
direct allocation
page read and write
45B1000
heap
page read and write
500E000
stack
page read and write
35AE000
stack
page read and write
1D4E0000
heap
page read and write
392F000
stack
page read and write
1D49B000
heap
page read and write
A25000
heap
page read and write
2355E000
stack
page read and write
5450000
direct allocation
page execute and read and write
61E00000
direct allocation
page execute and read and write
23751000
heap
page read and write
6D4000
heap
page read and write
1D4C5000
heap
page read and write
733CE000
unkown
page read and write
6D5000
heap
page read and write
6D4000
heap
page read and write
4830000
heap
page read and write
4831000
heap
page read and write
A50000
direct allocation
page read and write
4B90000
direct allocation
page execute and read and write
1D4C5000
heap
page read and write
1D4A9000
heap
page read and write
45B1000
heap
page read and write
4C30000
direct allocation
page execute and read and write
6D4000
heap
page read and write
1610000
direct allocation
page read and write
987000
heap
page read and write
1D4AB000
heap
page read and write
3F6F000
stack
page read and write
D40000
unkown
page execute and read and write
4831000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
F41000
unkown
page execute and read and write
10DB000
heap
page read and write
1D4AB000
heap
page read and write
34EF000
stack
page read and write
6D4000
heap
page read and write
A60000
unkown
page readonly
49B1000
heap
page read and write
1090000
heap
page read and write
3DEE000
stack
page read and write
5470000
direct allocation
page execute and read and write
238E0000
trusted library allocation
page read and write
1D4DF000
heap
page read and write
1D4BC000
heap
page read and write
432F000
stack
page read and write
4831000
heap
page read and write
1610000
direct allocation
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
1D4BA000
heap
page read and write
23660000
heap
page read and write
2A5CC000
stack
page read and write
41EF000
stack
page read and write
EF3000
stack
page read and write
5A3000
unkown
page execute and read and write
54EF000
stack
page read and write
638E000
heap
page read and write
472E000
stack
page read and write
1D4A2000
heap
page read and write
4831000
heap
page read and write
1D4E0000
heap
page read and write
49B1000
heap
page read and write
36AF000
stack
page read and write
A50000
direct allocation
page read and write
6D4000
heap
page read and write
382E000
stack
page read and write
73341000
unkown
page execute read
49B1000
heap
page read and write
D98000
unkown
page execute and write copy
45B1000
heap
page read and write
37EF000
stack
page read and write
8AF000
stack
page read and write
1D4B7000
heap
page read and write
45B1000
heap
page read and write
49B1000
heap
page read and write
147E000
stack
page read and write
4DF0000
heap
page read and write
6D4000
heap
page read and write
8B0000
direct allocation
page read and write
45B1000
heap
page read and write
4DF1000
heap
page read and write
49B1000
heap
page read and write
30AF000
stack
page read and write
37AE000
stack
page read and write
49B1000
heap
page read and write
49B1000
heap
page read and write
33A000
unkown
page read and write
73B9000
heap
page read and write
40AF000
stack
page read and write
49B1000
heap
page read and write
3A6F000
stack
page read and write
4B90000
direct allocation
page execute and read and write
F14000
heap
page read and write
45B2000
heap
page read and write
6D4000
heap
page read and write
53EE000
stack
page read and write
1D1ED000
stack
page read and write
49B1000
heap
page read and write
2D50000
direct allocation
page read and write
4831000
heap
page read and write
8B0000
direct allocation
page read and write
3EAE000
stack
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
D71000
unkown
page execute and read and write
4831000
heap
page read and write
6D4000
heap
page read and write
D97000
unkown
page execute and write copy
10BC000
stack
page read and write
446F000
stack
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
F0000
unkown
page readonly
346E000
stack
page read and write
4EB0000
direct allocation
page execute and read and write
1610000
direct allocation
page read and write
F14000
heap
page read and write
1610000
direct allocation
page read and write
45B1000
heap
page read and write
46B0000
trusted library allocation
page read and write
6D4000
heap
page read and write
4FC0000
direct allocation
page execute and read and write
1D4A9000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
49AF000
stack
page read and write
2E6F000
stack
page read and write
EFE000
stack
page read and write
911000
heap
page read and write
45B1000
heap
page read and write
4DF1000
heap
page read and write
1D4AB000
heap
page read and write
107E000
stack
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
6D5000
heap
page read and write
32EF000
stack
page read and write
D87000
unkown
page execute and write copy
6D4000
heap
page read and write
1D4A1000
heap
page read and write
1D4C5000
heap
page read and write
6D4000
heap
page read and write
4E20000
direct allocation
page execute and read and write
F14000
heap
page read and write
6D4000
heap
page read and write
4930000
trusted library allocation
page read and write
49B1000
heap
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
4831000
heap
page read and write
1D4AF000
heap
page read and write
40EE000
stack
page read and write
236CA000
heap
page read and write
53AF000
stack
page read and write
33C000
unkown
page execute and read and write
42AF000
stack
page read and write
4B6F000
stack
page read and write
45B1000
heap
page read and write
1D42D000
stack
page read and write
4E00000
direct allocation
page execute and read and write
6D4000
heap
page read and write
45EE000
stack
page read and write
4850000
heap
page read and write
4844000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
45B2000
heap
page read and write
3CEE000
stack
page read and write
1D4BC000
heap
page read and write
6D4000
heap
page read and write
6D5000
heap
page read and write
49B1000
heap
page read and write
159F000
stack
page read and write
43AE000
stack
page read and write
6B7000
heap
page read and write
33EE000
stack
page read and write
35AF000
stack
page read and write
45B1000
heap
page read and write
4831000
heap
page read and write
F14000
heap
page read and write
1D5BA000
heap
page read and write
4FCB000
stack
page read and write
2F6F000
stack
page read and write
1D49F000
heap
page read and write
1D4C5000
heap
page read and write
4D7B000
stack
page read and write
2FFE000
stack
page read and write
45B1000
heap
page read and write
4831000
heap
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
5480000
direct allocation
page execute and read and write
6D4000
heap
page read and write
49B1000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
432F000
stack
page read and write
6D4000
heap
page read and write
1D4E0000
heap
page read and write
1D05F000
stack
page read and write
F14000
heap
page read and write
2D50000
direct allocation
page read and write
6D4000
heap
page read and write
6CC05000
unkown
page readonly
4831000
heap
page read and write
1D4D2000
heap
page read and write
2CAF000
stack
page read and write
6D4000
heap
page read and write
3AEE000
stack
page read and write
45B1000
heap
page read and write
4E70000
direct allocation
page execute and read and write
112C000
heap
page read and write
4831000
heap
page read and write
45B1000
heap
page read and write
6D0000
heap
page read and write
1D4E0000
heap
page read and write
6D4000
heap
page read and write
1D4E0000
heap
page read and write
4831000
heap
page read and write
49B1000
heap
page read and write
2B50000
direct allocation
page read and write
49B1000
heap
page read and write
43EF000
stack
page read and write
6D4000
heap
page read and write
181F000
stack
page read and write
306F000
stack
page read and write
2D50000
direct allocation
page read and write
70B8000
heap
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
1D5B0000
trusted library allocation
page read and write
5430000
direct allocation
page execute and read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
36AF000
stack
page read and write
127000
unkown
page execute and read and write
45B1000
heap
page read and write
A50000
direct allocation
page read and write
1D4DA000
heap
page read and write
6D4000
heap
page read and write
F14000
heap
page read and write
37EF000
stack
page read and write
3FAF000
stack
page read and write
6D4000
heap
page read and write
49B1000
heap
page read and write
45B1000
heap
page read and write
5E3000
unkown
page execute and write copy
174000
unkown
page execute and read and write
D87000
unkown
page execute and write copy
45EF000
stack
page read and write
61E01000
direct allocation
page execute read
2D50000
direct allocation
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
4DF1000
heap
page read and write
49B1000
heap
page read and write
A20000
heap
page read and write
49B1000
heap
page read and write
2B60000
heap
page read and write
49B1000
heap
page read and write
45B1000
heap
page read and write
416F000
stack
page read and write
562C000
stack
page read and write
45B1000
heap
page read and write
4B70000
direct allocation
page execute and read and write
4831000
heap
page read and write
4DEF000
stack
page read and write
45B1000
heap
page read and write
4E60000
direct allocation
page execute and read and write
41AE000
stack
page read and write
6CC00000
unkown
page read and write
4B90000
direct allocation
page execute and read and write
4831000
heap
page read and write
8B0000
direct allocation
page read and write
31AF000
stack
page read and write
1D4DC000
heap
page read and write
45B1000
heap
page read and write
1D4C5000
heap
page read and write
4A2F000
stack
page read and write
1D4D2000
heap
page read and write
422F000
stack
page read and write
45B1000
heap
page read and write
446F000
stack
page read and write
45B1000
heap
page read and write
4831000
heap
page read and write
6CA20000
unkown
page readonly
45B1000
heap
page read and write
45B1000
heap
page read and write
3AA000
stack
page read and write
2DEF000
stack
page read and write
6D4000
heap
page read and write
4BE0000
direct allocation
page execute and read and write
1116000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
1D4AB000
heap
page read and write
406E000
stack
page read and write
1D4D7000
heap
page read and write
2D50000
direct allocation
page read and write
45B1000
heap
page read and write
23733000
heap
page read and write
1D4DB000
heap
page read and write
1113000
heap
page read and write
5F9E000
stack
page read and write
4831000
heap
page read and write
45B1000
heap
page read and write
F14000
heap
page read and write
5440000
direct allocation
page execute and read and write
F14000
heap
page read and write
109A000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
1D2EC000
stack
page read and write
F14000
heap
page read and write
6D4000
heap
page read and write
AC9000
unkown
page write copy
6D4000
heap
page read and write
4831000
heap
page read and write
46AE000
stack
page read and write
1BC000
unkown
page execute and read and write
49B1000
heap
page read and write
4EBF000
stack
page read and write
45AF000
stack
page read and write
48AE000
stack
page read and write
4831000
heap
page read and write
8B0000
direct allocation
page read and write
F14000
heap
page read and write
1A5000
unkown
page execute and read and write
A50000
direct allocation
page read and write
332E000
stack
page read and write
36EE000
stack
page read and write
2A6E000
stack
page read and write
1D4E0000
heap
page read and write
6D4000
heap
page read and write
8B0000
direct allocation
page read and write
4831000
heap
page read and write
34AE000
stack
page read and write
2AEE000
stack
page read and write
6D4000
heap
page read and write
49B1000
heap
page read and write
F31000
unkown
page execute and read and write
4831000
heap
page read and write
3E6F000
stack
page read and write
6D4000
heap
page read and write
1D4B7000
heap
page read and write
45B1000
heap
page read and write
F30000
heap
page read and write
2D60000
heap
page read and write
1D4C4000
heap
page read and write
49B1000
heap
page read and write
4C5000
unkown
page execute and read and write
332F000
stack
page read and write
993000
heap
page read and write
15CE000
stack
page read and write
6D4000
heap
page read and write
996000
heap
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
31EE000
stack
page read and write
6D4000
heap
page read and write
5EE000
stack
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
6D5000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
10DF000
heap
page read and write
6D4000
heap
page read and write
F14000
heap
page read and write
1D492000
heap
page read and write
F14000
heap
page read and write
1D4C5000
heap
page read and write
236C7000
heap
page read and write
663E000
stack
page read and write
1D4BC000
heap
page read and write
1610000
direct allocation
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
236E1000
heap
page read and write
4E8C000
stack
page read and write
28EF000
stack
page read and write
5000000
direct allocation
page execute and read and write
45B1000
heap
page read and write
23978000
heap
page read and write
1D4C5000
heap
page read and write
376F000
stack
page read and write
5400000
direct allocation
page execute and read and write
2B6D000
heap
page read and write
5E4000
unkown
page execute and write copy
C60000
unkown
page execute and read and write
45B1000
heap
page read and write
F14000
heap
page read and write
49B1000
heap
page read and write
4E90000
direct allocation
page execute and read and write
4E20000
direct allocation
page execute and read and write
3A6F000
stack
page read and write
A50000
direct allocation
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
1CF1F000
stack
page read and write
49B1000
heap
page read and write
382E000
stack
page read and write
4831000
heap
page read and write
49B1000
heap
page read and write
64FB000
stack
page read and write
1D545000
heap
page read and write
336E000
stack
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
738C000
stack
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
1D4BC000
heap
page read and write
23752000
heap
page read and write
49B1000
heap
page read and write
6D4000
heap
page read and write
F14000
heap
page read and write
4831000
heap
page read and write
5E3000
unkown
page execute and read and write
45B1000
heap
page read and write
53F0000
direct allocation
page execute and read and write
1610000
direct allocation
page read and write
1D4C5000
heap
page read and write
1D4D2000
heap
page read and write
4A6E000
stack
page read and write
1D4A1000
heap
page read and write
6D4000
heap
page read and write
ADB000
unkown
page execute and read and write
1D4D4000
heap
page read and write
36EE000
stack
page read and write
1D4DD000
heap
page read and write
45B1000
heap
page read and write
4E76000
direct allocation
page read and write
A50000
direct allocation
page read and write
A50000
direct allocation
page read and write
51C000
stack
page read and write
ACB000
unkown
page execute and read and write
6D4000
heap
page read and write
673F000
stack
page read and write
362F000
stack
page read and write
F14000
heap
page read and write
3BEE000
stack
page read and write
4E40000
direct allocation
page read and write
45B1000
heap
page read and write
1D4BD000
heap
page read and write
236CF000
heap
page read and write
A61000
unkown
page execute and write copy
45B1000
heap
page read and write
45B1000
heap
page read and write
68E000
stack
page read and write
32EF000
stack
page read and write
A70000
unkown
page readonly
332E000
stack
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
1CE1E000
stack
page read and write
1D4BD000
heap
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
4B90000
direct allocation
page execute and read and write
6D4000
heap
page read and write
4BF0000
direct allocation
page execute and read and write
F14000
heap
page read and write
F14000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
45B1000
heap
page read and write
2A5D1000
heap
page read and write
A50000
direct allocation
page read and write
2D67000
heap
page read and write
49C2000
heap
page read and write
257000
unkown
page execute and read and write
F14000
heap
page read and write
486F000
stack
page read and write
A71000
unkown
page execute and write copy
AC9000
unkown
page write copy
45B1000
heap
page read and write
6D5000
heap
page read and write
23760000
trusted library allocation
page read and write
2F6F000
stack
page read and write
8B0000
direct allocation
page read and write
3D2F000
stack
page read and write
4831000
heap
page read and write
510F000
stack
page read and write
6CBBF000
unkown
page readonly
1D4BA000
heap
page read and write
6D4000
heap
page read and write
45B2000
heap
page read and write
1610000
direct allocation
page read and write
356F000
stack
page read and write
D78000
unkown
page execute and read and write
6D4000
heap
page read and write
1D4D2000
heap
page read and write
45B1000
heap
page read and write
6D4000
heap
page read and write
F14000
heap
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
4831000
heap
page read and write
1D4E0000
heap
page read and write
45B1000
heap
page read and write
1D4B3000
heap
page read and write
45AF000
stack
page read and write
7391000
heap
page read and write
F14000
heap
page read and write
49B1000
heap
page read and write
237DE000
stack
page read and write
162A000
heap
page read and write
4BA0000
direct allocation
page execute and read and write
392F000
stack
page read and write
23724000
heap
page read and write
6D5000
heap
page read and write
316F000
stack
page read and write
73340000
unkown
page readonly
3EEF000
stack
page read and write
6D4000
heap
page read and write
1CCDE000
stack
page read and write
4831000
heap
page read and write
6D4000
heap
page read and write
995000
heap
page read and write
6D4000
heap
page read and write
2BAE000
stack
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
162E000
heap
page read and write
A61000
unkown
page execute and write copy
3D2E000
stack
page read and write
4CEC000
stack
page read and write
1D4C5000
heap
page read and write
6D4000
heap
page read and write
306F000
stack
page read and write
4BB0000
direct allocation
page execute and read and write
F14000
heap
page read and write
3E2F000
stack
page read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
30EE000
stack
page read and write
5420000
direct allocation
page execute and read and write
45B1000
heap
page read and write
45B1000
heap
page read and write
4E10000
direct allocation
page execute and read and write
2D50000
direct allocation
page read and write
6D4000
heap
page read and write
6D4000
heap
page read and write
2CBF000
stack
page read and write
A40000
heap
page read and write
1D4E0000
heap
page read and write
4A10000
heap
page read and write
4C00000
direct allocation
page execute and read and write
27EE000
stack
page read and write
45B1000
heap
page read and write
396E000
stack
page read and write
1610000
direct allocation
page read and write
45B1000
heap
page read and write
38EE000
stack
page read and write
23980000
heap
page read and write
4831000
heap
page read and write
2D50000
direct allocation
page read and write
There are 1263 hidden memdumps, click here to show them.