Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

file.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\ProgramData\DAAAFBKE

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10

dropped

C:\ProgramData\EGHJKFHJJJKJJJJKEHCBGCGDAF

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\FIDGDAKF

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\GCFCFCGCGIEHIECAFCFIJJKKFH

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\HJJKJJDHCGCAECAAECFH

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\JDAKJDAAFBKFHIEBFCFB

ASCII text, with very long lines (1717), with CRLF line terminators

dropped

C:\ProgramData\KEHCAFHIJECGCAKFCGDB

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\chrome.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\ProgramData\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\36eb5cd6-08e2-43c4-9f1f-e1d8c279b7d5.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\517eb8fc-8d23-492e-b2b0-da921c65c488.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\da6f519f-6cc4-4fd8-bd31-22ffa0c76eda.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6720F0D7-1FE0.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2a9e5e16-056d-4585-8761-262e17efc232.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\338e2d6a-f86c-405c-b3bd-ce7538f18197.tmp

ASCII text, with very long lines (17185), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\66fbc10e-7638-4c79-bd04-58947678a0d1.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\823a9633-a1b2-4c09-8201-695b33827f72.tmp

ASCII text, with very long lines (17185), with no line terminators

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico (copy)

MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

ASCII text, with very long lines (1597), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\05b0c3ee-961e-4c7f-a200-2361f7f20499.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4f767783-db2b-40f1-a2d4-1edaa3695256.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\51175d88-02ac-487a-b9fb-d93c2fbd9693.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6c562d4b-80c2-4a52-9914-56f2034be515.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7b2ac48a-2c05-45f1-ab86-237dfe0fdd42.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF45679.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4f401.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 9

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3e36c.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3f3c7.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d012e241-8005-486a-9f24-9acc7e2df61d.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fc93f198-855c-4a51-a04a-a5a1a5970684.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41a79.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF466b5.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4dbf5.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF41a79.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF44a92.TMP (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374685658351557

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\92c332df-44f7-4e0c-80cc-43c85312ef24.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9597ade9-bedc-443f-a4d0-c446dd12b84e.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9899937c-ab92-4a78-8cdb-afcbbbdae296.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9f1c998f-6737-4e37-8c47-94d2346ea45b.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF45688.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3f3c7.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e37513d7-5137-4924-8854-c9060ce67461.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\acfd1c92-3017-4e4d-9fb2-b0279ecac110.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

ASCII text, with very long lines (3951), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c202696f-a921-4d1c-8a9c-33bce01a6c34.tmp

ASCII text, with very long lines (17020), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c3406150-1cab-4cca-affd-1c5f2138eda9.tmp

ASCII text, with very long lines (1597), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cf66260f-e62d-4522-b6ac-76a696513a49.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f0d9fea9-bb46-4985-a64c-f9b7865e8694.tmp

MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fa9b0465-6891-471e-8457-3fec9396a71c.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

SQLite Write-Ahead Log, version 3007000

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c90e.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c92d.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

raw G3 (Group 3) FAX, byte-padded

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\scoped_dir8160_1091630975\LICENSE

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\scoped_dir8160_1091630975\Ruleset Data

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b326bdfc-cf73-4f84-9a1f-4ae0cfe7ba7c.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\03156ecf-82d7-481b-9f8b-4855e582a765.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\1b27a12a-058e-44bd-be96-cc00c5bd9be7.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\ac5344bc-c87d-4627-b42b-90a9b5d0a926.tmp

gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902

dropped

C:\Users\user\AppData\Local\Temp\b059e91c-108f-48b9-80d3-babd63a7880a.tmp

PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\c2f636e4-2d22-48fe-88a6-313881e412a4.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\cv_debug.log

JSON data

dropped

C:\Users\user\AppData\Local\Temp\f694a9db-2d6a-425e-b866-76d8d738fab2.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\fa90a630-1391-40e6-8e8f-f5cad7a39f05.tmp

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_1808305863\1b27a12a-058e-44bd-be96-cc00c5bd9be7.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_1808305863\CRX_INSTALL\_metadata\verified_contents.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_1808305863\CRX_INSTALL\content.js

Unicode text, UTF-8 text, with very long lines (8031), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_1808305863\CRX_INSTALL\content_new.js

Unicode text, UTF-8 text, with very long lines (8604), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_1808305863\CRX_INSTALL\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\af\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\am\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ar\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\az\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\be\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\bg\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\bn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ca\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\cs\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\cy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\da\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\de\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\el\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\en\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\en_CA\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\en_GB\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\en_US\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\es\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\es_419\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\et\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\eu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\fa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\fi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\fil\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\fr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\fr_CA\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\gl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\gu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\hi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\hr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\hu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\hy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\id\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\is\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\it\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\iw\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ja\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ka\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\kk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\km\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\kn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ko\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\lo\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\lt\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\lv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ml\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\mn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\mr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ms\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\my\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ne\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\nl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\no\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\pa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\pl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\pt_BR\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\pt_PT\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ro\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ru\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\si\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\sk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\sl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\sr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\sv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\sw\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ta\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\te\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\th\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\tr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\uk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\ur\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\vi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\zh_CN\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\zh_HK\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\zh_TW\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_locales\zu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\_metadata\verified_contents.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\dasherSettingSchema.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\offscreendocument.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\offscreendocument_main.js

ASCII text, with very long lines (3700)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\page_embed_script.js

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\CRX_INSTALL\service_worker_bin_prod.js

ASCII text, with very long lines (3705)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir8160_230218270\c2f636e4-2d22-48fe-88a6-313881e412a4.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

data

dropped

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

data

dropped

Chrome Cache Entry: 434

ASCII text, with very long lines (5162), with no line terminators

downloaded

Chrome Cache Entry: 435

ASCII text, with very long lines (2287)

downloaded

Chrome Cache Entry: 436

ASCII text, with very long lines (821)

downloaded

Chrome Cache Entry: 437

ASCII text

downloaded

Chrome Cache Entry: 438

ASCII text, with very long lines (65531)

downloaded

Chrome Cache Entry: 439

ASCII text, with very long lines (1302)

downloaded

Chrome Cache Entry: 440

SVG Scalable Vector Graphics image

downloaded

There are 268 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2192,i,13559142579569110316,10378971772201908166,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=2112,i,12895221458035377936,8170361428842122156,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6668 --field-trial-handle=2112,i,12895221458035377936,8170361428842122156,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6904 --field-trial-handle=2112,i,12895221458035377936,8170361428842122156,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7464 --field-trial-handle=2112,i,12895221458035377936,8170361428842122156,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5564 --field-trial-handle=2112,i,12895221458035377936,8170361428842122156,262144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2160,i,4455333709043181034,16278747037617922736,262144 /prefetch:8

There are 2 hidden processes, click here to show them.

URLs

Name

Malicious

http://185.215.113.206/

185.215.113.206

http://185.215.113.206/746f34465cf17784/freebl3.dll

185.215.113.206

http://185.215.113.206/746f34465cf17784/mozglue.dll

185.215.113.206

https://buymyshit.moneygrubbingwhore.com/

unknown

https://www.g4mz.com/

unknown

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730212066100&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true

20.42.65.94

https://t.hrtyj.com/

unknown

https://www.amarotic.com/

unknown

https://easylist.to/)

unknown

https://deff.nelreports.net/api/report?cat=msn

unknown

https://mypatriotsupply.com/

unknown

https://c.msn.com/c.gif?rnd=1730212066102&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=37ecba0705714c7ca36a2ae26a51b615&activityId=37ecba0705714c7ca36a2ae26a51b615&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0

20.125.209.212

https://docs.google.com/

unknown

https://www.gotporn.com/click.php?id=

unknown

https://sb.scorecardresearch.com/b2?rn=1730212066102&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=332D7C0E6DDC69643E2069296C7D689D&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null

18.245.113.126

20.42.65.94

https://bogged.finance/

unknown

https://tracking.gitads.io/

unknown

https://t.adating.link/

unknown

https://www.mrskin.com/account/

unknown

http://redirect.viglink.com

unknown

https://vlnk.me/

unknown

https://beap.gemini.yahoo.com/mbclk?

unknown

http://www.rpg.net/ads/

unknown

http://www.dhgate.com/

unknown

https://www.amazon.

unknown

https://www.appliedenergysystems.com/stakes/

unknown

https://myusenet.xyz/

unknown

https://go.thn.li/

unknown

https://tinyurl.com/

unknown

https://www.roaradventures.com/

unknown

https://h5.whalefin.com/landing2/

unknown

https://drive-daily-2.corp.google.com/

unknown

https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi

unknown

https://tracking.trackcasino.co/

unknown

https://trf.bannerator.com/

unknown

https://unitedstates1.ss.wd.microsoft.us/

unknown

https://t.grtyi.com/

unknown

http://185.215.113.206/746f34465cf17784/mozglue.dllM

unknown

http://totsantcugat.info/wp-content/video.php

unknown

http://185.215.113.206/746f34465cf17784/mozglue.dllQ

unknown

http://ad.yieldmanager.com/

unknown

https://www.ecosia.org/newtab/

unknown

https://drive-daily-5.corp.google.com/

unknown

https://traffdaq.com/

unknown

https://tour.mrskin.com/

unknown

https://www.bleepingcomputer.com/go/

unknown

http://l-13.org/

unknown

https://freehdinterracialporn.in/

unknown

http://www.adpeepshosted.com/adpeeps.php?

unknown

http://www.reimageplus.com/

unknown

https://gen4ever.com/

unknown

https://chrome.google.com/webstore/

unknown

https://go.stormgain.com/

unknown

https://wantopticalfreelance.com/

unknown

https://secure.bstlnk.com/

unknown

https://track.trkinator.com/

unknown

http://185.215.113.206/6c4adf523b719729.phpne

unknown

https://recall-email.onelink.me/

unknown

https://track.52zxzh.com/

unknown

https://offer.alibaba.com/

unknown

https://ptapjmp.com/

unknown

http://www.danhotels.com/JerusalemHotels/?utm_

unknown

https://mk-ads.com/

unknown

https://transfer.xe.com/signup/track/redirect?

unknown

https://camsfinders.com/

unknown

https://docs.rs/getrandom#nodejs-es-module-support

unknown

https://www.saltycams.com

unknown

https://thechillipadi.com/

unknown

https://www.sugarinstant.com/?partner_id=

unknown

https://gadlt.nl/

unknown

https://www.rizik.com.bd/

unknown

https://ntp.msn.com

unknown

https://qwa.qwant.com/ck.php

unknown

http://www.tkqlhce.com/

unknown

https://track.healthtrader.com/

unknown

https://www.pcbway.com/

unknown

https://www.vultr.com/

unknown

http://www.grainesdecannabis.fr/

unknown

http://185.215.113.206/746f34465cf17784/nss3.dllll-

unknown

http://185.215.113.206/746f34465cf17784/vcruntime140.dll/y

unknown

https://s.zlink2.com/

unknown

https://www.mrporngeek.com/

unknown

http://185.215.113.206/746f34465cf17784/nss3.dllll1

unknown

http://185.215.113.206/6c4adf523b719729.php641bc1c3c300cfLt(

unknown

http://refer.ccbill.com/cgi-bin/clicks.cgi?

unknown

https://www.elitepvpers.com/123/

unknown

https://walletinvestor.com/u/gnrATE

unknown

https://rajabets.com/

unknown

https://click.linksynergy.com/

unknown

https://www.firstload.com/affiliate/

unknown

http://ads.depositfiles.com/

unknown

https://www.nsbinsures.com/

unknown

https://www.camsoda.com/enter.php?id=

unknown

https://meet-to-fuck.com/tds

unknown

https://secure.starsaffiliateclub.com/C.ashx?

unknown

http://macpaw.7eer.net/

unknown

https://www.clicktraceclick.com/

unknown

https://www.eneba.com/

unknown

http://www.adult-empire.com/rs.php?

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

chrome.cloudflare-dns.com

172.64.41.3

plus.l.google.com

216.58.212.174

play.google.com

216.58.206.46

s-part-0017.t-0009.t-msedge.net

13.107.246.45

sb.scorecardresearch.com

18.244.18.38

www.google.com

172.217.18.100

googlehosted.l.googleusercontent.com

172.217.16.193

sni1gl.wpc.nucdn.net

152.199.21.175

clients2.googleusercontent.com

unknown

bzib.nelreports.net

unknown

assets.msn.com

unknown

c.msn.com

unknown

ntp.msn.com

unknown

apis.google.com

unknown

api.msn.com

unknown

There are 5 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

192.168.2.6

unknown

185.215.113.206

unknown

Portugal

23.198.7.184

unknown

United States

23.198.7.183

unknown

United States

23.96.180.189

unknown

United States

152.195.19.97

unknown

United States

23.47.194.83

unknown

United States

192.168.2.8

unknown

18.245.113.126

unknown

United States

20.125.209.212

unknown

United States

162.159.61.3

unknown

United States

216.58.212.174

plus.l.google.com

United States

204.79.197.219

unknown

United States

172.64.41.3

chrome.cloudflare-dns.com

United States

23.221.22.173

unknown

United States

13.107.246.57

unknown

United States

20.42.65.94

unknown

United States

18.244.18.38

sb.scorecardresearch.com

United States

216.58.206.46

play.google.com

United States

239.255.255.250

unknown

Reserved

172.217.16.193

googlehosted.l.googleusercontent.com

United States

127.0.0.1

unknown

172.217.18.100

www.google.com

United States

There are 13 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB

Left

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB

Top

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

freseenversion

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

freseen

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults

is_dse_recommended

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults

is_startup_page_recommended

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197728

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahokoikenoafgppiblgpenaaaolecifn

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bhmhibnbialendcafinliemndanacfaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bobbggphonhgdonfdibkfipfepfcildj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ceaifoolopnigfpidlheoagpheiplgii

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

cjneempfhkonkkbcmnfdibgobmhbagaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dabfebgaghanlbehmkmaflipiohdimmc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dcaajljecejllikfgbhjdgeognacjkkp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dgiklkfkllikcanfonkcabmbdfmgleag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dmbljphlfghcnbohaoffiedmodfmkmol

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ehlmnljdoejdahfjdfobmpfancoibmig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

eijpepilkjkofamihbmjcnihgpbebafj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

enkoeamdnimieoooocohgbdajhhkajko

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fikbjbembnmfhppjfnmfkahdhfohhjmg

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fjngpfnaikknjdhkckmncgicobbkcnle

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbihlnbpmfkodghomcinpblknjhneknc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbmoeijgfngecijpcnbooedokgafmmji

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gecfnmoodchdkebjjffmdcmeghkflpib

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gekagaaiohabmaknhkbaofhhedhelemf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghglcnachgghkhbafjogogiggghcpjig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hciemgmhplhpinoohcjpafmncmjapioh

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hloomjjkinpbjldhobfkfdamkmikjmdo

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hmlhageoffiiefnmojcgoagebofoifpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

iglcjdemknebjbklcgkfaebgojjphkec

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ihmafllikibpmigkcoadcmckbfhibefp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jbleckejnaboogigodiafflhkajdmpcl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jdiccldimpdaibmpdkjnbmckianbfold

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jlipacegilfgfpgkefbjcncbfcoeecgj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jmjflgjpcpepeafmmgdpfkogkghcpiha

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jpfjdekhebcolnfkpicpciaknbgcdcbm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kfihiegbjaloebkmglnjnljoljgkkchm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

khffkadolmfbdgahbabbhipadklfmhgf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kjncpkplfnolibapodobnnjfgmjmiaba

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kkobcodijbdelbnhbfkkfncbeildnpie

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kmojgmpmopiiagdfbilgognmlegkonbk

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ncbjelpjchkpbikbpkcchkhkblodoama

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkbndigcebkoaejohleckhekfmcecfja

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nnpnekncnhiglbokoiffmejlimgmgoam

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ofefcgjbeghpigppfmkologfjadafddi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olkdlefmaniacnmgofabnpmomgcpdaip

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olmhchkiafniffcaiciiomfdplnmklak

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

pencekojiebcjhifbkfdncgmmooepclc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ppnnjfpaneghjbcepgedmlcgmfgkjhah

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds

EdgeMUID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default

MUID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahokoikenoafgppiblgpenaaaolecifn

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bhmhibnbialendcafinliemndanacfaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bobbggphonhgdonfdibkfipfepfcildj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ceaifoolopnigfpidlheoagpheiplgii

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

cjneempfhkonkkbcmnfdibgobmhbagaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dabfebgaghanlbehmkmaflipiohdimmc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dcaajljecejllikfgbhjdgeognacjkkp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dgiklkfkllikcanfonkcabmbdfmgleag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dmbljphlfghcnbohaoffiedmodfmkmol

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ehlmnljdoejdahfjdfobmpfancoibmig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

eijpepilkjkofamihbmjcnihgpbebafj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

enkoeamdnimieoooocohgbdajhhkajko

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fikbjbembnmfhppjfnmfkahdhfohhjmg

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fjngpfnaikknjdhkckmncgicobbkcnle

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbihlnbpmfkodghomcinpblknjhneknc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbmoeijgfngecijpcnbooedokgafmmji

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gecfnmoodchdkebjjffmdcmeghkflpib

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gekagaaiohabmaknhkbaofhhedhelemf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghglcnachgghkhbafjogogiggghcpjig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hciemgmhplhpinoohcjpafmncmjapioh

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hloomjjkinpbjldhobfkfdamkmikjmdo

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hmlhageoffiiefnmojcgoagebofoifpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

iglcjdemknebjbklcgkfaebgojjphkec

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ihmafllikibpmigkcoadcmckbfhibefp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jbleckejnaboogigodiafflhkajdmpcl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jdiccldimpdaibmpdkjnbmckianbfold

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jlipacegilfgfpgkefbjcncbfcoeecgj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jmjflgjpcpepeafmmgdpfkogkghcpiha

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jpfjdekhebcolnfkpicpciaknbgcdcbm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kfihiegbjaloebkmglnjnljoljgkkchm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

khffkadolmfbdgahbabbhipadklfmhgf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kjncpkplfnolibapodobnnjfgmjmiaba

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kkobcodijbdelbnhbfkkfncbeildnpie

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kmojgmpmopiiagdfbilgognmlegkonbk

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ncbjelpjchkpbikbpkcchkhkblodoama

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkbndigcebkoaejohleckhekfmcecfja

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nnpnekncnhiglbokoiffmejlimgmgoam

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ofefcgjbeghpigppfmkologfjadafddi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olkdlefmaniacnmgofabnpmomgcpdaip

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olmhchkiafniffcaiciiomfdplnmklak

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

pencekojiebcjhifbkfdncgmmooepclc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ppnnjfpaneghjbcepgedmlcgmfgkjhah

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

metricsid

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

metricsid_installdate

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.account_id

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.last_username

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.last_account_id

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

GlobalAssocChangedCounter

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

lastrun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

0018000DDABBE6B3

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}

DeviceTicket

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197728

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197728

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197728

WindowTabManagerFileMappingId

There are 133 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

171000

unkown

page execute and read and write

F0E000

heap

page read and write

4C20000

direct allocation

page read and write

6FCE1000

unkown

page execute read

1D383000

heap

page read and write

6FCE0000

unkown

page readonly

E04000

heap

page read and write

6CCB0000

unkown

page read and write

DF0000

direct allocation

page read and write

1D391000

heap

page read and write

1D385000

heap

page read and write

1D37F000

heap

page read and write

47A1000

heap

page read and write

2370B000

heap

page read and write

415F000

stack

page read and write

F8E000

heap

page read and write

23703000

heap

page read and write

375F000

stack

page read and write

FC9000

heap

page read and write

E04000

heap

page read and write

465F000

stack

page read and write

47A1000

heap

page read and write

6FD5D000

unkown

page readonly

47A1000

heap

page read and write

FD7000

heap

page read and write

1D39B000

heap

page read and write

1D39B000

heap

page read and write

1D383000

heap

page read and write

47A1000

heap

page read and write

1D385000

heap

page read and write

1D3A0000

heap

page read and write

1D397000

heap

page read and write

1D393000

heap

page read and write

47A1000

heap

page read and write

2A50000

heap

page read and write

E04000

heap

page read and write

47A1000

heap

page read and write

DF0000

direct allocation

page read and write

715000

unkown

page execute and write copy

47A1000

heap

page read and write

2E9F000

stack

page read and write

1D3A0000

heap

page read and write

F0A000

heap

page read and write

361F000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

2A1E000

stack

page read and write

6CCE0000

unkown

page readonly

47A1000

heap

page read and write

6CD87000

unkown

page read and write

1D474000

heap

page read and write

2DE000

unkown

page execute and read and write

1CCDE000

stack

page read and write

E04000

heap

page read and write

1D3A0000

heap

page read and write

236F3000

heap

page read and write

23441000

heap

page read and write

1D391000

heap

page read and write

1D383000

heap

page read and write

3D9F000

stack

page read and write

DF0000

direct allocation

page read and write

2A40000

direct allocation

page execute and read and write

1D36A000

heap

page read and write

61ECD000

direct allocation

page readonly

2D9E000

stack

page read and write

2345A000

heap

page read and write

419E000

stack

page read and write

47A1000

heap

page read and write

1D380000

heap

page read and write

47A1000

heap

page read and write

23462000

heap

page read and write

2A30000

heap

page read and write

4C4B000

direct allocation

page read and write

E04000

heap

page read and write

47A1000

heap

page read and write

E04000

heap

page read and write

714000

unkown

page execute and write copy

1D386000

heap

page read and write

1D391000

heap

page read and write

E00000

heap

page read and write

19C000

unkown

page execute and read and write

2355E000

stack

page read and write

CF2000

stack

page read and write

4D60000

direct allocation

page execute and read and write

47A1000

heap

page read and write

34DF000

stack

page read and write

405E000

stack

page read and write

23400000

heap

page read and write

1D362000

heap

page read and write

E04000

heap

page read and write

23660000

trusted library allocation

page read and write

E04000

heap

page read and write

5EE000

unkown

page execute and read and write

1D377000

heap

page read and write

1D397000

heap

page read and write

1D377000

heap

page read and write

2A5B000

heap

page read and write

389F000

stack

page read and write

48A0000

trusted library allocation

page read and write

DF0000

direct allocation

page read and write

1D384000

heap

page read and write

1D3A0000

heap

page read and write

38DE000

stack

page read and write

1D37F000

heap

page read and write

1D384000

heap

page read and write

1D383000

heap

page read and write

1D36A000

heap

page read and write

47A1000

heap

page read and write

EE0000

direct allocation

page read and write

6CCE1000

unkown

page execute read

6FC000

unkown

page execute and read and write

1D391000

heap

page read and write

E04000

heap

page read and write

43DF000

stack

page read and write

1D369000

heap

page read and write

FC5000

heap

page read and write

DF0000

direct allocation

page read and write

47A1000

heap

page read and write

ECE000

stack

page read and write

95C000

stack

page read and write

1D356000

heap

page read and write

47A1000

heap

page read and write

DF0000

direct allocation

page read and write

2365E000

stack

page read and write

1D384000

heap

page read and write

4D5F000

stack

page read and write

EE0000

direct allocation

page read and write

3F1E000

stack

page read and write

47A1000

heap

page read and write

1D384000

heap

page read and write

3DDE000

stack

page read and write

379E000

stack

page read and write

1D397000

heap

page read and write

EF0000

direct allocation

page execute and read and write

351E000

stack

page read and write

479F000

stack

page read and write

47A1000

heap

page read and write

9B0000

heap

page read and write

E04000

heap

page read and write

1D383000

heap

page read and write

317000

unkown

page execute and read and write

E04000

heap

page read and write

2B5F000

stack

page read and write

DF0000

direct allocation

page read and write

1D377000

heap

page read and write

2C5F000

stack

page read and write

1D3A0000

heap

page read and write

1CDDE000

stack

page read and write

E04000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

11FF000

stack

page read and write

23454000

heap

page read and write

2EDE000

stack

page read and write

61E00000

direct allocation

page execute and read and write

DF0000

direct allocation

page read and write

FF2000

heap

page read and write

1D36A000

heap

page read and write

3B1F000

stack

page read and write

301E000

stack

page read and write

E04000

heap

page read and write

1D36A000

heap

page read and write

F54000

heap

page read and write

170000

unkown

page read and write

2A40000

direct allocation

page execute and read and write

6CC6F000

unkown

page readonly

1D379000

heap

page read and write

E04000

heap

page read and write

61ED0000

direct allocation

page read and write

1D378000

heap

page read and write

47A1000

heap

page read and write

1CE2E000

stack

page read and write

47A1000

heap

page read and write

1D391000

heap

page read and write

1D34D000

stack

page read and write

1D350000

heap

page read and write

1D3A0000

heap

page read and write

1D369000

heap

page read and write

E04000

heap

page read and write

E4E000

stack

page read and write

2A40000

direct allocation

page execute and read and write

47A1000

heap

page read and write

2A30000

direct allocation

page execute and read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

1D391000

heap

page read and write

47A1000

heap

page read and write

1CF6D000

stack

page read and write

DF0000

direct allocation

page read and write

23451000

heap

page read and write

1D361000

heap

page read and write

1D387000

heap

page read and write

3C5F000

stack

page read and write

1D37A000

heap

page read and write

23701000

heap

page read and write

DE0000

heap

page read and write

311F000

stack

page read and write

2A5E000

heap

page read and write

FE4000

heap

page read and write

1CC9F000

stack

page read and write

1CF2F000

stack

page read and write

1D39D000

heap

page read and write

DF0000

direct allocation

page read and write

1D397000

heap

page read and write

29DC000

stack

page read and write

1D0AE000

stack

page read and write

F91000

heap

page read and write

2346B000

heap

page read and write

315E000

stack

page read and write

1D384000

heap

page read and write

1D361000

heap

page read and write

1D3A0000

heap

page read and write

1D3A0000

heap

page read and write

CF8000

stack

page read and write

233E0000

heap

page read and write

1CA5E000

stack

page read and write

47A1000

heap

page read and write

1D3A0000

heap

page read and write

47A1000

heap

page read and write

6CAD0000

unkown

page readonly

1D391000

heap

page read and write

236FB000

heap

page read and write

365E000

stack

page read and write

E04000

heap

page read and write

1CB9E000

stack

page read and write

256000

unkown

page execute and read and write

E8E000

stack

page read and write

47B0000

heap

page read and write

47A1000

heap

page read and write

429F000

stack

page read and write

3C9E000

stack

page read and write

1D383000

heap

page read and write

9C0000

heap

page read and write

E04000

heap

page read and write

1D470000

trusted library allocation

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

4D70000

direct allocation

page execute and read and write

2FDF000

stack

page read and write

1D384000

heap

page read and write

61ED3000

direct allocation

page read and write

6CAD1000

unkown

page execute read

E04000

heap

page read and write

E04000

heap

page read and write

1D35F000

heap

page read and write

3B8000

unkown

page execute and read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

FD1000

heap

page read and write

E04000

heap

page read and write

1D3A0000

heap

page read and write

2A20000

direct allocation

page execute and read and write

1D39D000

heap

page read and write

1D39A000

heap

page read and write

1CB5F000

stack

page read and write

1D06D000

stack

page read and write

1D387000

heap

page read and write

47A1000

heap

page read and write

23421000

heap

page read and write

47A1000

heap

page read and write

1D393000

heap

page read and write

329E000

stack

page read and write

47A1000

heap

page read and write

469E000

stack

page read and write

6CCAF000

unkown

page write copy

8C1000

unkown

page execute and write copy

47A1000

heap

page read and write

E04000

heap

page read and write

451F000

stack

page read and write

2344F000

heap

page read and write

E04000

heap

page read and write

6FD6E000

unkown

page read and write

E04000

heap

page read and write

1D384000

heap

page read and write

1D36A000

heap

page read and write

339F000

stack

page read and write

284000

unkown

page execute and read and write

6FD72000

unkown

page readonly

39DF000

stack

page read and write

47A1000

heap

page read and write

234E0000

trusted library allocation

page read and write

233E0000

trusted library allocation

page read and write

4D80000

direct allocation

page execute and read and write

2EB000

unkown

page execute and read and write

1D3A0000

heap

page read and write

1D364000

heap

page read and write

47A1000

heap

page read and write

E04000

heap

page read and write

47A1000

heap

page read and write

45A000

unkown

page execute and read and write

F00000

heap

page read and write

DF0000

direct allocation

page read and write

2A57000

heap

page read and write

325F000

stack

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

E04000

heap

page read and write

1D387000

heap

page read and write

E04000

heap

page read and write

6D4000

unkown

page execute and read and write

E04000

heap

page read and write

6CCB5000

unkown

page readonly

1D384000

heap

page read and write

1D37A000

heap

page read and write

42DE000

stack

page read and write

1D383000

heap

page read and write

441E000

stack

page read and write

47A1000

heap

page read and write

2D5F000

stack

page read and write

30B000

unkown

page execute and read and write

1D394000

heap

page read and write

10FE000

stack

page read and write

1D37F000

heap

page read and write

FC5000

heap

page read and write

DF0000

direct allocation

page read and write

E04000

heap

page read and write

47C0000

heap

page read and write

1D3A0000

heap

page read and write

47A1000

heap

page read and write

1D1AC000

stack

page read and write

F5A000

heap

page read and write

47A1000

heap

page read and write

DF0000

direct allocation

page read and write

47A1000

heap

page read and write

234F0000

trusted library allocation

page read and write

47A1000

heap

page read and write

3A1E000

stack

page read and write

F90000

heap

page read and write

1D384000

heap

page read and write

31A000

unkown

page execute and read and write

706000

unkown

page execute and read and write

171000

unkown

page execute and write copy

FDE000

heap

page read and write

47A1000

heap

page read and write

1D3A0000

heap

page read and write

61ED4000

direct allocation

page readonly

1D3A0000

heap

page read and write

47A1000

heap

page read and write

61E01000

direct allocation

page execute read

1D389000

heap

page read and write

1D384000

heap

page read and write

1D391000

heap

page read and write

1D37B000

heap

page read and write

170000

unkown

page readonly

47A1000

heap

page read and write

DF0000

direct allocation

page read and write

E04000

heap

page read and write

1D393000

heap

page read and write

8C0000

unkown

page execute and read and write

1D380000

heap

page read and write

1D37A000

heap

page read and write

1D381000

heap

page read and write

E04000

heap

page read and write

61EB7000

direct allocation

page readonly

47A1000

heap

page read and write

E04000

heap

page read and write

47A1000

heap

page read and write

F6A000

heap

page read and write

F85000

heap

page read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

E04000

heap

page read and write

3B5E000

stack

page read and write

47A1000

heap

page read and write

1D36A000

heap

page read and write

47A1000

heap

page read and write

1D381000

heap

page read and write

6CCAE000

unkown

page read and write

233E0000

trusted library allocation

page read and write

1D37A000

heap

page read and write

1D37F000

heap

page read and write

23466000

heap

page read and write

6CD89000

unkown

page readonly

E04000

heap

page read and write

1D24E000

stack

page read and write

401F000

stack

page read and write

3DE000

unkown

page execute and read and write

E04000

heap

page read and write

2B9000

unkown

page execute and read and write

1D384000

heap

page read and write

E04000

heap

page read and write

47A1000

heap

page read and write

47A0000

heap

page read and write

E04000

heap

page read and write

1D36A000

heap

page read and write

1D37E000

heap

page read and write

33DE000

stack

page read and write

61EB4000

direct allocation

page read and write

47A1000

heap

page read and write

E04000

heap

page read and write

3EDF000

stack

page read and write

61ECC000

direct allocation

page read and write

6CD41000

unkown

page readonly

47A1000

heap

page read and write

455E000

stack

page read and write

234AC000

heap

page read and write

3D8000

unkown

page execute and read and write

47A1000

heap

page read and write

47A1000

heap

page read and write

1D37E000

heap

page read and write

FC9000

heap

page read and write

47A1000

heap

page read and write

CFD000

stack

page read and write

4C5C000

stack

page read and write

FCC000

heap

page read and write

714000

unkown

page execute and read and write

There are 396 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
file.exe