Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
setup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Google
Chrome 130.0.6723.60, Subject: Google Chrome, Author: Google LLC, Keywords: Installer, Template: Intel;1033, Revision Number:
{5C3C448E-5CCA-4F0C-AABA-07ED4F66DF03}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44
2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3742718d-da2d-4890-8d16-34f348f62b4e.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3e161323-3575-4903-bf6f-ef5fbad1bae4.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\526e9769-3052-41f8-9e88-d9191d406e95.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7a0509b1-cb51-41b2-aad1-93b6a8650624.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\64cdaa62-35c8-4c90-a41c-2e90796e0647.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-671A3D9E-140.pma
|
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration:
offset 2251868533161984.000000, slope 21873483490579860946944.000000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\123cd9fe-951e-4455-88af-f2b083aa32f1.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2ef52090-b99d-4052-ab89-d32d45d3dd4d.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3e9e6395-190f-44cf-8f17-ecefb8391ac2.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\49017dc2-0fd0-4ce5-88f1-bf2b05ba866a.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6d4d40fb-7664-40d0-9997-f0f0d88dba0d.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\79c7b561-6798-4a51-a8d0-b85fff09416e.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8fa84243-f2b1-4888-8b1d-ed37c02a6f6d.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9a73bbc6-66a4-4879-8169-b358444e71da.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old~RF64151.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5,
schema 4, UTF-8, version-valid-for 5
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie
0x8, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\048eefc3-f16b-4617-ba5a-37eaadb40c9f.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\37dd7b55-80b1-4cbf-9779-3fbcf90e6cb9.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3b85e411-6767-4db9-ba52-7e5a080c7255.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7a3cfbbc-b037-4c31-9f93-1f5544042d2f.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\95a9ad14-90b7-4faa-bb53-5eb4cb956b50.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\95bb2ac2-5b86-4f21-b08e-63b020cb373b.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 8
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4a1ba.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF7cec7.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF39bb4.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ae33.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3b6af.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\abb8c802-0d88-425c-8f94-6e1435bed519.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b43e6eb6-63e6-451c-b5e5-cb7fe31c2565.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Pdf\pdfSQLite
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 3, cookie 0x1,
schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3d9c7.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41c1f.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4914f.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF58091.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3d458.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374246561513597
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\015c4dc4-7341-42ac-a572-da82f57966a6.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0ef2e99d-6abc-4828-813f-a8f42d30a2ec.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\366e8d08-9a78-45af-b3db-ef04ae4426bb.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\48a0b403-7eb7-43eb-bd14-54f85b65f50a.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network
Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports~RF3ae33.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports~RF3b6af.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch
Dictionaries (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust
Tokens
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ec2fa2a9-baca-4e0e-89b3-3943fdcd093f.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie
0x36, schema 4, UTF-8, version-valid-for 10
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
|
ASCII text, with very long lines (3951), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ccf4b8c1-cdf9-4a76-aa5b-561441a78d41.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\uu_host_config
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37dad.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF37dbc.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3801e.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a70f.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF49140.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ee06.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
|
raw G3 (Group 3) FAX, byte-padded
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ad19b218-0b2e-4c44-a3f6-464a6e20adb7.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b388103d-e57e-40fb-bc4b-b733bfe7313b.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fe9b9d49-3b6d-4f65-8915-d490f805bfdd.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\308aafb7-a696-4b88-80a0-322047a3cc15.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\478709a4-1259-4f7a-b01f-6394be9e4475.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\8aa39380-f615-4248-a7bb-1606e4b6653b.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files.cab
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 1708714 bytes, 1 file, at 0x2c +A "setup.exe", ID 40866, number 1,
20912 datablocks, 0x1503 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\af349e1bd38449778cfe9266be870cd2$dpx$.tmp\9f37ff0b24a06043980c7f30b5188b3b.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\msiwrapper.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cv_debug.log
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\d7f2b2b1-bed7-470e-9609-3297ad6ecf60.tmp
|
PNG image data, 204 x 264, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\df72ba37-bb6b-4ad2-8139-ffeafb47630c.tmp
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ec8fdd13-d01e-4125-b127-7dd8395b33d1.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\fa5501ef-37b3-447e-bd2a-ae6b79224479.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\af\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\am\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ar\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\az\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\be\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\bg\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\bn\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ca\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\cs\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\cy\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\da\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\de\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\el\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\en\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\en_CA\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\en_GB\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\en_US\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\es\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\es_419\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\et\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\eu\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\fa\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\fi\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\fil\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\fr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\fr_CA\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\gl\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\gu\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\hi\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\hr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\hu\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\hy\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\id\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\is\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\it\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\iw\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ja\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ka\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\kk\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\km\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\kn\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ko\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\lo\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\lt\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\lv\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ml\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\mn\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\mr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ms\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\my\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ne\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\nl\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\no\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\pa\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\pl\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\pt_BR\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\pt_PT\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ro\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ru\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\si\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\sk\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\sl\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\sr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\sv\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\sw\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ta\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\te\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\th\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\tr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\uk\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\ur\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\vi\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\zh_CN\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\zh_HK\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\zh_TW\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_locales\zu\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\dasherSettingSchema.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\manifest.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\offscreendocument.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\offscreendocument_main.js
|
ASCII text, with very long lines (3700)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\page_embed_script.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\CRX_INSTALL\service_worker_bin_prod.js
|
ASCII text, with very long lines (3705)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_1912556374\fa5501ef-37b3-447e-bd2a-ae6b79224479.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_343852549\8aa39380-f615-4248-a7bb-1606e4b6653b.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_343852549\CRX_INSTALL\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_343852549\CRX_INSTALL\content.js
|
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_343852549\CRX_INSTALL\content_new.js
|
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir320_343852549\CRX_INSTALL\manifest.json
|
JSON data
|
dropped
|
||
|
C:\Windows\Installer\4f9ae8.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Google
Chrome 130.0.6723.60, Subject: Google Chrome, Author: Google LLC, Keywords: Installer, Template: Intel;1033, Revision Number:
{5C3C448E-5CCA-4F0C-AABA-07ED4F66DF03}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44
2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI9BF1.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Windows\Installer\SourceHash{F9C6748C-CCEB-467C-97E9-5668D393FD5A}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF75A91C9C19FC4526.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF96D373F5D81D918F.TMP
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with very long lines (858), with CRLF, CR, LF line terminators, with overstriking
|
dropped
|
There are 254 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2040,i,15647764564756783945,3454586451567305123,262144
/prefetch:3
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144
/prefetch:3
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService
--lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144
/prefetch:8
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor
--lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7080 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144
/prefetch:8
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1
--ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7508 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144
/prefetch:6
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker
--lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7092 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144
/prefetch:8
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService
--lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7920 --field-trial-handle=2120,i,13858740654390659187,1202978810807818064,262144
/prefetch:8
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding F80F04059A34389A19F284A67FC6C1A0
|
||
|
C:\Windows\SysWOW64\icacls.exe
|
"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\." /SETINTEGRITYLEVEL
(CI)(OI)HIGH
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\expand.exe
|
"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c start msedge https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe
|
"C:\Users\user\AppData\Local\Temp\MW-9fd05191-5c82-4ede-9cfd-c9082c158bd2\files\setup.exe" /VERYSILENT /VERYSILENT
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://www.docusign.com/
|
unknown
|
||
|
https://drive-daily-2.corp.google.com/
|
unknown
|
||
|
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf
|
unknown
|
||
|
https://drive-autopush.corp.google.com/
|
unknown
|
||
|
https://drive-daily-4.corp.google.com/
|
unknown
|
||
|
https://unitedstates1.ss.wd.microsoft.us/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf/
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfq
|
unknown
|
||
|
https://drive-daily-1.corp.google.com/
|
unknown
|
||
|
https://drive-daily-5.corp.google.com/
|
unknown
|
||
|
https://docs.google.com/
|
unknown
|
||
|
https://www.docusign.com
|
unknown
|
||
|
https://bzib.nelreports.net/api/report?cat=bingbusiness
|
23.218.232.186
|
||
|
https://chrome.cloudflare-dns.com/dns-query
|
172.64.41.3
|
||
|
https://drive-staging.corp.google.com/
|
unknown
|
||
|
https://www.google.com/chrome
|
unknown
|
||
|
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfd
|
unknown
|
||
|
https://drive-daily-6.corp.google.com/
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://www.docusign.com/favicon.ico
|
unknown
|
||
|
https://drive-daily-0.corp.google.com/
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://chromewebstore.google.com/
|
unknown
|
||
|
https://drive-preprod.corp.google.com/
|
unknown
|
||
|
https://ygiqycocskiqysoa.xyz:443/api/client_hello
|
31.192.232.92
|
||
|
https://clients2.googleusercontent.com
|
unknown
|
||
|
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfC:
|
unknown
|
||
|
https://chrome.google.com/webstore/
|
unknown
|
||
|
https://unitedstates2.ss.wd.microsoft.us/
|
unknown
|
||
|
https://unitedstates4.ss.wd.microsoft.us/
|
unknown
|
||
|
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdf;g
|
unknown
|
||
|
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfindows
|
unknown
|
||
|
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx
|
142.251.116.132
|
||
|
https://www.docusign.com/sites/default/files/Signature_Appliance_Client_Guide_8.0.pdfyg
|
unknown
|
||
|
https://drive-daily-3.corp.google.com/
|
unknown
|
There are 30 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ygiqycocskiqysoa.xyz
|
31.192.232.92
|
|
|
|
ggeymcaisciikucq.xyz
|
unknown
|
|
|
|
oekcaayquakwwqwi.xyz
|
unknown
|
|
|
|
ieoswwckmeemewmy.xyz
|
unknown
|
|
|
|
ygeuymsgukmeweem.xyz
|
unknown
|
|
|
|
seqqwggqsemmyimy.xyz
|
unknown
|
|
|
|
kqsceuqymuaaosco.xyz
|
unknown
|
|
|
|
akmmuquowosgmiue.xyz
|
unknown
|
|
|
|
ygqioyewaiccqsqc.xyz
|
unknown
|
|
|
|
qoqaweeogkyaiswa.xyz
|
unknown
|
|
|
|
kecuqqqsemwamwsw.xyz
|
unknown
|
|
|
|
cscysgmyqwwaowci.xyz
|
unknown
|
|
|
|
qaakgeqyogueswum.xyz
|
unknown
|
|
|
|
eiekaqqkoeaqcgum.xyz
|
unknown
|
|
|
|
wcuasoysicymswkc.xyz
|
unknown
|
|
|
|
osyikikusucsyaqa.xyz
|
unknown
|
|
|
|
uckeiuwquaogckyk.xyz
|
unknown
|
|
|
|
uouaeyiicyseqqkw.xyz
|
unknown
|
|
|
|
ywasiycyekeagiwi.xyz
|
unknown
|
|
|
|
qcgkccgikkaekkae.xyz
|
unknown
|
|
|
|
kigkimcciaqseumg.xyz
|
unknown
|
|
|
|
gocsgmiasiwiaauq.xyz
|
unknown
|
|
|
|
iguawiaomooigmsk.xyz
|
unknown
|
|
|
|
gocemmguaiscecsc.xyz
|
unknown
|
|
|
|
ismiwomqqasuocaq.xyz
|
unknown
|
|
|
|
ggusoyqqicokiysm.xyz
|
unknown
|
|
|
|
awuokyeekkcyscye.xyz
|
unknown
|
|
|
|
sasieowggsmysyko.xyz
|
unknown
|
|
|
|
gamcokgkmqacouym.xyz
|
unknown
|
|
|
|
eesoasewgmeceeuq.xyz
|
unknown
|
|
|
|
eikciewqyqgacaug.xyz
|
unknown
|
|
|
|
aqsqmuskqokygayi.xyz
|
unknown
|
|
|
|
ysquawceumwmmeim.xyz
|
unknown
|
|
|
|
oswcgkiymwoeogsi.xyz
|
unknown
|
|
|
|
auookyqyokigeemw.xyz
|
unknown
|
|
|
|
iesmsqoaaoeoiuke.xyz
|
unknown
|
|
|
|
uouuacqaiqyoyioo.xyz
|
unknown
|
|
|
|
sukwukqascoqcmse.xyz
|
unknown
|
|
|
|
wsmyawqeqguacwas.xyz
|
unknown
|
|
|
|
aqwacqooyiwygyoc.xyz
|
unknown
|
|
|
|
sayaqiwyksykoyym.xyz
|
unknown
|
|
|
|
yyouqumykugegqeu.xyz
|
unknown
|
|
|
|
imsacesgwqycguoe.xyz
|
unknown
|
|
|
|
gceusqyeiukamwou.xyz
|
unknown
|
|
|
|
cyqoqgwsucyseqac.xyz
|
unknown
|
|
|
|
muweekgyssqoaeog.xyz
|
unknown
|
|
|
|
wcqgcyikokiakagc.xyz
|
unknown
|
|
|
|
cykgucwkesokooyw.xyz
|
unknown
|
|
|
|
wmyqoeegwkseemga.xyz
|
unknown
|
|
|
|
miegccyqsosukecs.xyz
|
unknown
|
|
|
|
kcugkqiiyawauowc.xyz
|
unknown
|
|
|
|
maeuwkkcgimmgcoq.xyz
|
unknown
|
|
|
|
wgssaogcsscmkswu.xyz
|
unknown
|
|
|
|
ucygwcsmoasukyuc.xyz
|
unknown
|
|
|
|
ggqiuaoaysmggioi.xyz
|
unknown
|
|
|
|
coyomsqoekmuseyq.xyz
|
unknown
|
|
|
|
queogacswqgooqmi.xyz
|
unknown
|
|
|
|
acksyoaeuccmoaic.xyz
|
unknown
|
|
|
|
qwowwoeuamyesawg.xyz
|
unknown
|
|
|
|
uwcuoomugqqkyogo.xyz
|
unknown
|
|
|
|
myesqeiamkcqwagq.xyz
|
unknown
|
|
|
|
sggqysiuwgcemgcq.xyz
|
unknown
|
|
|
|
ggwsywciiqwmwcuk.xyz
|
unknown
|
|
|
|
iqemqmegqycwqcyk.xyz
|
unknown
|
|
|
|
gccusuegqysiiuse.xyz
|
unknown
|
|
|
|
gmmacaiigwcscggs.xyz
|
unknown
|
|
|
|
oeccwomewsuiickw.xyz
|
unknown
|
|
|
|
mueuwcqsioowsmce.xyz
|
unknown
|
|
|
|
mmisquwegymayaee.xyz
|
unknown
|
|
|
|
qwsoiiyiugowugyq.xyz
|
unknown
|
|
|
|
ismkeauoisusogmu.xyz
|
unknown
|
|
|
|
ekmemiuwmgewmqmq.xyz
|
unknown
|
|
|
|
casgiagamkwmaiim.xyz
|
unknown
|
|
|
|
qcwaiaiqiwcakawa.xyz
|
unknown
|
|
|
|
wgiqkyyswqekogmk.xyz
|
unknown
|
|
|
|
kikosgmouyswygca.xyz
|
unknown
|
|
|
|
muwegkamikcmyiay.xyz
|
unknown
|
|
|
|
aiewakuswoecyiii.xyz
|
unknown
|
|
|
|
kkuuagakcmsweqci.xyz
|
unknown
|
|
|
|
uoqeyyoasyuqisks.xyz
|
unknown
|
|
|
|
iqegskoueamywuem.xyz
|
unknown
|
|
|
|
wageoquamwgauucu.xyz
|
unknown
|
|
|
|
eiuguewususawake.xyz
|
unknown
|
|
|
|
moeqagyeuwegeaqu.xyz
|
unknown
|
|
|
|
ossgmuswcekggagy.xyz
|
unknown
|
|
|
|
wieyiiycgiuqmwsw.xyz
|
unknown
|
|
|
|
uqeqcmosioeeuymu.xyz
|
unknown
|
|
|
|
ekwimeeskgocsuui.xyz
|
unknown
|
|
|
|
oewkmsgwomookews.xyz
|
unknown
|
|
|
|
mgqcyyiyyiqsukys.xyz
|
unknown
|
|
|
|
cawmiwcamgwowuga.xyz
|
unknown
|
|
|
|
imwcgaksigwguiea.xyz
|
unknown
|
|
|
|
aciusmowqwaaeake.xyz
|
unknown
|
|
|
|
qugeewukcsgkcgqk.xyz
|
unknown
|
|
|
|
ueuumyeqmsmymuym.xyz
|
unknown
|
|
|
|
msccauykiukqesci.xyz
|
unknown
|
|
|
|
wmgoyusqoacscaym.xyz
|
unknown
|
|
|
|
chrome.cloudflare-dns.com
|
172.64.41.3
|
||
|
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
|
94.245.104.56
|
||
|
sni1gl.wpc.nucdn.net
|
152.199.21.175
|
There are 90 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
31.192.232.92
|
ygiqycocskiqysoa.xyz
|
Russian Federation
|
|
|
|
20.25.227.174
|
unknown
|
United States
|
||
|
23.218.232.186
|
unknown
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
162.159.61.3
|
unknown
|
United States
|
||
|
172.64.41.3
|
chrome.cloudflare-dns.com
|
United States
|
||
|
142.251.116.132
|
unknown
|
United States
|
||
|
13.107.246.57
|
unknown
|
United States
|
||
|
94.245.104.56
|
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
|
United Kingdom
|
||
|
23.47.194.88
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
23.198.7.179
|
unknown
|
United States
|
There are 3 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
freseenversion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
freseen
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
|
is_dse_recommended
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
|
is_startup_page_recommended
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197752
|
WindowTabManagerFileMappingId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
dgiklkfkllikcanfonkcabmbdfmgleag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
fikbjbembnmfhppjfnmfkahdhfohhjmg
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
iglcjdemknebjbklcgkfaebgojjphkec
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ihmafllikibpmigkcoadcmckbfhibefp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jdiccldimpdaibmpdkjnbmckianbfold
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ncbjelpjchkpbikbpkcchkhkblodoama
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
dgiklkfkllikcanfonkcabmbdfmgleag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
fikbjbembnmfhppjfnmfkahdhfohhjmg
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ghbmnnjooekpmoecnnnilnnbdlolhkhi
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
iglcjdemknebjbklcgkfaebgojjphkec
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ihmafllikibpmigkcoadcmckbfhibefp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jdiccldimpdaibmpdkjnbmckianbfold
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jmjflgjpcpepeafmmgdpfkogkghcpiha
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ncbjelpjchkpbikbpkcchkhkblodoama
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.account_id
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.last_username
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.last_account_id
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
lastrun
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197752
|
WindowTabManagerFileMappingId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197752
|
WindowTabManagerFileMappingId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197752
|
WindowTabManagerFileMappingId
|
There are 55 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29B0000
|
heap
|
page read and write
|
||
|
4A7F000
|
stack
|
page read and write
|
||
|
26D8000
|
heap
|
page read and write
|
||
|
2BFD000
|
stack
|
page read and write
|
||
|
26FA000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
263F000
|
stack
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
26FC000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
96A000
|
heap
|
page read and write
|
||
|
2709000
|
heap
|
page read and write
|
||
|
2E3000
|
unkown
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
4BBF000
|
stack
|
page read and write
|
||
|
2ED000
|
unkown
|
page read and write
|
||
|
243C000
|
stack
|
page read and write
|
||
|
27EF000
|
stack
|
page read and write
|
||
|
2719000
|
heap
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
2708000
|
heap
|
page read and write
|
||
|
1BB000
|
stack
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
29DD000
|
heap
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
4E3C000
|
stack
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
2FC7000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
26AB000
|
stack
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
36E000
|
unkown
|
page readonly
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
26FA000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
247C000
|
stack
|
page read and write
|
||
|
2708000
|
heap
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
151000
|
unkown
|
page execute read
|
||
|
2FD8000
|
heap
|
page read and write
|
||
|
2CE000
|
unkown
|
page readonly
|
||
|
2F2000
|
unkown
|
page readonly
|
||
|
43E0000
|
heap
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
2719000
|
heap
|
page read and write
|
||
|
2719000
|
heap
|
page read and write
|
||
|
2E1000
|
unkown
|
page write copy
|
||
|
150000
|
unkown
|
page readonly
|
||
|
2CE000
|
unkown
|
page readonly
|
||
|
150000
|
unkown
|
page readonly
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
242F000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
2719000
|
heap
|
page read and write
|
||
|
26FA000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
2709000
|
heap
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
4D3C000
|
stack
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
2708000
|
heap
|
page read and write
|
||
|
272D000
|
heap
|
page read and write
|
||
|
2BBD000
|
stack
|
page read and write
|
||
|
77F000
|
unkown
|
page read and write
|
||
|
56E000
|
unkown
|
page read and write
|
||
|
26F3000
|
heap
|
page read and write
|
||
|
26F3000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
151000
|
unkown
|
page execute read
|
||
|
2E1000
|
unkown
|
page write copy
|
||
|
2892000
|
heap
|
page read and write
|
||
|
2F2000
|
unkown
|
page readonly
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
26F3000
|
heap
|
page read and write
|
||
|
4CFF000
|
stack
|
page read and write
|
||
|
2AEC000
|
heap
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
26FA000
|
heap
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
271B000
|
heap
|
page read and write
|
||
|
59B000
|
stack
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
289A000
|
heap
|
page read and write
|
||
|
299F000
|
stack
|
page read and write
|
||
|
26F3000
|
heap
|
page read and write
|
||
|
5A5000
|
heap
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
36E000
|
unkown
|
page readonly
|
||
|
900000
|
heap
|
page read and write
|
||
|
439E000
|
stack
|
page read and write
|
||
|
2896000
|
heap
|
page read and write
|
||
|
2719000
|
heap
|
page read and write
|
||
|
248D000
|
stack
|
page read and write
|
||
|
2708000
|
heap
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
29BB000
|
heap
|
page read and write
|
||
|
151000
|
unkown
|
page execute read
|
||
|
979000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
2719000
|
heap
|
page read and write
|
There are 114 hidden memdumps, click here to show them.