IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsKJECFHCBKK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BGIIDAEBGCAAECAKFHII
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\BKECFIIE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\EGIIJDHCGCBKECBFIJKKFCBKEG
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\GCGCFCBAKKFBFIECAEBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IDGHDGIDAKEBAAKFCGHCBAKJDA
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KKEHIEBK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KKJKFBKKECFHJKEBKEHI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fde0e4bc1c.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5b8a055d-527e-48bd-a9c8-da2523f5022d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\623c7982-e609-4620-a03b-ec478cdfef44.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\995ed4a9-bdde-49ea-a20c-5601db86e4fe.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\f018612c-4d4b-40e5-bab6-335f6e767f9c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673321CF-1FC4.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\051b0893-5160-4af3-9ce2-28426d77029c.tmp
Unicode text, UTF-8 text, with very long lines (17483), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\09aea466-8964-43eb-aa84-ee6f008badea.tmp
Unicode text, UTF-8 text, with very long lines (17274), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2ab6b2df-25d1-4c48-ba6b-418a7841ae9b.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4857aa0d-8cb9-48a6-bed3-9c4d79e7c52c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4d47673f-8d27-43da-80f8-adfecc159c04.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\590d4637-b2bb-4092-ae8a-256e85ca46f6.tmp
Unicode text, UTF-8 text, with very long lines (17439), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6e854ed9-70ad-44ba-843f-b478921c0d76.tmp
Unicode text, UTF-8 text, with very long lines (16681), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\78cf8430-c6b8-4089-bf4d-da5a28aa2403.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\92a18e32-b9b0-40db-a39d-90019b06eebd.tmp
Unicode text, UTF-8 text, with very long lines (17439), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.ldb
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000004.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old~RF65aa5.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\17730185-b34e-48b8-a451-0312dfa844c0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1868c053-d12e-472d-9044-9c6a2ab4a445.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3eb12d48-fce6-4886-a307-76ce5692353f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\48917747-4b68-4a28-ac2f-000afb01ac7b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\99a31a8f-0e98-43c5-84fd-23bce2bf7c7b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4a2c4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF71d98.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 10, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3925e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3a5a7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\baede17a-6a8d-4ff8-90cd-b98c9bcc0343.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e9c921a0-ecb7-4706-a03e-70f5242e8462.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3d562.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40fea.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43c4a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF49799.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF585a2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF841e4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3d572.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF40b56.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF41181.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375877842109657
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\68341be6-6a2b-41fc-b906-13538da71901.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3a5c6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a97832c0-51d9-4d4c-bd33-c7586710d58d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b9abcfc1-e718-407e-b8bd-9f5d963f98f6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c32461aa-9add-4bfd-b3ba-003f9304c677.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c1fd0282-92de-48e7-97d1-68ce80ce392d.tmp
Unicode text, UTF-8 text, with very long lines (17531), with no line terminators
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c39b5b7a-ab0b-4480-b1cd-c86ace992c0e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\de0a63f1-62c0-4e64-8231-88355a865967.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f0631e90-80e7-44fd-b8d7-a23b61b1d642.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\uu_host_config
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF383e7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF383f6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38696.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ad68.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3e456.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4971c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4f72d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a0bb09e4-324f-436c-b0e7-e26003fb3053.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\abe4562d-8254-491c-8c5c-bf047505af6a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b026a0a1-067e-4af0-9c87-4b1debae595a.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c59b937e-1068-43da-a816-592ce2dfd239.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e3093ebd-6d80-4f0d-ae27-4a2c448a9aeb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\0c25d27c-4873-454e-adc2-9dc0f4387be9.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\11da1df9-df9c-42ab-920b-80bbcdda525b.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\138a3bdc-15ee-4e92-9457-739e2ac8e751.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\2cc781bc-ffc3-49ce-979f-06c2c044ec1a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\486b189b-c117-426c-9f35-3262d50b4545.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\6b45466e-55a0-455b-a8b1-cc19f661e26d.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\86a6a60e-a78b-488a-8d13-d90bb347149d.tmp
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1367996613\11da1df9-df9c-42ab-920b-80bbcdda525b.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1367996613\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1367996613\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1367996613\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1367996613\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\6b45466e-55a0-455b-a8b1-cc19f661e26d.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3700)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8132_1604107793\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3705)
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 458
ASCII text, with very long lines (5138)
downloaded
Chrome Cache Entry: 459
ASCII text
downloaded
Chrome Cache Entry: 460
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 461
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 462
ASCII text, with very long lines (1302)
downloaded
Chrome Cache Entry: 463
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 464
SVG Scalable Vector Graphics image
downloaded
There are 301 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2212,i,7968163992587287453,17615020067299971596,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2132,i,10544505411866981642,738712716715978789,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2536,i,4610100541938164745,4324422635635765773,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7048 --field-trial-handle=2536,i,4610100541938164745,4324422635635765773,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7188 --field-trial-handle=2536,i,4610100541938164745,4324422635635765773,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6624 --field-trial-handle=2536,i,4610100541938164745,4324422635635765773,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6624 --field-trial-handle=2536,i,4610100541938164745,4324422635635765773,262144 /prefetch:8
malicious
C:\Users\user\DocumentsKJECFHCBKK.exe
"C:\Users\user\DocumentsKJECFHCBKK.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Users\user\AppData\Local\Temp\1005725001\8a46fa4b5e.exe
"C:\Users\user\AppData\Local\Temp\1005725001\8a46fa4b5e.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7172 --field-trial-handle=2536,i,4610100541938164745,4324422635635765773,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\1005727001\fde0e4bc1c.exe
"C:\Users\user\AppData\Local\Temp\1005727001\fde0e4bc1c.exe"
malicious
C:\Users\user\AppData\Local\Temp\1005725001\8a46fa4b5e.exe
"C:\Users\user\AppData\Local\Temp\1005725001\8a46fa4b5e.exe"
malicious
C:\Users\user\AppData\Local\Temp\1005727001\fde0e4bc1c.exe
"C:\Users\user\AppData\Local\Temp\1005727001\fde0e4bc1c.exe"
malicious
C:\Users\user\AppData\Local\Temp\1005727001\fde0e4bc1c.exe
"C:\Users\user\AppData\Local\Temp\1005727001\fde0e4bc1c.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6604 --field-trial-handle=2536,i,4610100541938164745,4324422635635765773,262144 /prefetch:8
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKJECFHCBKK.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 15 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://edgeassetservice.azure
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllF
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllH
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll.
unknown
http://185.215.113.43/Zu7JuNko/index.phpncoded
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731404254772&w=0&anoncknm=app_anon&NoResponseBody=true
104.46.162.225
https://sb.scorecardresearch.com/
unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
http://185.215.113.43/Zu7JuNko/index.php38c2817dba29a4b5b25dcf0
unknown
https://docs.google.com/
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://mail.google.com
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
http://185.215.113.206Q
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731404255471&w=0&anoncknm=app_anon&NoResponseBody=true
104.46.162.225
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
http://185.215.113.43/Zu7JuNko/index.php727001
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dllIj
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1731404254776&w=0&anoncknm=app_anon&NoResponseBody=true
104.46.162.225
http://185.215.113.43/Zu7JuNko/index.phpcoded
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.185.196
https://sb.scorecardresearch.com/b?rn=1731404251590&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=34DD94F9EF376C2E059581CCEEC66D3A&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
3.170.115.57
http://185.215.113.206/c4becf79229cb002.php/pwL
unknown
https://unitedstates4.ss.wd.microsoft.us/
unknown
http://185.215.113.2067
unknown
185.215.113.206/c4becf79229cb002.php
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://185.215.113.206/c4becf79229cb002.php/
unknown
http://185.215.113.43/Zu7JuNko/index.phpy1mb3JtLXVybGVuY29kZWQ=
unknown
https://assets.msn.com
unknown
http://185.215.113.206/c4becf79229cb002.php.
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/c4becf79229cb002.php2
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
https://plus.google.com
unknown
http://185.215.113.16/steam/random.exe1395d7f
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
104.93.21.25
https://www.google.com/chrome
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
http://185.215.113.43/Zu7JuNko/index.php725001
unknown
http://185.215.113.43/Zu7JuNko/index.php38c2817dba29a4b5b25dcf0l
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
http://185.215.113.43/Zu7JuNko/index.phpded
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://c.msn.com/c.gif?rnd=1731404251589&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a019179ec43e4776a80ea6b80a7b119a&activityId=a019179ec43e4776a80ea6b80a7b119a&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=22CC02CED9344791A56F8517134BB5F7&MUID=34DD94F9EF376C2E059581CCEEC66D3A
20.125.209.212
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
http://185.215.113.206/c4becf79229cb002.phpM
unknown
https://chrome.google.com/webstore/
unknown
http://185.215.113.206/c4becf79229cb002.phpN
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllJ
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx
142.250.184.225
https://assets.msn.cn/resolver/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
https://c.msn.com/c.gif?rnd=1731404251589&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=a019179ec43e4776a80ea6b80a7b119a&activityId=a019179ec43e4776a80ea6b80a7b119a&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
20.125.209.212
https://clients6.google.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNs
unknown
http://185.215.113.43/Zu7JuNko/index.phpncodedE
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.43/Zu7JuNko/index.phpY
unknown
http://185.215.113.43/Zu7JuNko/index.phpZ
unknown
http://185.215.113.206/c4becf79229cb002.php/j
unknown
http://185.215.113.206/c4becf79229cb002.phpf
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
http://185.215.113.206/c4becf79229cb002.phpi
unknown
https://web.skype.com/?
unknown
http://185.215.113.43/Zu7JuNko/index.phpI
unknown
http://185.215.113.43/Zu7JuNko/index.phpncoded8
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
http://185.215.113.43/Zu7JuNko/index.phpH
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mira-tmc.tm-4.office.com
52.123.243.216
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.185.174
play.google.com
142.250.185.174
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.244.18.27
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.185.196
googlehosted.l.googleusercontent.com
142.250.184.225
sni1gl.wpc.nucdn.net
152.199.21.175
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.45
s-part-0017.t-0009.t-msedge.net
United States
20.125.209.212
unknown
United States
162.159.61.3
unknown
United States
142.250.184.225
googlehosted.l.googleusercontent.com
United States
23.218.232.182
unknown
United States
23.221.22.207
unknown
United States
104.93.21.25
unknown
United States
52.123.243.216
mira-tmc.tm-4.office.com
United States
239.255.255.250
unknown
Reserved
142.250.185.196
www.google.com
United States
20.75.60.91
unknown
United States
23.47.50.145
unknown
United States
127.0.0.1
unknown
unknown
23.198.7.187
unknown
United States
192.168.2.16
unknown
unknown
18.244.18.27
sb.scorecardresearch.com
United States
23.198.7.180
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
3.170.115.57
unknown
United States
13.107.246.57
unknown
United States
23.198.7.177
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
104.46.162.225
unknown
United States
There are 18 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
8a46fa4b5e.exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
fde0e4bc1c.exe
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197660
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197660
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197660
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197660
WindowTabManagerFileMappingId
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection
There are 156 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
281000
unkown
page execute and read and write
 malicious
1B4B000
heap
page read and write
 malicious
191000
unkown
page execute and read and write
 malicious
191000
unkown
page execute and read and write
 malicious
AA1000
unkown
page execute and read and write
 malicious
F11000
unkown
page execute and read and write
 malicious
F11000
unkown
page execute and read and write
 malicious
BDE000
heap
page read and write
 malicious
5160000
direct allocation
page read and write
 malicious
5860000
direct allocation
page read and write
 malicious
4B70000
direct allocation
page read and write
 malicious
191000
unkown
page execute and read and write
 malicious
7CE000
heap
page read and write
 malicious
6CD45000
unkown
page readonly
D36000
heap
page read and write
A8E000
stack
page read and write
AA0000
heap
page read and write
53D1000
heap
page read and write
4CB0000
heap
page read and write
1404000
heap
page read and write
D4D000
heap
page read and write
4CC0000
direct allocation
page read and write
4D11000
heap
page read and write
19A4000
heap
page read and write
D34000
heap
page read and write
52D0000
direct allocation
page execute and read and write
D34000
heap
page read and write
61EB4000
direct allocation
page read and write
30CE000
stack
page read and write
381000
unkown
page execute and read and write
A3E000
stack
page read and write
2460000
direct allocation
page read and write
119A000
heap
page read and write
53D1000
heap
page read and write
1D1B7000
heap
page read and write
432F000
stack
page read and write
43AE000
stack
page read and write
D34000
heap
page read and write
53D1000
heap
page read and write
1404000
heap
page read and write
45B1000
heap
page read and write
1404000
heap
page read and write
B24000
heap
page read and write
435F000
stack
page read and write
46F1000
heap
page read and write
266D000
stack
page read and write
F9E000
unkown
page execute and read and write
53D1000
heap
page read and write
2BA7000
heap
page read and write
356F000
stack
page read and write
3B8F000
stack
page read and write
7E4000
heap
page read and write
6CB61000
unkown
page execute read
B24000
heap
page read and write
6CB60000
unkown
page readonly
52E0000
direct allocation
page execute and read and write
3FBE000
stack
page read and write
B6B000
unkown
page execute and write copy
4D11000
heap
page read and write
C1F000
unkown
page execute and read and write
3ACE000
stack
page read and write
53D0000
heap
page read and write
D36000
heap
page read and write
45A0000
direct allocation
page read and write
1404000
heap
page read and write
472F000
stack
page read and write
4AF1000
heap
page read and write
1D1D9000
heap
page read and write
4BF1000
heap
page read and write
397E000
stack
page read and write
3FD000
unkown
page execute and read and write
2460000
direct allocation
page read and write
2470000
heap
page read and write
C02000
unkown
page execute and read and write
4D11000
heap
page read and write
434F000
stack
page read and write
D34000
heap
page read and write
45A0000
direct allocation
page read and write
4CE1000
heap
page read and write
B7C000
unkown
page execute and write copy
53D1000
heap
page read and write
2A5F000
stack
page read and write
C28000
unkown
page execute and write copy
19A4000
heap
page read and write
4E20000
direct allocation
page read and write
15F9000
heap
page read and write
B24000
heap
page read and write
4CE1000
heap
page read and write
3D6E000
stack
page read and write
B9E000
unkown
page execute and write copy
5C5D000
stack
page read and write
138F000
stack
page read and write
2DFF000
stack
page read and write
4CE1000
heap
page read and write
4CE1000
heap
page read and write
3FDE000
stack
page read and write
4EA7000
trusted library allocation
page execute and read and write
15F8000
heap
page read and write
3C2E000
stack
page read and write
53D1000
heap
page read and write
40A000
unkown
page execute and read and write
49C0000
direct allocation
page execute and read and write
B24000
heap
page read and write
EE0000
heap
page read and write
354F000
stack
page read and write
399E000
stack
page read and write
15F8000
heap
page read and write
4CE1000
heap
page read and write
19A4000
heap
page read and write
1D1B6000
heap
page read and write
42F000
unkown
page execute and read and write
45B1000
heap
page read and write
7C0000
heap
page read and write
278E000
stack
page read and write
2F60000
direct allocation
page read and write
19A4000
heap
page read and write
359F000
stack
page read and write
46F1000
heap
page read and write
C27000
unkown
page execute and read and write
4D11000
heap
page read and write
C7E000
stack
page read and write
4950000
direct allocation
page execute and read and write
F5D000
unkown
page execute and read and write
BCB000
unkown
page execute and read and write
5EAE000
stack
page read and write
1055000
heap
page read and write
1B9D000
heap
page read and write
37CF000
stack
page read and write
B24000
heap
page read and write
C20000
unkown
page execute and write copy
481E000
stack
page read and write
4CE1000
heap
page read and write
11D0000
direct allocation
page read and write
B24000
heap
page read and write
4D11000
heap
page read and write
4EA0000
heap
page read and write
B24000
heap
page read and write
4CC0000
direct allocation
page read and write
2460000
direct allocation
page read and write
4DAE000
stack
page read and write
D21000
heap
page read and write
7E4000
heap
page read and write
36B000
unkown
page execute and read and write
19A4000
heap
page read and write
6CAC1000
unkown
page execute read
B24000
heap
page read and write
7B0000
direct allocation
page read and write
1404000
heap
page read and write
257E000
stack
page read and write
6B0000
heap
page read and write
7E4000
heap
page read and write
3AAF000
stack
page read and write
49E0000
direct allocation
page execute and read and write
5AD000
unkown
page execute and read and write
4BE0000
direct allocation
page read and write
9B0000
heap
page read and write
44A000
unkown
page execute and read and write
1D2B0000
trusted library allocation
page read and write
4FA000
unkown
page execute and read and write
52A000
unkown
page execute and read and write
46F1000
heap
page read and write
D34000
heap
page read and write
C1F000
unkown
page execute and read and write
4CE0000
heap
page read and write
3E8E000
stack
page read and write
B24000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
B24000
heap
page read and write
426E000
stack
page read and write
30DE000
stack
page read and write
5D0000
heap
page read and write
F47000
unkown
page execute and read and write
4D11000
heap
page read and write
6B4000
heap
page read and write
18F5000
stack
page read and write
40AF000
stack
page read and write
D34000
heap
page read and write
2F6E000
stack
page read and write
4C10000
direct allocation
page execute and read and write
4371000
heap
page read and write
448000
unkown
page execute and write copy
B24000
heap
page read and write
D34000
heap
page read and write
4B2E000
stack
page read and write
94E000
stack
page read and write
538000
unkown
page execute and write copy
4BF5000
heap
page read and write
2E2000
unkown
page execute and read and write
4BF1000
heap
page read and write
4980000
direct allocation
page execute and read and write
763E000
stack
page read and write
53C0000
direct allocation
page read and write
433F000
stack
page read and write
45C0000
heap
page read and write
2F60000
direct allocation
page read and write
408F000
stack
page read and write
4D11000
heap
page read and write
4A7000
unkown
page execute and write copy
1404000
heap
page read and write
61ECC000
direct allocation
page read and write
2F60000
direct allocation
page read and write
595000
unkown
page execute and write copy
4AC000
unkown
page execute and write copy
53D1000
heap
page read and write
4371000
heap
page read and write
19A4000
heap
page read and write
D34000
heap
page read and write
B24000
heap
page read and write
41F000
unkown
page execute and write copy
589E000
stack
page read and write
B24000
heap
page read and write
3CAE000
stack
page read and write
4C84000
trusted library allocation
page read and write
13F5000
unkown
page execute and read and write
C23000
unkown
page execute and write copy
B25000
heap
page read and write
CC0000
heap
page read and write
960000
heap
page read and write
59DF000
stack
page read and write
19A4000
heap
page read and write
1D1A4000
heap
page read and write
8FD000
stack
page read and write
46F1000
heap
page read and write
B24000
heap
page read and write
2367C000
heap
page read and write
F11000
unkown
page execute and write copy
4C60000
direct allocation
page execute and read and write
4CD0000
heap
page read and write
4D11000
heap
page read and write
4A40000
direct allocation
page read and write
453000
unkown
page execute and write copy
342F000
stack
page read and write
385E000
stack
page read and write
3AEE000
stack
page read and write
4371000
heap
page read and write
4D11000
heap
page read and write
1400000
heap
page read and write
43A000
unkown
page execute and read and write
436E000
stack
page read and write
B24000
heap
page read and write
4361000
heap
page read and write
4360000
direct allocation
page read and write
4CC0000
direct allocation
page read and write
7E4000
heap
page read and write
4D30000
heap
page read and write
812000
heap
page read and write
1FB000
unkown
page execute and write copy
4A7000
unkown
page execute and write copy
4C6E000
stack
page read and write
2F2F000
stack
page read and write
4CE1000
heap
page read and write
B24000
heap
page read and write
4E90000
trusted library allocation
page read and write
1D1B4000
heap
page read and write
B24000
heap
page read and write
D47000
heap
page read and write
C15000
unkown
page execute and write copy
30E0000
direct allocation
page read and write
4CE1000
heap
page read and write
4D20000
heap
page read and write
9FC000
stack
page read and write
425E000
stack
page read and write
53D1000
heap
page read and write
4F5000
unkown
page execute and write copy
B24000
heap
page read and write
4BF0000
heap
page read and write
6360000
heap
page read and write
D34000
heap
page read and write
53D1000
heap
page read and write
7B0000
direct allocation
page read and write
B24000
heap
page read and write
4CE1000
heap
page read and write
729E000
stack
page read and write
11BE000
stack
page read and write
19A4000
heap
page read and write
1D1C1000
heap
page read and write
2A3F000
stack
page read and write
C1E000
unkown
page execute and write copy
B24000
heap
page read and write
293E000
stack
page read and write
4F10000
heap
page read and write
4D11000
heap
page read and write
1D1C1000
heap
page read and write
41CF000
stack
page read and write
B24000
heap
page read and write
4CAF000
stack
page read and write
B9E000
unkown
page execute and write copy
4970000
direct allocation
page execute and read and write
9F6000
unkown
page write copy
B24000
heap
page read and write
3F8E000
stack
page read and write
3F7F000
stack
page read and write
358E000
stack
page read and write
454000
unkown
page execute and read and write
3A8E000
stack
page read and write
190000
unkown
page readonly
B24000
heap
page read and write
380F000
stack
page read and write
45B1000
heap
page read and write
4BCF000
stack
page read and write
4CC0000
direct allocation
page read and write
CA8000
unkown
page execute and read and write
3FAE000
stack
page read and write
4D11000
heap
page read and write
D34000
heap
page read and write
23281000
heap
page read and write
D34000
heap
page read and write
235DF000
stack
page read and write
471000
unkown
page execute and read and write
19A4000
heap
page read and write
6B4000
heap
page read and write
1D1C0000
heap
page read and write
140B000
unkown
page execute and read and write
4CE0000
heap
page read and write
1F9000
unkown
page write copy
D40000
heap
page read and write
CD1000
heap
page read and write
501E000
stack
page read and write
B24000
heap
page read and write
D34000
heap
page read and write
15A0000
direct allocation
page read and write
C1F000
heap
page read and write
F10000
unkown
page readonly
4CE1000
heap
page read and write
1F9000
unkown
page write copy
321E000
stack
page read and write
6B4000
heap
page read and write
46F1000
heap
page read and write
1B3E000
stack
page read and write
4AC000
unkown
page execute and read and write
543000
unkown
page execute and write copy
8343000
heap
page read and write
418000
unkown
page execute and read and write
79C000
stack
page read and write
3E7000
unkown
page execute and write copy
C30000
unkown
page execute and read and write
190000
unkown
page read and write
B95000
heap
page read and write
4D11000
heap
page read and write
4BD0000
direct allocation
page execute and read and write
1404000
heap
page read and write
513C000
stack
page read and write
11D0000
direct allocation
page read and write
4EAF000
stack
page read and write
376F000
stack
page read and write
B7F000
unkown
page execute and read and write
B24000
heap
page read and write
1D1B1000
heap
page read and write
396E000
stack
page read and write
41F000
unkown
page execute and write copy
CC4000
heap
page read and write
4CE1000
heap
page read and write
D40000
heap
page read and write
3E7000
unkown
page execute and write copy
4BE000
unkown
page execute and write copy
B9C000
unkown
page execute and write copy
47DF000
stack
page read and write
190000
unkown
page readonly
4D11000
heap
page read and write
B24000
heap
page read and write
53C0000
direct allocation
page read and write
40CF000
stack
page read and write
C99000
unkown
page execute and write copy
61ED3000
direct allocation
page read and write
37EF000
stack
page read and write
59D0000
direct allocation
page execute and read and write
2F60000
direct allocation
page read and write
B24000
heap
page read and write
FED000
stack
page read and write
379F000
stack
page read and write
2A2CC000
stack
page read and write
15B1000
unkown
page execute and read and write
C7F000
stack
page read and write
6B4000
heap
page read and write
19A4000
heap
page read and write
4980000
direct allocation
page execute and read and write
19A4000
heap
page read and write
42C000
unkown
page execute and write copy
F9B000
unkown
page execute and write copy
30BE000
stack
page read and write
5AE000
unkown
page execute and write copy
1D1B5000
heap
page read and write
1F2000
unkown
page execute and write copy
4CE1000
heap
page read and write
19A4000
heap
page read and write
6B4000
heap
page read and write
4D11000
heap
page read and write
46F1000
heap
page read and write
F9B000
unkown
page execute and read and write
422000
unkown
page execute and read and write
4D11000
heap
page read and write
1215000
heap
page read and write
27CE000
stack
page read and write
10FE000
stack
page read and write
D9E000
stack
page read and write
3EEF000
stack
page read and write
3D2E000
stack
page read and write
3E5F000
stack
page read and write
4D11000
heap
page read and write
431E000
stack
page read and write
B24000
heap
page read and write
6285000
trusted library allocation
page read and write
D34000
heap
page read and write
599F000
stack
page read and write
162C000
heap
page read and write
4CF0000
trusted library allocation
page read and write
5261000
trusted library allocation
page read and write
698E000
heap
page read and write
45B1000
heap
page read and write
412E000
stack
page read and write
2E2E000
stack
page read and write
D34000
heap
page read and write
454000
unkown
page execute and read and write
1404000
heap
page read and write
11EB000
heap
page read and write
295E000
stack
page read and write
3E2F000
stack
page read and write
99E000
stack
page read and write
93E000
stack
page read and write
19A4000
heap
page read and write
19A4000
heap
page read and write
1F9000
unkown
page write copy
3C9F000
stack
page read and write
9BF000
stack
page read and write
4BA0000
direct allocation
page execute and read and write
C1E000
unkown
page execute and write copy
15F5000
heap
page read and write
4E84000
trusted library allocation
page read and write
3ABE000
stack
page read and write
19A4000
heap
page read and write
B24000
heap
page read and write
C80000
heap
page read and write
512F000
stack
page read and write
3BEF000
stack
page read and write
53D1000
heap
page read and write
B24000
heap
page read and write
15A0000
direct allocation
page read and write
4B00000
heap
page read and write
1404000
heap
page read and write
D25000
heap
page read and write
26DE000
stack
page read and write
1D1C1000
heap
page read and write
4D6F000
stack
page read and write
45A0000
direct allocation
page read and write
19A4000
heap
page read and write
486F000
stack
page read and write
53D1000
heap
page read and write
3CEF000
stack
page read and write
1F9000
unkown
page write copy
45AF000
stack
page read and write
2BAE000
stack
page read and write
BF5000
unkown
page execute and read and write
D34000
heap
page read and write
4D11000
heap
page read and write
44A000
unkown
page execute and read and write
B24000
heap
page read and write
19A4000
heap
page read and write
498000
unkown
page execute and write copy
AD7000
unkown
page execute and read and write
B24000
heap
page read and write
40EE000
stack
page read and write
1D1BD000
heap
page read and write
52F0000
direct allocation
page execute and read and write
45B000
unkown
page execute and read and write
538000
stack
page read and write
11D0000
direct allocation
page read and write
B24000
heap
page read and write
16FF000
stack
page read and write
483E000
stack
page read and write
51F000
unkown
page execute and read and write
740000
heap
page read and write
46F1000
heap
page read and write
B24000
heap
page read and write
B9C000
unkown
page execute and write copy
6B4000
heap
page read and write
405F000
stack
page read and write
B9D000
unkown
page execute and read and write
721D000
stack
page read and write
326F000
stack
page read and write
23314000
heap
page read and write
308E000
stack
page read and write
4ED0000
direct allocation
page execute and read and write
1D1B3000
heap
page read and write
1D1C1000
heap
page read and write
C43000
unkown
page execute and read and write
C17000
unkown
page execute and read and write
1D1C1000
heap
page read and write
19A4000
heap
page read and write
43A000
unkown
page execute and read and write
40EF000
stack
page read and write
9F2000
unkown
page execute and read and write
477000
unkown
page execute and read and write
15F6000
heap
page read and write
329F000
stack
page read and write
B24000
heap
page read and write
7F9E000
stack
page read and write
49B0000
direct allocation
page execute and read and write
4ED000
unkown
page execute and read and write
4D11000
heap
page read and write
19A5000
heap
page read and write
822C000
stack
page read and write
53C0000
direct allocation
page read and write
1D1D7000
heap
page read and write
4CE0000
direct allocation
page execute and read and write
166F000
heap
page read and write
B60000
heap
page read and write
4D11000
heap
page read and write
19A4000
heap
page read and write
B24000
heap
page read and write
4980000
direct allocation
page execute and read and write
4AF0000
heap
page read and write
1404000
heap
page read and write
72DE000
stack
page read and write
15B1000
unkown
page execute and read and write
4D11000
heap
page read and write
BA0000
unkown
page execute and write copy
15A0000
direct allocation
page read and write
BFD000
unkown
page execute and write copy
3E3F000
stack
page read and write
1404000
heap
page read and write
B24000
heap
page read and write
1DCFD000
stack
page read and write
A06000
unkown
page execute and write copy
5AD000
unkown
page execute and write copy
3CCF000
stack
page read and write
1F9000
unkown
page write copy
19A4000
heap
page read and write
3D2000
unkown
page execute and read and write
1250000
heap
page read and write
3FD000
unkown
page execute and read and write
53D1000
heap
page read and write
B20000
heap
page read and write
4980000
direct allocation
page execute and read and write
7B0000
direct allocation
page read and write
44AF000
stack
page read and write
190000
unkown
page readonly
2F80000
direct allocation
page read and write
3A2000
unkown
page execute and read and write
4BE0000
direct allocation
page read and write
D34000
heap
page read and write
516E000
stack
page read and write
F9E000
unkown
page execute and read and write
2B9F000
stack
page read and write
6990000
heap
page read and write
B30000
heap
page read and write
1404000
heap
page read and write
D34000
heap
page read and write
3BCE000
stack
page read and write
4D00000
heap
page read and write
4CE1000
heap
page read and write
3AA000
unkown
page execute and read and write
2BB0000
heap
page read and write
B25000
heap
page read and write
2FCF000
stack
page read and write
39EF000
stack
page read and write
19A4000
heap
page read and write
4BE0000
direct allocation
page read and write
19A4000
heap
page read and write
1D1CC000
heap
page read and write
C30000
unkown
page execute and read and write
4710000
heap
page read and write
D34000
heap
page read and write
2F6E000
stack
page read and write
CA8000
unkown
page execute and write copy
47AF000
stack
page read and write
45A0000
direct allocation
page read and write
4A5000
unkown
page execute and write copy
191000
unkown
page execute and write copy
51CC000
stack
page read and write
1404000
heap
page read and write
4AE000
unkown
page execute and write copy
3D0E000
stack
page read and write
1D1C1000
heap
page read and write
1AFE000
stack
page read and write
396E000
stack
page read and write
BCC000
unkown
page execute and write copy
F10000
unkown
page read and write
1148000
unkown
page execute and read and write
4CE1000
heap
page read and write
C99000
unkown
page execute and write copy
4A5000
unkown
page execute and write copy
4C9A000
trusted library allocation
page execute and read and write
3E8000
unkown
page execute and read and write
36AF000
stack
page read and write
9F2000
unkown
page execute and write copy
2A9E000
stack
page read and write
422E000
stack
page read and write
166C000
heap
page read and write
7E4000
heap
page read and write
19A4000
heap
page read and write
52F0000
direct allocation
page execute and read and write
382E000
stack
page read and write
B24000
heap
page read and write
19A4000
heap
page read and write
5860000
direct allocation
page read and write
4D10000
trusted library allocation
page read and write
23460000
trusted library allocation
page read and write
484F000
stack
page read and write
CBF000
stack
page read and write
6B4000
heap
page read and write
312F000
stack
page read and write
4AC000
unkown
page execute and read and write
4980000
direct allocation
page execute and read and write
2B8E000
stack
page read and write
1404000
heap
page read and write
140B000
unkown
page execute and write copy
C15000
unkown
page execute and write copy
DBE000
stack
page read and write
B24000
heap
page read and write
3BEE000
stack
page read and write
15A0000
direct allocation
page read and write
F47000
unkown
page execute and read and write
DFC000
stack
page read and write
1404000
heap
page read and write
436E000
stack
page read and write
53D1000
heap
page read and write
9CE000
stack
page read and write
4E90000
direct allocation
page execute and read and write
4CE1000
heap
page read and write
1404000
heap
page read and write
561F000
stack
page read and write
2CAF000
stack
page read and write
46DE000
stack
page read and write
494F000
stack
page read and write
D37000
heap
page read and write
19A4000
heap
page read and write
44AE000
stack
page read and write
38C000
unkown
page execute and read and write
7E4000
heap
page read and write
B24000
heap
page read and write
3BBF000
stack
page read and write
1F2000
unkown
page execute and write copy
2F60000
direct allocation
page read and write
393F000
stack
page read and write
B9F000
unkown
page execute and read and write
4BE0000
direct allocation
page read and write
4CE1000
heap
page read and write
4D11000
heap
page read and write
A90000
direct allocation
page read and write
FBF000
unkown
page execute and read and write
C28000
unkown
page execute and write copy
B7B000
unkown
page execute and read and write
1D1B8000
heap
page read and write
4BF2000
heap
page read and write
19A4000
heap
page read and write
4800000
direct allocation
page read and write
7E4000
heap
page read and write
46F1000
heap
page read and write
7E4000
heap
page read and write
2AEF000
stack
page read and write
2CBF000
stack
page read and write
46F1000
heap
page read and write
7E4000
heap
page read and write
4BF0000
direct allocation
page execute and read and write
418000
unkown
page execute and read and write
11D0000
direct allocation
page read and write
B24000
heap
page read and write
3BEE000
stack
page read and write
35BE000
stack
page read and write
3BC000
unkown
page execute and write copy
4360000
direct allocation
page read and write
4D11000
heap
page read and write
1404000
heap
page read and write
352E000
stack
page read and write
3BAF000
stack
page read and write
6B4000
heap
page read and write
140C000
unkown
page execute and write copy
499000
unkown
page execute and write copy
19A4000
heap
page read and write
5030000
trusted library allocation
page read and write
BB7000
unkown
page execute and write copy
53D1000
heap
page read and write
46F1000
heap
page read and write
46EF000
stack
page read and write
4CE1000
heap
page read and write
19A4000
heap
page read and write
36A0000
heap
page read and write
53D1000
heap
page read and write
4980000
direct allocation
page execute and read and write
B24000
heap
page read and write
833D000
heap
page read and write
4CE1000
heap
page read and write
BBA000
unkown
page execute and write copy
45EF000
stack
page read and write
38DF000
stack
page read and write
36FE000
stack
page read and write
3D0E000
stack
page read and write
4BB0000
direct allocation
page execute and read and write
4D11000
heap
page read and write
1CADF000
stack
page read and write
B24000
heap
page read and write
2FEF000
stack
page read and write
3F4F000
stack
page read and write
53D1000
heap
page read and write
4CE1000
heap
page read and write
3D2F000
stack
page read and write
6B4000
heap
page read and write
43A000
unkown
page execute and read and write
470F000
stack
page read and write
19A4000
heap
page read and write
526F000
stack
page read and write
D37000
heap
page read and write
6B4000
heap
page read and write
19A4000
heap
page read and write
2A1CC000
stack
page read and write
5EC5000
heap
page read and write
7B0000
direct allocation
page read and write
4A10000
direct allocation
page execute and read and write
3E7000
unkown
page execute and write copy
6294000
trusted library allocation
page read and write
4ED0000
trusted library allocation
page read and write
79E000
stack
page read and write
B24000
heap
page read and write
7D22000
heap
page read and write
1D1AB000
heap
page read and write
B24000
heap
page read and write
53C0000
direct allocation
page read and write
BB7000
unkown
page execute and write copy
523D000
stack
page read and write
23220000
trusted library allocation
page read and write
89C000
stack
page read and write
105B000
heap
page read and write
4800000
direct allocation
page read and write
2DAF000
stack
page read and write
1D92E000
stack
page read and write
46F1000
heap
page read and write
1D1C1000
heap
page read and write
46F1000
heap
page read and write
36EE000
stack
page read and write
4E04000
heap
page read and write
B9F000
unkown
page execute and read and write
C43000
unkown
page execute and read and write
1D1DC000
heap
page read and write
4D7000
unkown
page execute and write copy
4CE1000
heap
page read and write
36AF000
stack
page read and write
4AE000
unkown
page execute and write copy
1073000
heap
page read and write
C17000
unkown
page execute and read and write
1404000
heap
page read and write
5E1E000
stack
page read and write
49A000
unkown
page execute and read and write
2D1E000
stack
page read and write
B6B000
unkown
page execute and write copy
45CF000
stack
page read and write
399000
unkown
page execute and read and write
1940000
heap
page read and write
D34000
heap
page read and write
551E000
stack
page read and write
3BFE000
stack
page read and write
4D40000
direct allocation
page read and write
46F1000
heap
page read and write
C12000
unkown
page execute and write copy
4D11000
heap
page read and write
B24000
heap
page read and write
46F1000
heap
page read and write
4D00000
direct allocation
page execute and read and write
1404000
heap
page read and write
394F000
stack
page read and write
4BD000
unkown
page execute and write copy
3C8000
unkown
page execute and write copy
31AF000
stack
page read and write
4D11000
heap
page read and write
B24000
heap
page read and write
11D1000
heap
page read and write
281000
unkown
page execute and write copy
4C6E000
stack
page read and write
6A80000
heap
page read and write
B24000
heap
page read and write
3E6E000
stack
page read and write
53D1000
heap
page read and write
1DBA0000
heap
page read and write
1404000
heap
page read and write
469F000
stack
page read and write
4CC0000
direct allocation
page execute and read and write
59C0000
direct allocation
page execute and read and write
61ED0000
direct allocation
page read and write
6B4000
heap
page read and write
7E4000
heap
page read and write
46F1000
heap
page read and write
4A5000
unkown
page execute and write copy
D25000
heap
page read and write
52F0000
direct allocation
page execute and read and write
3FEE000
stack
page read and write
3A9000
unkown
page execute and write copy
BE0000
unkown
page execute and read and write
3AAE000
stack
page read and write
46F1000
heap
page read and write
4590000
heap
page read and write
D34000
heap
page read and write
1404000
heap
page read and write
19A4000
heap
page read and write
53D1000
heap
page read and write
2BDE000
stack
page read and write
4BD000
unkown
page execute and read and write
15FE000
stack
page read and write
121B000
heap
page read and write
4CE1000
heap
page read and write
4CE1000
heap
page read and write
53C0000
direct allocation
page read and write
37CF000
stack
page read and write
2BA0000
heap
page read and write
4A5000
unkown
page execute and write copy
40CE000
stack
page read and write
2F90000
heap
page read and write
31CE000
stack
page read and write
4D11000
heap
page read and write
BB8000
unkown
page execute and read and write
4D11000
heap
page read and write
11CF000
heap
page read and write
19A4000
heap
page read and write
4D11000
heap
page read and write
19A4000
heap
page read and write
45A0000
direct allocation
page read and write
399000
unkown
page execute and read and write
1BA7000
heap
page read and write
A06000
unkown
page execute and write copy
B7C000
unkown
page execute and write copy
7B0000
direct allocation
page read and write
36E000
unkown
page execute and write copy
5291000
trusted library allocation
page read and write
B24000
heap
page read and write
290E000
stack
page read and write
1DD3D000
stack
page read and write
4CD1000
heap
page read and write
59F0000
direct allocation
page execute and read and write
331F000
stack
page read and write
3E8000
unkown
page execute and read and write
B24000
heap
page read and write
B25000
heap
page read and write
439000
unkown
page execute and write copy
4D11000
heap
page read and write
2CAF000
stack
page read and write
6CAC0000
unkown
page readonly
53D1000
heap
page read and write
1D46F000
stack
page read and write
306F000
stack
page read and write
4D11000
heap
page read and write
4D11000
heap
page read and write
4CC0000
trusted library allocation
page read and write
351F000
stack
page read and write
44A000
unkown
page execute and read and write
1D1D0000
heap
page read and write
13CE000
stack
page read and write
46F1000
heap
page read and write
C8E000
heap
page read and write
414000
unkown
page execute and write copy
46F1000
heap
page read and write
6B4000
heap
page read and write
7B0000
direct allocation
page read and write
BDC000
unkown
page execute and write copy
1D1DC000
heap
page read and write
6CB3D000
unkown
page readonly
2DCF000
stack
page read and write
1404000
heap
page read and write
4CE1000
heap
page read and write
D21000
heap
page read and write
4A9E000
stack
page read and write
1D1B5000
heap
page read and write
397000
unkown
page execute and write copy
7B0000
direct allocation
page read and write
4EAB000
trusted library allocation
page execute and read and write
3E4F000
stack
page read and write
3CEF000
stack
page read and write
4340000
heap
page read and write
7E4000
heap
page read and write
508000
unkown
page execute and read and write
6122000
trusted library allocation
page read and write
1F2000
unkown
page execute and read and write
B9F000
unkown
page execute and read and write
4D11000
heap
page read and write
362F000
stack
page read and write
19A4000
heap
page read and write
44AE000
stack
page read and write
3FCE000
stack
page read and write
501E000
stack
page read and write
4BC0000
direct allocation
page execute and read and write
D21000
heap
page read and write
3A8E000
stack
page read and write
4CE1000
heap
page read and write
B24000
heap
page read and write
1D1CF000
stack
page read and write
D34000
heap
page read and write
304F000
stack
page read and write
4BF3000
heap
page read and write
42EE000
stack
page read and write
BCC000
unkown
page execute and write copy
5360000
direct allocation
page execute and read and write
4CC0000
direct allocation
page read and write
2EB000
unkown
page execute and read and write
1DB8F000
stack
page read and write
269F000
stack
page read and write
5A00000
direct allocation
page execute and read and write
3E4E000
stack
page read and write
900000
heap
page read and write
53D1000
heap
page read and write
2A2D0000
heap
page read and write
B24000
heap
page read and write
D62000
heap
page read and write
4960000
direct allocation
page execute and read and write
1D1AB000
heap
page read and write
392F000
stack
page read and write
19A4000
heap
page read and write
CA8000
unkown
page execute and read and write
D34000
heap
page read and write
6292000
trusted library allocation
page read and write
940000
heap
page read and write
53E000
stack
page read and write
23320000
trusted library allocation
page read and write
19A4000
heap
page read and write
309F000
stack
page read and write
476E000
stack
page read and write
7BB000
stack
page read and write
1D1DC000
heap
page read and write
19A4000
heap
page read and write
4CF0000
direct allocation
page execute and read and write
B24000
heap
page read and write
491F000
stack
page read and write
4CE1000
heap
page read and write
2368E000
heap
page read and write
2F1B000
stack
page read and write
2460000
direct allocation
page read and write
4CE1000
heap
page read and write
1D1B9000
heap
page read and write
3E1E000
stack
page read and write
3B2F000
stack
page read and write
BB7000
unkown
page execute and write copy
4CE1000
heap
page read and write
207000
unkown
page execute and write copy
19A4000
heap
page read and write
38C000
unkown
page execute and write copy
38C000
unkown
page execute and write copy
5EC6000
heap
page read and write
4DF000
unkown
page execute and write copy
358E000
stack
page read and write
1D1C0000
heap
page read and write
1B8C000
heap
page read and write
4D11000
heap
page read and write
166C000
heap
page read and write
B24000
heap
page read and write
432F000
stack
page read and write
4D11000
heap
page read and write
3E6F000
stack
page read and write
2F3F000
stack
page read and write
BEE000
unkown
page execute and write copy
502E000
stack
page read and write
19A4000
heap
page read and write
6383000
heap
page read and write
46F1000
heap
page read and write
4D11000
heap
page read and write
1404000
heap
page read and write
4CE1000
heap
page read and write
6264000
trusted library allocation
page read and write
405000
unkown
page execute and write copy
46F1000
heap
page read and write
1D1B9000
heap
page read and write
970000
heap
page read and write
28CF000
stack
page read and write
1D3E000
stack
page read and write
3A8F000
stack
page read and write
D30000
heap
page read and write
4360000
direct allocation
page read and write
53F0000
heap
page read and write
115C000
unkown
page execute and read and write
3A2000
unkown
page execute and read and write
2F60000
direct allocation
page read and write
4E20000
direct allocation
page read and write
B24000
heap
page read and write
357F000
stack
page read and write
1CC5D000
stack
page read and write
B9C000
unkown
page execute and write copy
4BF1000
heap
page read and write
4980000
direct allocation
page execute and read and write
1D1C1000
heap
page read and write
19A4000
heap
page read and write
52CF000
stack
page read and write
3BAF000
stack
page read and write
4D20000
heap
page read and write
1D1DC000
heap
page read and write
335E000
stack
page read and write
49A0000
direct allocation
page execute and read and write
967000
heap
page read and write
5300000
direct allocation
page execute and read and write
74E000
heap
page read and write
B24000
heap
page read and write
430F000
stack
page read and write
46EE000
stack
page read and write
423E000
stack
page read and write
4AF1000
heap
page read and write
4360000
direct allocation
page read and write
6CD3E000
unkown
page read and write
19A4000
heap
page read and write
51C000
unkown
page execute and write copy
A06000
unkown
page execute and write copy
CFA000
heap
page read and write
4A00000
direct allocation
page execute and read and write
4CE1000
heap
page read and write
4BE0000
direct allocation
page read and write
4D0E000
stack
page read and write
3AAE000
stack
page read and write
383E000
stack
page read and write
B24000
heap
page read and write
53D1000
heap
page read and write
4E73000
trusted library allocation
page execute and read and write
47F0000
trusted library allocation
page read and write
46F1000
heap
page read and write
CAA000
unkown
page execute and write copy
397000
unkown
page execute and write copy
6980000
heap
page read and write
4D11000
heap
page read and write
DF0000
heap
page read and write
3A7F000
stack
page read and write
3F5E000
stack
page read and write
190000
unkown
page read and write
37AF000
stack
page read and write
30AE000
stack
page read and write
307F000
stack
page read and write
4360000
direct allocation
page read and write
12E4000
unkown
page execute and read and write
59B0000
direct allocation
page execute and read and write
4BF0000
heap
page read and write
36E000
unkown
page execute and write copy
4AF1000
heap
page read and write
46F1000
heap
page read and write
52C0000
direct allocation
page execute and read and write
2B7F000
stack
page read and write
45A0000
direct allocation
page read and write
B24000
heap
page read and write
1FB000
unkown
page execute and read and write
3E4E000
stack
page read and write
3C0E000
stack
page read and write
3F1F000
stack
page read and write
4DD0000
trusted library allocation
page read and write
1D1BC000
heap
page read and write
1F2000
unkown
page execute and read and write
1D1DC000
heap
page read and write
3DAF000
stack
page read and write
BF6000
unkown
page execute and write copy
54DB000
stack
page read and write
B24000
heap
page read and write
4F1E000
stack
page read and write
1190000
heap
page read and write
390F000
stack
page read and write
411E000
stack
page read and write
6B4000
heap
page read and write
B55000
unkown
page execute and read and write
392F000
stack
page read and write
596000
heap
page read and write
F11000
unkown
page execute and write copy
4BE0000
direct allocation
page read and write
36BF000
stack
page read and write
6B4000
heap
page read and write
3E9E000
stack
page read and write
167E000
heap
page read and write
7E4000
heap
page read and write
46F1000
heap
page read and write
F9C000
unkown
page execute and write copy
BF5000
unkown
page execute and read and write
BDA000
heap
page read and write
19A4000
heap
page read and write
BB8000
unkown
page execute and read and write
46F1000
heap
page read and write
3A6F000
stack
page read and write
46F1000
heap
page read and write
B7C000
unkown
page execute and write copy
504000
unkown
page execute and write copy
40A000
unkown
page execute and read and write
5320000
direct allocation
page execute and read and write
4D10000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
4CE1000
heap
page read and write
4A6000
unkown
page execute and read and write
4D11000
heap
page read and write
23220000
heap
page read and write
420E000
stack
page read and write
4A10000
direct allocation
page execute and read and write
4D11000
heap
page read and write
4CE1000
heap
page read and write
1148000
unkown
page execute and read and write
2BC7000
heap
page read and write
1D30F000
stack
page read and write
3F6E000
stack
page read and write
117E000
stack
page read and write
BE0000
unkown
page execute and read and write
BDC000
unkown
page execute and write copy
38AF000
stack
page read and write
38C000
unkown
page execute and write copy
358F000
stack
page read and write
4D40000
direct allocation
page read and write
DEE000
stack
page read and write
4D11000
heap
page read and write
11D0000
direct allocation
page read and write
334E000
stack
page read and write
1D1C1000
heap
page read and write
32CF000
stack
page read and write
45C1000
heap
page read and write
3A1F000
stack
page read and write
4C00000
direct allocation
page execute and read and write
4CE1000
heap
page read and write
53C0000
direct allocation
page read and write
19A4000
heap
page read and write
41DE000
stack
page read and write
420E000
stack
page read and write
3BD000
unkown
page execute and read and write
3D5E000
stack
page read and write
B24000
heap
page read and write
8A1000
heap
page read and write
B90000
heap
page read and write
345F000
stack
page read and write
1616000
heap
page read and write
5020000
trusted library allocation
page execute and read and write
590000
heap
page read and write
3C6F000
stack
page read and write
3EAE000
stack
page read and write
B7F000
unkown
page execute and read and write
9FA000
unkown
page execute and read and write
368F000
stack
page read and write
1404000
heap
page read and write
3BCE000
stack
page read and write
395F000
stack
page read and write
7E4000
heap
page read and write
BA2000
unkown
page execute and read and write
32DE000
stack
page read and write
61ECD000
direct allocation
page readonly
4360000
direct allocation
page read and write
1D1C1000
heap
page read and write
1CD5F000
stack
page read and write
3BCF000
stack
page read and write
C20000
unkown
page execute and write copy
267F000
stack
page read and write
B24000
heap
page read and write
36CF000
stack
page read and write
4D11000
heap
page read and write
349E000
stack
page read and write
1D20E000
stack
page read and write
9F0000
unkown
page readonly
B25000
heap
page read and write
B24000
heap
page read and write
46F1000
heap
page read and write
45A0000
direct allocation
page read and write
AA0000
unkown
page read and write
113E000
stack
page read and write
E7E000
stack
page read and write
1970000
heap
page read and write
D09000
heap
page read and write
19A4000
heap
page read and write
4BE0000
direct allocation
page read and write
19A4000
heap
page read and write
8FD000
stack
page read and write
46F1000
heap
page read and write
6B4000
heap
page read and write
113E000
stack
page read and write
4D11000
heap
page read and write
45E000
unkown
page execute and write copy
7E4000
heap
page read and write
49B0000
direct allocation
page execute and read and write
2F97000
heap
page read and write
3BDF000
stack
page read and write
7B0000
direct allocation
page read and write
1D19B000
heap
page read and write
D4C000
heap
page read and write
4CE1000
heap
page read and write
3A5E000
stack
page read and write
4CE5000
heap
page read and write
341E000
stack
page read and write
4CC0000
direct allocation
page read and write
9F2000
unkown
page execute and read and write
356F000
stack
page read and write
88F000
heap
page read and write
BCB000
unkown
page execute and read and write
B9E000
unkown
page execute and write copy
596000
unkown
page execute and read and write
1F2000
unkown
page execute and write copy
D34000
heap
page read and write
19A4000
heap
page read and write
19A4000
heap
page read and write
3F9F000
stack
page read and write
102B000
heap
page read and write
1D12C000
stack
page read and write
7E4000
heap
page read and write
15DE000
heap
page read and write
3100000
heap
page read and write
4DE0000
trusted library allocation
page read and write
190000
unkown
page read and write
B24000
heap
page read and write
123E000
heap
page read and write
624E000
stack
page read and write
BCD000
unkown
page execute and read and write
46F1000
heap
page read and write
454000
unkown
page execute and read and write
BB8000
unkown
page execute and read and write
1D1C1000
heap
page read and write
1FB000
unkown
page execute and write copy
46F1000
heap
page read and write
453000
unkown
page execute and write copy
B24000
heap
page read and write
46F1000
heap
page read and write
4BD000
unkown
page execute and read and write
6B4000
heap
page read and write
2F0F000
stack
page read and write
5EC0000
heap
page read and write
B24000
heap
page read and write
809F000
stack
page read and write
30CF000
stack
page read and write
C43000
unkown
page execute and read and write
5370000
direct allocation
page execute and read and write
1F2000
unkown
page execute and write copy
4A7E000
stack
page read and write
B24000
heap
page read and write
4BF1000
heap
page read and write
498000
unkown
page execute and write copy
2460000
direct allocation
page read and write
1C9DE000
stack
page read and write
477000
unkown
page execute and read and write
366E000
stack
page read and write
B24000
heap
page read and write
53D1000
heap
page read and write
402F000
stack
page read and write
ACE000
heap
page read and write
2F7E000
stack
page read and write
5040000
trusted library allocation
page read and write
45EE000
stack
page read and write
B24000
heap
page read and write
456E000
stack
page read and write
2F60000
direct allocation
page read and write
344E000
stack
page read and write
15A0000
direct allocation
page read and write
B24000
heap
page read and write
38C000
unkown
page execute and read and write
4E7F000
stack
page read and write
474E000
stack
page read and write
B24000
heap
page read and write
4CE1000
heap
page read and write
4E70000
direct allocation
page execute and read and write
1D1B9000
heap
page read and write
2B8F000
stack
page read and write
61E00000
direct allocation
page execute and read and write
119E000
heap
page read and write
19A0000
heap
page read and write
4A6000
unkown
page execute and read and write
1D4BD000
stack
page read and write
53C0000
direct allocation
page read and write
999000
stack
page read and write
52DE000
stack
page read and write
1D1B7000
heap
page read and write
381F000
stack
page read and write
4700000
heap
page read and write
2DCF000
stack
page read and write
4D11000
heap
page read and write
1F2000
unkown
page execute and write copy
3AA000
unkown
page execute and read and write
2CFE000
stack
page read and write
1D1B3000
heap
page read and write
12E4000
unkown
page execute and read and write
332E000
stack
page read and write
1D1C1000
heap
page read and write
CA8000
unkown
page execute and write copy
597000
unkown
page execute and write copy
52AE000
stack
page read and write
4D11000
heap
page read and write
4CE1000
heap
page read and write
1D5BD000
stack
page read and write
438E000
stack
page read and write
45A0000
direct allocation
page read and write
2CEF000
stack
page read and write
6124000
trusted library allocation
page read and write
1D7AF000
stack
page read and write
59E0000
direct allocation
page execute and read and write
2E0E000
stack
page read and write
2460000
direct allocation
page read and write
74B000
heap
page read and write
2460000
direct allocation
page read and write
1FB000
unkown
page execute and write copy
4EEE000
stack
page read and write
46F1000
heap
page read and write
69C000
stack
page read and write
6981000
heap
page read and write
B24000
heap
page read and write
610E000
stack
page read and write
495E000
stack
page read and write
19A4000
heap
page read and write
4CE1000
heap
page read and write
1B40000
heap
page read and write
53E0000
heap
page read and write
35AE000
stack
page read and write
D34000
heap
page read and write
4E20000
direct allocation
page read and write
448E000
stack
page read and write
49F0000
direct allocation
page execute and read and write
444F000
stack
page read and write
150E000
stack
page read and write
5220000
trusted library allocation
page read and write
4960000
direct allocation
page execute and read and write
7E4000
heap
page read and write
235E0000
trusted library allocation
page read and write
4FB0000
direct allocation
page execute and read and write
41AE000
stack
page read and write
1D1DC000
heap
page read and write
4BE000
unkown
page execute and write copy
B24000
heap
page read and write
4A6000
unkown
page execute and read and write
39AF000
stack
page read and write
D36000
heap
page read and write
3A6F000
stack
page read and write
45A0000
direct allocation
page read and write
AC0000
heap
page read and write
1CEED000
stack
page read and write
8359000
heap
page read and write
C17000
unkown
page execute and read and write
2F5E000
stack
page read and write
B24000
heap
page read and write
9CB000
heap
page read and write
15A0000
direct allocation
page read and write
1D1B9000
heap
page read and write
4D8000
unkown
page execute and read and write
D4C000
heap
page read and write
6B4000
heap
page read and write
15F5000
heap
page read and write
382E000
stack
page read and write
C22000
unkown
page execute and read and write
501F000
stack
page read and write
4D11000
heap
page read and write
439000
unkown
page execute and write copy
1D1A7000
heap
page read and write
430F000
stack
page read and write
1259000
heap
page read and write
7E4000
heap
page read and write
2BBE000
stack
page read and write
19A4000
heap
page read and write
C42000
unkown
page execute and write copy
15FC000
stack
page read and write
3D4E000
stack
page read and write
452F000
stack
page read and write
EEC000
stack
page read and write
6B4000
heap
page read and write
36B000
unkown
page execute and read and write
4BF1000
heap
page read and write
2DEF000
stack
page read and write
98E000
stack
page read and write
2E2E000
stack
page read and write
4D10000
trusted library allocation
page execute and read and write
4CE1000
heap
page read and write
1D1B3000
heap
page read and write
1DBFD000
stack
page read and write
588000
unkown
page execute and write copy
4D23000
trusted library allocation
page execute and read and write
31AF000
stack
page read and write
C91000
unkown
page execute and write copy
19A4000
heap
page read and write
BCD000
unkown
page execute and read and write
C99000
unkown
page execute and write copy
36E000
unkown
page execute and write copy
2460000
direct allocation
page read and write
2F5F000
stack
page read and write
2BA7000
heap
page read and write
19A4000
heap
page read and write
BCB000
unkown
page execute and read and write
46F1000
heap
page read and write
1D1C1000
heap
page read and write
CAA000
unkown
page execute and write copy
C15000
unkown
page execute and write copy
D25000
heap
page read and write
19A4000
heap
page read and write
32EF000
stack
page read and write
1D1C1000
heap
page read and write
1D1BB000
heap
page read and write
2B90000
direct allocation
page read and write
AA1000
unkown
page execute and write copy
D34000
heap
page read and write
9F6000
unkown
page write copy
37AE000
stack
page read and write
11E0000
heap
page read and write
448E000
stack
page read and write
6B4000
heap
page read and write
4360000
direct allocation
page read and write
9C0000
heap
page read and write
11D0000
direct allocation
page read and write
B24000
heap
page read and write
4CE1000
heap
page read and write
49C0000
direct allocation
page execute and read and write
365E000
stack
page read and write
4D11000
heap
page read and write
4E80000
trusted library allocation
page read and write
4A20000
direct allocation
page execute and read and write
2F60000
direct allocation
page read and write
512000
unkown
page execute and read and write
2460000
direct allocation
page read and write
53D1000
heap
page read and write
346E000
stack
page read and write
1CB1E000
stack
page read and write
46F1000
heap
page read and write
38C000
unkown
page execute and write copy
394E000
stack
page read and write
7E4000
heap
page read and write
1404000
heap
page read and write
53D1000
heap
page read and write
4A5F000
stack
page read and write
4CAB000
trusted library allocation
page execute and read and write
3B8F000
stack
page read and write
BEE000
unkown
page execute and write copy
B24000
heap
page read and write
2460000
direct allocation
page read and write
4CE1000
heap
page read and write
D49000
heap
page read and write
15F8000
heap
page read and write
46F1000
heap
page read and write
4360000
direct allocation
page read and write
C14000
unkown
page execute and read and write
4BF1000
heap
page read and write
C10000
heap
page read and write
4DD0000
heap
page read and write
1D1B7000
heap
page read and write
A3C000
stack
page read and write
4D11000
heap
page read and write
498000
unkown
page execute and write copy
422000
unkown
page execute and read and write
42F000
unkown
page execute and read and write
5120000
heap
page read and write
302E000
stack
page read and write
4980000
direct allocation
page execute and read and write
2CDF000
stack
page read and write
6CD3F000
unkown
page write copy
4B9F000
stack
page read and write
CAA000
unkown
page execute and write copy
19A4000
heap
page read and write
4BD000
unkown
page execute and read and write
37FF000
stack
page read and write
355E000
stack
page read and write
4CE1000
heap
page read and write
1D1AB000
heap
page read and write
B24000
heap
page read and write
544000
unkown
page execute and read and write
166C000
heap
page read and write
1D02E000
stack
page read and write
27DF000
stack
page read and write
15A0000
direct allocation
page read and write
330E000
stack
page read and write
6990000
heap
page read and write
1404000
heap
page read and write
C21000
heap
page read and write
B24000
heap
page read and write
4A5000
unkown
page execute and write copy
53C0000
direct allocation
page read and write
C23000
unkown
page execute and write copy
4BF1000
heap
page read and write
446F000
stack
page read and write
369E000
stack
page read and write
3A4F000
stack
page read and write
3C8000
unkown
page execute and write copy
E74000
unkown
page execute and read and write
2F60000
direct allocation
page read and write
2F60000
direct allocation
page read and write
4BAB000
stack
page read and write
40CE000
stack
page read and write
3A2000
unkown
page execute and read and write
738D000
stack
page read and write
47C000
unkown
page execute and read and write
348E000
stack
page read and write
D01000
heap
page read and write
333E000
stack
page read and write
472E000
stack
page read and write
4AF1000
heap
page read and write
4CC0000
direct allocation
page read and write
B24000
heap
page read and write
496F000
stack
page read and write
45A0000
direct allocation
page read and write
3B6E000
stack
page read and write
4CE1000
heap
page read and write
B24000
heap
page read and write
C22000
unkown
page execute and read and write
B24000
heap
page read and write
319F000
stack
page read and write
397000
unkown
page execute and write copy
32AE000
stack
page read and write
B24000
heap
page read and write
4BD000
unkown
page execute and write copy
7B0000
direct allocation
page read and write
2CCE000
stack
page read and write
4D11000
heap
page read and write
49E0000
direct allocation
page execute and read and write
34EF000
stack
page read and write
19A4000
heap
page read and write
1F9000
unkown
page write copy
40A000
unkown
page execute and read and write
1F9000
unkown
page write copy
D63000
heap
page read and write
41CF000
stack
page read and write
2E5E000
stack
page read and write
45CE000
stack
page read and write
52E0000
direct allocation
page execute and read and write
59E000
unkown
page execute and write copy
2E2000
unkown
page execute and write copy
45A0000
direct allocation
page read and write
4AE000
unkown
page execute and write copy
2EAF000
stack
page read and write
19A4000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
1D36E000
stack
page read and write
3A4F000
stack
page read and write
2A0F000
stack
page read and write
3C8000
unkown
page execute and write copy
2F7000
unkown
page execute and write copy
2CCF000
stack
page read and write
446F000
stack
page read and write
3D3E000
stack
page read and write
B7F000
unkown
page execute and read and write
B24000
heap
page read and write
4AEE000
stack
page read and write
191000
unkown
page execute and write copy
4FAE000
stack
page read and write
BFC000
unkown
page execute and read and write
6B4000
heap
page read and write
4990000
direct allocation
page execute and read and write
371E000
stack
page read and write
4AE000
unkown
page execute and write copy
380E000
stack
page read and write
4BF0000
trusted library allocation
page read and write
1F9000
unkown
page write copy
4BC0000
heap
page read and write
19A4000
heap
page read and write
245E000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
4360000
direct allocation
page read and write
4BDE000
stack
page read and write
B24000
heap
page read and write
5896000
direct allocation
page read and write
35DE000
stack
page read and write
23680000
heap
page read and write
4CE1000
heap
page read and write
4A8F000
stack
page read and write
4980000
direct allocation
page execute and read and write
4CE1000
heap
page read and write
43C000
stack
page read and write
BE0000
unkown
page execute and read and write
BA2000
unkown
page execute and read and write
19A4000
heap
page read and write
3CDE000
stack
page read and write
D2E000
stack
page read and write
D34000
heap
page read and write
1D1A7000
heap
page read and write
320F000
stack
page read and write
3E2F000
stack
page read and write
46F1000
heap
page read and write
BCD000
unkown
page execute and read and write
B24000
heap
page read and write
154E000
stack
page read and write
368F000
stack
page read and write
15DE000
heap
page read and write
B24000
heap
page read and write
D25000
heap
page read and write
38EE000
stack
page read and write
BFD000
unkown
page execute and write copy
BD0000
heap
page read and write
1DA8E000
stack
page read and write
1404000
heap
page read and write
3E6E000
stack
page read and write
117E000
stack
page read and write
4FBB000
trusted library allocation
page execute and read and write
11D0000
direct allocation
page read and write
B24000
heap
page read and write
D4D000
heap
page read and write
4C2F000
stack
page read and write
11E3000
heap
page read and write
B88000
unkown
page execute and read and write
7E4000
heap
page read and write
390F000
stack
page read and write
4CE1000
heap
page read and write
19A4000
heap
page read and write
BA0000
unkown
page execute and write copy
46CF000
stack
page read and write
5020000
trusted library allocation
page read and write
6261000
trusted library allocation
page read and write
59E0000
direct allocation
page execute and read and write
281E000
stack
page read and write
19A4000
heap
page read and write
19A4000
heap
page read and write
4D11000
heap
page read and write
7B0000
direct allocation
page read and write
46F1000
heap
page read and write
C42000
unkown
page execute and write copy
384E000
stack
page read and write
C37000
heap
page read and write
930000
heap
page read and write
38C000
unkown
page execute and read and write
4E9A000
trusted library allocation
page execute and read and write
4BE000
unkown
page execute and write copy
11D0000
direct allocation
page read and write
160F000
heap
page read and write
4CE1000
heap
page read and write
1FB000
unkown
page execute and write copy
4970000
direct allocation
page execute and read and write
4CC0000
direct allocation
page read and write
3F6F000
stack
page read and write
B24000
heap
page read and write
4AC000
unkown
page execute and read and write
434E000
stack
page read and write
6FD000
stack
page read and write
B24000
heap
page read and write
844000
heap
page read and write
420F000
stack
page read and write
4CD1000
heap
page read and write
4CE1000
heap
page read and write
3C1E000
stack
page read and write
1D6FE000
stack
page read and write
C91000
unkown
page execute and write copy
2460000
direct allocation
page read and write
BF6000
unkown
page execute and write copy
990000
heap
page read and write
753E000
stack
page read and write
19A4000
heap
page read and write
B24000
heap
page read and write
280000
unkown
page read and write
935000
heap
page read and write
1D1B9000
heap
page read and write
1D1C1000
heap
page read and write
9FA000
unkown
page execute and read and write
6B4000
heap
page read and write
4D11000
heap
page read and write
158C000
stack
page read and write
D34000
heap
page read and write
B88000
unkown
page execute and read and write
4C73000
trusted library allocation
page execute and read and write
5B5D000
stack
page read and write
7D20000
heap
page read and write
46F1000
heap
page read and write
36DF000
stack
page read and write
6B4000
heap
page read and write
4B7F000
stack
page read and write
B24000
heap
page read and write
B6B000
unkown
page execute and write copy
1D08E000
stack
page read and write
455F000
stack
page read and write
434E000
stack
page read and write
2B90000
direct allocation
page read and write
829000
heap
page read and write
45AF000
stack
page read and write
2F4E000
stack
page read and write
36AB000
heap
page read and write
3F8E000
stack
page read and write
620F000
stack
page read and write
3107000
heap
page read and write
53D1000
heap
page read and write
B6C000
unkown
page execute and read and write
C20000
unkown
page execute and write copy
1404000
heap
page read and write
1404000
heap
page read and write
4360000
direct allocation
page read and write
1228000
heap
page read and write
42C000
unkown
page execute and write copy
1404000
heap
page read and write
4BD000
unkown
page execute and write copy
1D1B4000
heap
page read and write
9F0000
unkown
page readonly
4D7C000
stack
page read and write
B7B000
unkown
page execute and read and write
C58000
heap
page read and write
13FC000
unkown
page execute and read and write
4BF1000
heap
page read and write
19A4000
heap
page read and write
381000
unkown
page execute and read and write
53C0000
direct allocation
page read and write
5340000
direct allocation
page execute and read and write
B24000
heap
page read and write
43EF000
stack
page read and write
4CE1000
heap
page read and write
4D11000
heap
page read and write
4D11000
heap
page read and write
4EC0000
heap
page read and write
11D0000
direct allocation
page read and write
6CCFF000
unkown
page readonly
810000
heap
page read and write
6382000
heap
page read and write
52F0000
direct allocation
page execute and read and write
35DE000
stack
page read and write
C30000
unkown
page execute and read and write
13CD000
unkown
page execute and read and write
C91000
unkown
page execute and write copy
6B4000
heap
page read and write
45B0000
heap
page read and write
470E000
stack
page read and write
53C0000
direct allocation
page read and write
3CCF000
stack
page read and write
A90000
heap
page read and write
4D11000
heap
page read and write
4A5000
unkown
page execute and write copy
140B000
unkown
page execute and read and write
7B0000
direct allocation
page read and write
1404000
heap
page read and write
BDC000
unkown
page execute and write copy
380E000
stack
page read and write
3E0F000
stack
page read and write
8368000
heap
page read and write
36CE000
stack
page read and write
C99000
unkown
page execute and write copy
9FA000
unkown
page execute and write copy
1D1D7000
heap
page read and write
BFD000
unkown
page execute and write copy
4A5000
unkown
page execute and write copy
1404000
heap
page read and write
19A4000
heap
page read and write
405000
unkown
page execute and write copy
49F0000
trusted library allocation
page read and write
832C000
stack
page read and write
1404000
heap
page read and write
2460000
direct allocation
page read and write
19A4000
heap
page read and write
46F1000
heap
page read and write
B24000
unkown
page execute and read and write
4BE0000
direct allocation
page read and write
394E000
stack
page read and write
19A4000
heap
page read and write
53D1000
heap
page read and write
9F6000
unkown
page write copy
53D1000
heap
page read and write
4800000
direct allocation
page read and write
B24000
heap
page read and write
45A0000
direct allocation
page read and write
458F000
stack
page read and write
52A0000
direct allocation
page execute and read and write
7E4000
heap
page read and write
4CA0000
trusted library allocation
page read and write
35AE000
stack
page read and write
19A4000
heap
page read and write
1404000
heap
page read and write
4CE1000
heap
page read and write
4BF1000
heap
page read and write
53D1000
heap
page read and write
567000
unkown
page execute and read and write
49D0000
direct allocation
page execute and read and write
406E000
stack
page read and write
1404000
heap
page read and write
98E000
stack
page read and write
19A4000
heap
page read and write
CAA000
unkown
page execute and write copy
19A4000
heap
page read and write
4B90000
direct allocation
page execute and read and write
19A4000
heap
page read and write
3A2E000
stack
page read and write
53D1000
heap
page read and write
6B4000
heap
page read and write
4CE1000
heap
page read and write
18FE000
stack
page read and write
49D0000
direct allocation
page execute and read and write
31EE000
stack
page read and write
4CE1000
heap
page read and write
C99000
unkown
page execute and write copy
330F000
stack
page read and write
CDF000
heap
page read and write
5280000
heap
page execute and read and write
47C000
unkown
page execute and write copy
33DF000
stack
page read and write
19A4000
heap
page read and write
4CC0000
direct allocation
page read and write
19A4000
heap
page read and write
2EDE000
stack
page read and write
46F1000
heap
page read and write
1404000
heap
page read and write
4BF1000
heap
page read and write
C28000
unkown
page execute and write copy
491000
unkown
page execute and write copy
4D11000
heap
page read and write
B24000
heap
page read and write
4C10000
heap
page read and write
4CE1000
heap
page read and write
1D1C1000
heap
page read and write
1D1B3000
heap
page read and write
7F5C000
stack
page read and write
2335D000
stack
page read and write
23682000
heap
page read and write
422F000
stack
page read and write
4D40000
direct allocation
page read and write
5860000
direct allocation
page read and write
1D1DC000
heap
page read and write
332E000
stack
page read and write
340F000
stack
page read and write
1D1DC000
heap
page read and write
410E000
stack
page read and write
46F1000
heap
page read and write
4BD000
unkown
page execute and write copy
19A4000
heap
page read and write
3E7E000
stack
page read and write
2BC0000
heap
page read and write
53D1000
heap
page read and write
234DE000
stack
page read and write
2E9000
unkown
page write copy
4C74000
trusted library allocation
page read and write
6B4000
heap
page read and write
46F1000
heap
page read and write
1FB000
unkown
page execute and write copy
D62000
heap
page read and write
1020000
heap
page read and write
1404000
heap
page read and write
484E000
stack
page read and write
19A4000
heap
page read and write
4CE1000
heap
page read and write
B24000
heap
page read and write
4BA6000
direct allocation
page read and write
38AF000
stack
page read and write
B24000
heap
page read and write
1BB3000
heap
page read and write
1D1B3000
heap
page read and write
B88000
unkown
page execute and read and write
4C50000
direct allocation
page execute and read and write
4AE000
unkown
page execute and write copy
489000
unkown
page execute and read and write
C02000
unkown
page execute and read and write
5C0000
heap
page read and write
3F4F000
stack
page read and write
343F000
stack
page read and write
166F000
heap
page read and write
D39000
heap
page read and write
344F000
stack
page read and write
482F000
stack
page read and write
976000
heap
page read and write
B24000
heap
page read and write
6232000
heap
page read and write
53B0000
heap
page read and write
4E00000
heap
page read and write
747000
heap
page read and write
BFC000
unkown
page execute and read and write
46F1000
heap
page read and write
4CE1000
heap
page read and write
1DE3F000
stack
page read and write
1CC1F000
stack
page read and write
DEE000
stack
page read and write
BA2000
unkown
page execute and read and write
B24000
heap
page read and write
1D1AB000
heap
page read and write
C02000
unkown
page execute and read and write
52D0000
direct allocation
page execute and read and write
483E000
stack
page read and write
1404000
heap
page read and write
B24000
heap
page read and write
36EE000
stack
page read and write
4950000
direct allocation
page execute and read and write
330F000
stack
page read and write
4980000
direct allocation
page execute and read and write
4370000
heap
page read and write
4BD000
unkown
page execute and write copy
B86000
unkown
page execute and write copy
4D11000
heap
page read and write
7E4000
heap
page read and write
73E000
stack
page read and write
2460000
direct allocation
page read and write
6B4000
heap
page read and write
B24000
heap
page read and write
23674000
heap
page read and write
138D000
stack
page read and write
4C40000
direct allocation
page execute and read and write
23220000
trusted library allocation
page read and write
6370000
heap
page read and write
B86000
unkown
page execute and write copy
1FB000
unkown
page execute and read and write
6B4000
heap
page read and write
4D34000
trusted library allocation
page read and write
3EF000
unkown
page execute and write copy
4FD0000
trusted library allocation
page read and write
418000
unkown
page execute and read and write
53C0000
direct allocation
page read and write
15DE000
heap
page read and write
291F000
stack
page read and write
45B1000
heap
page read and write
4360000
direct allocation
page read and write
4CE1000
heap
page read and write
458F000
stack
page read and write
19A4000
heap
page read and write
493F000
stack
page read and write
C99000
unkown
page execute and write copy
162C000
heap
page read and write
59C000
unkown
page execute and read and write
B24000
heap
page read and write
4D11000
heap
page read and write
BF6000
unkown
page execute and write copy
4D11000
heap
page read and write
46F1000
heap
page read and write
529F000
stack
page read and write
B86000
unkown
page execute and write copy
1D1B7000
heap
page read and write
308E000
stack
page read and write
369E000
stack
page read and write
15A0000
direct allocation
page read and write
31FE000
stack
page read and write
5210000
trusted library allocation
page execute and read and write
2E9000
unkown
page write copy
4BE0000
direct allocation
page read and write
D47000
heap
page read and write
5050000
heap
page read and write
7E4000
heap
page read and write
436F000
stack
page read and write
486E000
stack
page read and write
815000
heap
page read and write
4990000
direct allocation
page execute and read and write
BCC000
unkown
page execute and write copy
3A9F000
stack
page read and write
B24000
heap
page read and write
477000
unkown
page execute and read and write
1404000
heap
page read and write
53D1000
heap
page read and write
1D1CC000
heap
page read and write
7E4000
heap
page read and write
4361000
heap
page read and write
C27000
unkown
page execute and read and write
140B000
unkown
page execute and write copy
1D1B7000
heap
page read and write
4980000
direct allocation
page execute and read and write
19A4000
heap
page read and write
B24000
heap
page read and write
6B4000
heap
page read and write
4CE1000
heap
page read and write
6385000
heap
page read and write
42C000
unkown
page execute and write copy
1B8A000
heap
page read and write
B24000
heap
page read and write
4D11000
heap
page read and write
19A4000
heap
page read and write
19A4000
heap
page read and write
1D1CC000
heap
page read and write
3F8F000
stack
page read and write
19A4000
heap
page read and write
2DEF000
stack
page read and write
46F1000
heap
page read and write
53D8000
heap
page read and write
B24000
heap
page read and write
391E000
stack
page read and write
280000
unkown
page readonly
5110000
heap
page execute and read and write
6B4000
heap
page read and write
448000
unkown
page execute and write copy
2E3E000
stack
page read and write
9F6000
unkown
page write copy
6B4000
heap
page read and write
207000
unkown
page execute and write copy
B24000
heap
page read and write
3D2000
unkown
page execute and read and write
1D1AB000
heap
page read and write
13F5000
unkown
page execute and read and write
3EF000
unkown
page execute and write copy
4A7000
unkown
page execute and write copy
B24000
heap
page read and write
318F000
stack
page read and write
27FE000
stack
page read and write
35CE000
stack
page read and write
4D11000
heap
page read and write
9F0000
unkown
page readonly
7E4000
heap
page read and write
EDE000
stack
page read and write
2A2D1000
heap
page read and write
498E000
stack
page read and write
41FF000
stack
page read and write
1D7EE000
stack
page read and write
B35000
stack
page read and write
4D11000
heap
page read and write
409E000
stack
page read and write
D3F000
heap
page read and write
49A0000
direct allocation
page execute and read and write
45EE000
stack
page read and write
46F1000
heap
page read and write
2EEE000
stack
page read and write
FA6000
unkown
page execute and read and write
26BE000
stack
page read and write
316E000
stack
page read and write
61ED4000
direct allocation
page readonly
19A4000
heap
page read and write
445E000
stack
page read and write
15B2000
unkown
page execute and write copy
D37000
heap
page read and write
53D1000
heap
page read and write
2B90000
direct allocation
page read and write
52B0000
direct allocation
page execute and read and write
442E000
stack
page read and write
BF5000
unkown
page execute and read and write
B24000
heap
page read and write
398E000
stack
page read and write
1D1B4000
heap
page read and write
ACA000
heap
page read and write
60E0000
heap
page read and write
50F000
unkown
page execute and write copy
19A4000
heap
page read and write
2F60000
direct allocation
page read and write
B9D000
unkown
page execute and read and write
CAA000
unkown
page execute and write copy
1D1DC000
heap
page read and write
2460000
direct allocation
page read and write
1D1BD000
heap
page read and write
1141000
unkown
page execute and read and write
6CB52000
unkown
page readonly
4D11000
heap
page read and write
11D0000
direct allocation
page read and write
3B5F000
stack
page read and write
B24000
heap
page read and write
B24000
heap
page read and write
3E8000
unkown
page execute and read and write
C22000
unkown
page execute and read and write
9BB000
heap
page read and write
3FAE000
stack
page read and write
19A4000
heap
page read and write
55C000
stack
page read and write
B24000
heap
page read and write
1D1CC000
heap
page read and write
1D1C1000
heap
page read and write
4BF1000
heap
page read and write
B24000
heap
page read and write
4980000
direct allocation
page execute and read and write
62B5000
trusted library allocation
page read and write
7B0000
direct allocation
page read and write
1D23D000
heap
page read and write
53AF000
stack
page read and write
2B90000
direct allocation
page read and write
40FE000
stack
page read and write
31DF000
stack
page read and write
7CA000
heap
page read and write
4C0E000
stack
page read and write
346E000
stack
page read and write
DBF000
stack
page read and write
30E0000
direct allocation
page read and write
1068000
heap
page read and write
1D1B6000
heap
page read and write
46F1000
heap
page read and write
B24000
heap
page read and write
4C80000
trusted library allocation
page read and write
3D1F000
stack
page read and write
74FE000
stack
page read and write
4E5E000
stack
page read and write
4BF1000
heap
page read and write
4BE0000
direct allocation
page read and write
5196000
direct allocation
page read and write
4CE1000
heap
page read and write
45A0000
direct allocation
page read and write
3A9000
unkown
page execute and write copy
36B000
unkown
page execute and read and write
1D190000
heap
page read and write
B69000
unkown
page execute and read and write
4A40000
direct allocation
page read and write
1ABE000
stack
page read and write
1404000
heap
page read and write
487000
unkown
page execute and write copy
9F0000
unkown
page read and write
33AF000
stack
page read and write
4D0F000
stack
page read and write
381000
unkown
page execute and read and write
2F60000
direct allocation
page read and write
444F000
stack
page read and write
6B4000
heap
page read and write
3B9E000
stack
page read and write
15A0000
direct allocation
page read and write
2687000
heap
page read and write
53D1000
heap
page read and write
232EE000
heap
page read and write
520D000
stack
page read and write
1616000
heap
page read and write
4CE1000
heap
page read and write
19A4000
heap
page read and write
9F6000
unkown
page write copy
53C0000
direct allocation
page read and write
1D1D7000
heap
page read and write
19A4000
heap
page read and write
399000
unkown
page execute and read and write
4D2D000
trusted library allocation
page execute and read and write
1D1BD000
heap
page read and write
B24000
heap
page read and write
EF0000
heap
page read and write
4AE000
unkown
page execute and write copy
459E000
stack
page read and write
46F0000
heap
page read and write
53D1000
heap
page read and write
160F000
heap
page read and write
6B4000
heap
page read and write
15A0000
direct allocation
page read and write
670000
heap
page read and write
190000
unkown
page readonly
19A4000
heap
page read and write
23261000
heap
page read and write
44EE000
stack
page read and write
1D1CD000
heap
page read and write
31BF000
stack
page read and write
46F1000
heap
page read and write
894000
heap
page read and write
8A7000
heap
page read and write
36CE000
stack
page read and write
1D1D7000
heap
page read and write
160F000
heap
page read and write
CD8000
unkown
page execute and read and write
C1F000
unkown
page execute and read and write
19A4000
heap
page read and write
15A0000
direct allocation
page read and write
4FEF000
stack
page read and write
2F60000
direct allocation
page read and write
58DE000
stack
page read and write
D34000
heap
page read and write
4CD0000
direct allocation
page execute and read and write
4CE1000
heap
page read and write
5380000
direct allocation
page execute and read and write
2F2F000
stack
page read and write
492000
unkown
page execute and read and write
88D000
heap
page read and write
61E01000
direct allocation
page execute read
53A000
unkown
page execute and read and write
46AE000
stack
page read and write
4CE1000
heap
page read and write
4AE000
unkown
page execute and write copy
9FA000
unkown
page execute and read and write
C1E000
unkown
page execute and write copy
13CD000
unkown
page execute and read and write
3DDF000
stack
page read and write
32FF000
stack
page read and write
53D1000
heap
page read and write
1D5FD000
stack
page read and write
1D1C1000
heap
page read and write
D34000
heap
page read and write
4D11000
heap
page read and write
6B4000
heap
page read and write
4CC0000
direct allocation
page read and write
162C000
heap
page read and write
1404000
heap
page read and write
B69000
unkown
page execute and read and write
7E4000
heap
page read and write
CDE000
heap
page read and write
B24000
heap
page read and write
C12000
unkown
page execute and write copy
1D19E000
heap
page read and write
519E000
stack
page read and write
B24000
heap
page read and write
4BE0000
direct allocation
page read and write
422E000
stack
page read and write
342F000
stack
page read and write
4CE1000
heap
page read and write
42F000
unkown
page execute and read and write
5150000
trusted library allocation
page read and write
19A4000
heap
page read and write
1FB000
unkown
page execute and write copy
7E0000
heap
page read and write
9FA000
unkown
page execute and write copy
533000
stack
page read and write
B24000
heap
page read and write
9F2000
unkown
page execute and write copy
7E4000
heap
page read and write
2F80000
direct allocation
page read and write
19A4000
heap
page read and write
2B7F000
stack
page read and write
3D2E000
stack
page read and write
11D0000
direct allocation
page read and write
46F1000
heap
page read and write
799000
stack
page read and write
1FB000
unkown
page execute and read and write
493F000
stack
page read and write
1D8EF000
stack
page read and write
48AE000
stack
page read and write
13FC000
unkown
page execute and read and write
4CD1000
heap
page read and write
19A4000
heap
page read and write
453000
unkown
page execute and write copy
6145000
trusted library allocation
page read and write
1CDAE000
stack
page read and write
3FAF000
stack
page read and write
304F000
stack
page read and write
10FF000
stack
page read and write
4AE000
unkown
page execute and write copy
41EF000
stack
page read and write
B24000
heap
page read and write
C07000
unkown
page execute and read and write
414000
unkown
page execute and write copy
1590000
heap
page read and write
15A0000
direct allocation
page read and write
4C20000
trusted library allocation
page read and write
7B0000
direct allocation
page read and write
B24000
heap
page read and write
D34000
heap
page read and write
2BEF000
stack
page read and write
52D0000
direct allocation
page execute and read and write
7E4000
heap
page read and write
4C20000
direct allocation
page execute and read and write
414000
unkown
page execute and write copy
40EE000
stack
page read and write
1DA2F000
stack
page read and write
4D11000
heap
page read and write
480F000
stack
page read and write
4BE0000
direct allocation
page execute and read and write
36A7000
heap
page read and write
1D1B1000
heap
page read and write
405000
unkown
page execute and write copy
AA0000
unkown
page readonly
7E5B000
stack
page read and write
1D192000
heap
page read and write
1D1A7000
heap
page read and write
2BA0000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
3A1000
unkown
page execute and write copy
5330000
direct allocation
page execute and read and write
1FB000
unkown
page execute and write copy
A90000
direct allocation
page read and write
344E000
stack
page read and write
BBA000
unkown
page execute and write copy
B24000
heap
page read and write
33EE000
stack
page read and write
B9D000
unkown
page execute and read and write
910000
heap
page read and write
160F000
heap
page read and write
7E4000
heap
page read and write
4CE1000
heap
page read and write
422000
unkown
page execute and read and write
4AD000
unkown
page execute and read and write
4E10000
trusted library allocation
page read and write
424E000
stack
page read and write
6CD40000
unkown
page read and write
4CC0000
direct allocation
page read and write
4371000
heap
page read and write
47B0000
trusted library allocation
page read and write
4CE1000
heap
page read and write
CDA000
heap
page read and write
19A4000
heap
page read and write
6B4000
heap
page read and write
4CC0000
direct allocation
page read and write
2C8F000
stack
page read and write
4ACE000
stack
page read and write
41F000
unkown
page execute and write copy
2B6E000
stack
page read and write
D4C000
heap
page read and write
4AF1000
heap
page read and write
899000
stack
page read and write
53C0000
direct allocation
page read and write
3D0F000
stack
page read and write
320E000
stack
page read and write
2A4E000
stack
page read and write
4D11000
heap
page read and write
448E000
stack
page read and write
421F000
stack
page read and write
4CE1000
heap
page read and write
2A7E000
stack
page read and write
40BF000
stack
page read and write
CAA000
unkown
page execute and write copy
1D1DC000
heap
page read and write
4D11000
heap
page read and write
4D11000
heap
page read and write
1D1B7000
heap
page read and write
6B4000
heap
page read and write
354F000
stack
page read and write
4F0E000
stack
page read and write
4BF1000
heap
page read and write
4D11000
heap
page read and write
259E000
stack
page read and write
B24000
heap
page read and write
1CFED000
stack
page read and write
42AF000
stack
page read and write
B24000
heap
page read and write
3E0F000
stack
page read and write
1D1A7000
heap
page read and write
4CE1000
heap
page read and write
3FD000
unkown
page execute and read and write
9F2000
unkown
page execute and write copy
4BF1000
heap
page read and write
207000
unkown
page execute and write copy
B25000
heap
page read and write
4CE1000
heap
page read and write
498000
unkown
page execute and write copy
55C000
stack
page read and write
53D1000
heap
page read and write
15A0000
direct allocation
page read and write
4CD1000
heap
page read and write
162C000
heap
page read and write
41EF000
stack
page read and write
B24000
heap
page read and write
2CEE000
stack
page read and write
53D1000
heap
page read and write
2F9B000
heap
page read and write
1404000
heap
page read and write
5D1D000
stack
page read and write
53D1000
heap
page read and write
19A4000
heap
page read and write
19A4000
heap
page read and write
4D11000
heap
page read and write
49F0000
direct allocation
page execute and read and write
191000
unkown
page execute and write copy
6B4000
heap
page read and write
4D11000
heap
page read and write
B24000
heap
page read and write
23240000
heap
page read and write
9F6000
unkown
page write copy
4AF1000
heap
page read and write
1404000
heap
page read and write
1142000
unkown
page execute and write copy
590000
heap
page read and write
4CE1000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
4360000
direct allocation
page read and write
365F000
stack
page read and write
73FF000
stack
page read and write
4BE0000
direct allocation
page read and write
37DE000
stack
page read and write
B24000
heap
page read and write
B69000
unkown
page execute and read and write
6B4000
heap
page read and write
B7B000
unkown
page execute and read and write
1404000
heap
page read and write
1D1AA000
heap
page read and write
6CB4E000
unkown
page read and write
4C00000
heap
page read and write
1404000
heap
page read and write
49EE000
stack
page read and write
6B4000
heap
page read and write
27BF000
stack
page read and write
B24000
heap
page read and write
52F0000
direct allocation
page execute and read and write
B24000
heap
page read and write
3EF000
unkown
page execute and write copy
9F0000
unkown
page read and write
1616000
heap
page read and write
52F0000
direct allocation
page execute and read and write
B24000
heap
page read and write
1404000
heap
page read and write
42DF000
stack
page read and write
B24000
heap
page read and write
4CE1000
heap
page read and write
4371000
heap
page read and write
634F000
stack
page read and write
306F000
stack
page read and write
46F1000
heap
page read and write
F85000
unkown
page execute and read and write
C14000
unkown
page execute and read and write
B24000
heap
page read and write
4C70000
direct allocation
page execute and read and write
5350000
direct allocation
page execute and read and write
38C000
unkown
page execute and write copy
2345D000
stack
page read and write
37EF000
stack
page read and write
12EF000
stack
page read and write
4360000
direct allocation
page read and write
CEC000
unkown
page execute and read and write
1404000
heap
page read and write
31CF000
stack
page read and write
46F1000
heap
page read and write
498000
unkown
page execute and write copy
C27000
unkown
page execute and read and write
D34000
heap
page read and write
B70000
heap
page read and write
5390000
direct allocation
page execute and read and write
31EE000
stack
page read and write
BFC000
unkown
page execute and read and write
4CB0000
direct allocation
page execute and read and write
1D1DA000
heap
page read and write
DAE000
stack
page read and write
1404000
heap
page read and write
7E4000
heap
page read and write
B25000
heap
page read and write
DF0000
direct allocation
page read and write
2E1F000
stack
page read and write
BEE000
unkown
page execute and write copy
1BC7000
heap
page read and write
1CEAF000
stack
page read and write
40AE000
stack
page read and write
CA8000
unkown
page execute and read and write
32EF000
stack
page read and write
7E4000
heap
page read and write
1F2000
unkown
page execute and read and write
9F2000
unkown
page execute and read and write
11D0000
direct allocation
page read and write
52F0000
direct allocation
page execute and read and write
115C000
unkown
page execute and read and write
61EB7000
direct allocation
page readonly
121E000
heap
page read and write
53C0000
direct allocation
page read and write
B24000
heap
page read and write
17AF000
stack
page read and write
4D11000
heap
page read and write
462E000
stack
page read and write
53D1000
heap
page read and write
1616000
heap
page read and write
9F0000
unkown
page read and write
FA6000
unkown
page execute and read and write
309F000
stack
page read and write
124F000
stack
page read and write
595000
unkown
page execute and write copy
4CF0000
heap
page read and write
4D11000
heap
page read and write
D21000
heap
page read and write
30AE000
stack
page read and write
4BF1000
heap
page read and write
C14000
unkown
page execute and read and write
B24000
heap
page read and write
1D0CE000
stack
page read and write
4CE1000
heap
page read and write
416F000
stack
page read and write
4360000
heap
page read and write
4D11000
heap
page read and write
5121000
trusted library allocation
page read and write
19A4000
heap
page read and write
2477000
heap
page read and write
3A1000
unkown
page execute and write copy
448000
unkown
page execute and write copy
8350000
heap
page read and write
2ECF000
stack
page read and write
72F0000
heap
page execute and read and write
F8C000
unkown
page execute and read and write
B3E000
stack
page read and write
4BF1000
heap
page read and write
47B0000
trusted library allocation
page read and write
4CC0000
direct allocation
page read and write
AFA000
stack
page read and write
1D19E000
heap
page read and write
9FA000
unkown
page execute and write copy
D44000
heap
page read and write
45A0000
direct allocation
page read and write
4E2E000
stack
page read and write
D62000
heap
page read and write
1D2B5000
heap
page read and write
23686000
heap
page read and write
54D0000
trusted library allocation
page read and write
3D2000
unkown
page execute and read and write
49AF000
stack
page read and write
408F000
stack
page read and write
5A10000
direct allocation
page execute and read and write
B24000
heap
page read and write
5D0000
heap
page read and write
3A1000
unkown
page execute and write copy
46F1000
heap
page read and write
7E4000
heap
page read and write
4BA0000
direct allocation
page read and write
C12000
unkown
page execute and write copy
4B8000
unkown
page execute and write copy
4CD1000
heap
page read and write
D47000
heap
page read and write
93E000
stack
page read and write
370E000
stack
page read and write
4EA0000
trusted library allocation
page read and write
340F000
stack
page read and write
4BE0000
direct allocation
page read and write
1D1BC000
heap
page read and write
89A000
heap
page read and write
60CF000
stack
page read and write
15F5000
heap
page read and write
3AA000
unkown
page execute and read and write
F10000
unkown
page readonly
53D1000
heap
page read and write
4D30000
trusted library allocation
page read and write
4D24000
trusted library allocation
page read and write
4CD1000
heap
page read and write
3CFF000
stack
page read and write
19A4000
heap
page read and write
46F1000
heap
page read and write
6232000
heap
page read and write
46F1000
heap
page read and write
15B2000
unkown
page execute and write copy
59E000
unkown
page execute and write copy
19A4000
heap
page read and write
19A4000
heap
page read and write
2F60000
direct allocation
page read and write
53D1000
heap
page read and write
19A4000
heap
page read and write
7D24000
heap
page read and write
7A0000
heap
page read and write
A7E000
stack
page read and write
4800000
direct allocation
page read and write
3F2E000
stack
page read and write
441F000
stack
page read and write
140C000
unkown
page execute and write copy
4D11000
heap
page read and write
11EE000
heap
page read and write
53DC000
stack
page read and write
7E4000
heap
page read and write
4360000
direct allocation
page read and write
7B0000
direct allocation
page read and write
1D1C0000
heap
page read and write
B24000
heap
page read and write
4A00000
direct allocation
page execute and read and write
166F000
heap
page read and write
5310000
direct allocation
page execute and read and write
11D0000
direct allocation
page read and write
4CE1000
heap
page read and write
4CE1000
heap
page read and write
347E000
stack
page read and write
47A0000
heap
page read and write
B24000
heap
page read and write
460E000
stack
page read and write
1D1CC000
heap
page read and write
1D1D7000
heap
page read and write
59EE000
stack
page read and write
4CDF000
stack
page read and write
19A4000
heap
page read and write
15A0000
direct allocation
page read and write
11D0000
direct allocation
page read and write
4E9A000
trusted library allocation
page execute and read and write
40DF000
stack
page read and write
15B0000
heap
page read and write
3ADE000
stack
page read and write
DDE000
stack
page read and write
5250000
heap
page execute and read and write
191000
unkown
page execute and write copy
CA8000
unkown
page execute and write copy
4C70000
direct allocation
page execute and read and write
190000
unkown
page readonly
1D1DC000
heap
page read and write
4D11000
heap
page read and write
191000
unkown
page execute and write copy
4BE0000
direct allocation
page read and write
4C30000
direct allocation
page execute and read and write
1D1DC000
heap
page read and write
4CC0000
direct allocation
page read and write
FBF000
unkown
page execute and read and write
11D8000
heap
page read and write
439000
unkown
page execute and write copy
4A5000
unkown
page execute and write copy
46F1000
heap
page read and write
529000
unkown
page execute and write copy
28FF000
stack
page read and write
F10000
unkown
page read and write
19A4000
heap
page read and write
46F4000
heap
page read and write
BBA000
unkown
page execute and write copy
4CE1000
heap
page read and write
2680000
heap
page read and write
4C2000
unkown
page execute and read and write
4371000
heap
page read and write
BA0000
unkown
page execute and write copy
4FB0000
trusted library allocation
page read and write
46F1000
heap
page read and write
2B4F000
stack
page read and write
3DED000
stack
page read and write
2F9E000
stack
page read and write
4D11000
heap
page read and write
53D1000
heap
page read and write
15BB000
heap
page read and write
1404000
heap
page read and write
19A4000
heap
page read and write
C42000
unkown
page execute and write copy
30F0000
direct allocation
page execute and read and write
166F000
heap
page read and write
3A9000
unkown
page execute and write copy
19A4000
heap
page read and write
C23000
unkown
page execute and write copy
44CE000
stack
page read and write
2EB000
unkown
page execute and write copy
419F000
stack
page read and write
D34000
heap
page read and write
361B000
stack
page read and write
6B4000
heap
page read and write
4D11000
heap
page read and write
4361000
heap
page read and write
6B4000
heap
page read and write
166C000
heap
page read and write
4BC0000
direct allocation
page execute and read and write
46F1000
heap
page read and write
19A4000
heap
page read and write
13D0000
heap
page read and write
C8A000
heap
page read and write
4E74000
trusted library allocation
page read and write
5150000
heap
page read and write
1D1CC000
heap
page read and write
466F000
stack
page read and write
511F000
stack
page read and write
1404000
heap
page read and write
There are 2539 hidden memdumps, click here to show them.