IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsGCBFBGCGIJ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BGCFBGDH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\FCFHJKJJJECGDHJJDHDA
ASCII text, with very long lines (1769), with CRLF line terminators
dropped
C:\ProgramData\FHCGHJDB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\GDBKKFHIEGDHJKECAAKKEBAFIJ
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\GIIEGHIDBGHIECAAECGD
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\HIEHDAFHDHCBFIDGCFIDGHJDGD
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KKEHDBAEGIIIEBGCAAFH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0becdd9a-040b-4e78-a618-f300a3a651f2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0cb30536-f77f-4e80-9a36-adc4fc8619ab.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2854fdac-abd6-4873-a314-9cd26ba594f6.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3adb9694-34ee-4301-b686-d63b3ea1cbde.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3ffb03fc-3f11-4a5d-b71b-293da38d3440.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\141fd88f-cdb2-481c-b29f-a5c56e7df070.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673E5477-1B20.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673E5477-1F2C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\51d66606-ee86-40ae-b58b-5b9e970f1fe5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\546244da-0211-44e9-9a5e-82caac683706.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\68bf3520-1c88-4cb6-9ae6-416e1d946332.tmp
Unicode text, UTF-8 text, with very long lines (17282), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8639ba30-dd64-4245-b0a9-3de55cd76dc3.tmp
Unicode text, UTF-8 text, with very long lines (17117), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\93150748-1a34-49e1-b3f3-c24bdf607249.tmp
Unicode text, UTF-8 text, with very long lines (17282), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\95e5f7bf-2ab9-418f-9e87-ca956e677009.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3b6f47fe-9862-45ff-9d94-6e7980136a65.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9adfd03c-1dc8-4f10-8cb8-896cb87a3eb2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF37281.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF26334.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF278b0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b5ca7c95-6403-4878-9d8b-9b9c725ba205.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cb28171e-12be-4097-8dff-9ddac42bf091.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d10ad879-e25b-4880-8cf4-e0af73c6c6e9.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f074c69f-014b-44cc-b4ec-9159ffd83ee1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2aa11.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2eb31.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF36061.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF29fa1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF2e370.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376611706744856
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3e28b629-5f09-4fca-a898-77b7cec6f3da.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\55ed0245-223f-46b6-b33a-138377ba72ff.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\729a002b-4342-47c8-8b84-d517dd5e2586.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF278b0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\cbc4deed-89f1-4007-bc6c-02043132ddd1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ba9ebd1a-7f0c-4e46-97d0-d720767c4407.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d2c56c32-162c-4360-aab6-b856dc8796e0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d8287cdb-1574-4dcb-a06b-626cca8b4557.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24dc8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24e06.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24f6e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF27610.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b54c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36051.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c13e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\abdb8a4d-d30a-4f73-8633-508a7e5099b3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fe6de255-2446-4741-a54e-8187684c4681.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\210d4dee-87fd-4ae9-8661-ecf0191088ba.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\25d586c6-a64f-4f1d-9727-966941cf0114.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\3c439e75-a91d-4934-a6a4-88cd8a9024f1.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\40392e98-9681-44bd-bcc5-26e48d3d1dc7.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\a1fb2531-a8b8-496a-bd7c-9707832af8da.tmp
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\a5d8d529-b237-4518-8f80-750027761820.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\fe852e88-e57f-40f8-b978-8b90c48d1be4.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_1657705418\210d4dee-87fd-4ae9-8661-ecf0191088ba.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_1657705418\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_1657705418\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_1657705418\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_1657705418\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\25d586c6-a64f-4f1d-9727-966941cf0114.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir6944_397162566\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 444
ASCII text, with very long lines (5222)
downloaded
Chrome Cache Entry: 445
ASCII text
downloaded
There are 273 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2004,i,4550808738951624434,3396110950009088657,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2280,i,4679761206996037597,10384987067001823666,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2008,i,9242084691122634382,6870348634254363273,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6580 --field-trial-handle=2008,i,9242084691122634382,6870348634254363273,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6772 --field-trial-handle=2008,i,9242084691122634382,6870348634254363273,262144 /prefetch:8
malicious
C:\Users\user\DocumentsGCBFBGCGIJ.exe
"C:\Users\user\DocumentsGCBFBGCGIJ.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5716 --field-trial-handle=2008,i,9242084691122634382,6870348634254363273,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGCBFBGCGIJ.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllE
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://sb.scorecardresearch.com/
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732138119235&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
104.46.162.227
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://c.msn.com/c.gif?rnd=1732138119238&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=eecc922ded064b33aac1b2e0c7847c2c&activityId=eecc922ded064b33aac1b2e0c7847c2c&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=2138C86C89784A28B6BCD8845DB9A64F&MUID=27F5C03F1FAA650B38E3D5021EB364FD
20.110.205.119
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
216.58.208.228
https://sb.scorecardresearch.com/b2?rn=1732138119238&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=27F5C03F1FAA650B38E3D5021EB364FD&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
108.139.47.108
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
unknown
https://www.deezer.com/
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732138126588&w=0&anoncknm=app_anon&NoResponseBody=true
104.46.162.227
https://drive-daily-2.corp.google.com/
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://185.215.113.206/c4becf79229cb002.php0
unknown
https://msn.comXIDv10&
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://drive-daily-5.corp.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732138127367&w=0&anoncknm=app_anon&NoResponseBody=true
104.46.162.227
http://185.215.113.206/c4becf79229cb002.php5
unknown
http://185.215.113.206/c4becf79229cb002.phptware
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732138125592&w=0&anoncknm=app_anon&NoResponseBody=true
104.46.162.227
https://chromewebstore.google.com/
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
http://185.215.113.206rontdesk
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://m.kugou.com/
unknown
https://www.office.com
unknown
http://185.215.113.206/c4becf79229cb002.phpa
unknown
https://outlook.live.com/mail/0/
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
http://185.215.113.43/Zu7JuNko/index.phpF
unknown
http://185.215.113.206/c4becf79229cb002.phpi
unknown
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
http://185.215.113.206TIFIER=Intel
unknown
https://tidal.com/
unknown
https://ntp.msn.com
unknown
http://185.215.113.206/c4becf79229cb002.phpx
unknown
https://browser.events.data.msn.cn/
unknown
https://gaana.com/
unknown
https://drive-staging.corp.google.com/
unknown
http://185.215.113.43/Zu7JuNko/index.php3D
unknown
https://outlook.live.com/mail/compose?isExtension=true
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mira-tmc.tm-4.office.com
52.123.243.180
chrome.cloudflare-dns.com
162.159.61.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.66
www.google.com
216.58.208.228
googlehosted.l.googleusercontent.com
172.217.19.225
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
api.msn.com
unknown
There are 2 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.7
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
20.1.248.118
unknown
United States
23.200.88.30
unknown
United States
13.107.246.40
unknown
United States
152.195.19.97
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
18.165.220.66
sb.scorecardresearch.com
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
23.44.203.84
unknown
United States
216.58.208.228
www.google.com
United States
20.110.205.119
unknown
United States
104.117.182.27
unknown
United States
204.79.197.219
unknown
United States
23.44.203.86
unknown
United States
172.64.41.3
unknown
United States
108.139.47.108
unknown
United States
52.123.243.180
mira-tmc.tm-4.office.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
172.183.192.109
unknown
United States
104.46.162.227
unknown
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
There are 15 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197656
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197656
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197656
WindowTabManagerFileMappingId
There are 94 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4CC0000
direct allocation
page read and write
 malicious
4B20000
direct allocation
page read and write
 malicious
BC1000
unkown
page execute and read and write
 malicious
A81000
unkown
page execute and read and write
 malicious
A01000
unkown
page execute and read and write
 malicious
5260000
direct allocation
page read and write
 malicious
A81000
unkown
page execute and read and write
 malicious
1A2E000
heap
page read and write
 malicious
A81000
unkown
page execute and read and write
 malicious
55C0000
direct allocation
page read and write
 malicious
5320000
direct allocation
page read and write
 malicious
3E4E000
stack
page read and write
686C000
stack
page read and write
4E70000
direct allocation
page read and write
414F000
stack
page read and write
1DD4E000
heap
page read and write
F30000
direct allocation
page read and write
F57000
heap
page read and write
5460000
direct allocation
page execute and read and write
BC0000
unkown
page read and write
135E000
stack
page read and write
4E10000
direct allocation
page execute and read and write
1DD70000
heap
page read and write
D75000
unkown
page execute and read and write
E0A000
unkown
page read and write
1DD1E000
stack
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
477E000
stack
page read and write
574C000
stack
page read and write
5760000
direct allocation
page execute and read and write
41CF000
stack
page read and write
35BF000
stack
page read and write
1DD42000
heap
page read and write
3A0E000
stack
page read and write
393F000
stack
page read and write
23E1F000
heap
page read and write
4CD0000
direct allocation
page execute and read and write
1DD52000
heap
page read and write
4851000
heap
page read and write
FE4000
heap
page read and write
473E000
stack
page read and write
1DD3B000
heap
page read and write
1A10000
direct allocation
page read and write
4EA0000
direct allocation
page execute and read and write
40FE000
stack
page read and write
45FF000
stack
page read and write
4CFE000
stack
page read and write
FE4000
heap
page read and write
D8B000
unkown
page execute and read and write
4C80000
direct allocation
page execute and read and write
A50000
heap
page read and write
45CE000
stack
page read and write
4841000
heap
page read and write
9EE000
stack
page read and write
130C000
stack
page read and write
3CCF000
stack
page read and write
4F8F000
stack
page read and write
BC1000
unkown
page execute and write copy
700C1000
unkown
page execute read
112F000
heap
page read and write
1D50F000
stack
page read and write
316E000
stack
page read and write
1135000
heap
page read and write
D27000
unkown
page execute and read and write
36FE000
stack
page read and write
FE4000
heap
page read and write
3BFF000
stack
page read and write
1137000
heap
page read and write
564E000
stack
page read and write
1DD53000
heap
page read and write
1DD4F000
heap
page read and write
4ED0000
trusted library allocation
page read and write
3A7F000
stack
page read and write
18A0000
heap
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
5770000
direct allocation
page execute and read and write
A81000
unkown
page execute and write copy
4ACE000
stack
page read and write
1516000
heap
page read and write
1DD61000
heap
page read and write
1DD3B000
heap
page read and write
FE4000
heap
page read and write
1880000
heap
page read and write
6CFB5000
unkown
page readonly
3FBF000
stack
page read and write
5141000
heap
page read and write
CFC000
unkown
page execute and read and write
3A8E000
stack
page read and write
FE4000
heap
page read and write
19F0000
direct allocation
page read and write
3DCE000
stack
page read and write
1DD54000
heap
page read and write
423E000
stack
page read and write
520F000
stack
page read and write
9F0000
direct allocation
page read and write
D49000
unkown
page execute and read and write
1030000
direct allocation
page read and write
34CF000
stack
page read and write
1DD60000
heap
page read and write
189E000
heap
page read and write
1DD61000
heap
page read and write
740000
heap
page read and write
31B0000
direct allocation
page read and write
1A2A000
heap
page read and write
1D64F000
stack
page read and write
1DD4A000
heap
page read and write
4E70000
direct allocation
page read and write
FE4000
heap
page read and write
6CDD0000
unkown
page readonly
FE4000
heap
page read and write
428F000
stack
page read and write
1102000
heap
page read and write
A70000
heap
page read and write
9F0000
direct allocation
page read and write
39BE000
stack
page read and write
53E0000
direct allocation
page execute and read and write
45BF000
stack
page read and write
10E0000
heap
page read and write
3EBE000
stack
page read and write
56FF000
stack
page read and write
10C3000
unkown
page execute and write copy
102F000
stack
page read and write
16FE000
stack
page read and write
4E70000
direct allocation
page read and write
F30000
direct allocation
page read and write
3B0F000
stack
page read and write
1DD41000
heap
page read and write
FE4000
heap
page read and write
AE9000
unkown
page write copy
40CE000
stack
page read and write
1121000
heap
page read and write
16F8000
stack
page read and write
A69000
unkown
page write copy
8EC1000
heap
page read and write
31B0000
direct allocation
page read and write
1DD47000
heap
page read and write
6600000
heap
page read and write
1DD4A000
heap
page read and write
36FF000
stack
page read and write
FE4000
heap
page read and write
65F1000
heap
page read and write
36BF000
stack
page read and write
D0C000
unkown
page execute and write copy
10D2000
heap
page read and write
1050000
direct allocation
page execute and read and write
4D20000
direct allocation
page execute and read and write
340F000
stack
page read and write
3A4F000
stack
page read and write
3B4F000
stack
page read and write
44FE000
stack
page read and write
15DF000
stack
page read and write
5740000
direct allocation
page execute and read and write
1DD70000
heap
page read and write
5381000
direct allocation
page read and write
9F0000
direct allocation
page read and write
9F0000
direct allocation
page read and write
1D54E000
stack
page read and write
1DD55000
heap
page read and write
4E70000
direct allocation
page read and write
38CF000
stack
page read and write
FE4000
heap
page read and write
40BF000
stack
page read and write
38CE000
stack
page read and write
23E2B000
heap
page read and write
2F7E000
stack
page read and write
498E000
stack
page read and write
18A6000
heap
page read and write
1DD61000
heap
page read and write
FE4000
heap
page read and write
102E000
stack
page read and write
2F0E000
stack
page read and write
FE4000
heap
page read and write
4B20000
direct allocation
page read and write
368F000
stack
page read and write
6240000
heap
page read and write
1DD3F000
heap
page read and write
6FD000
stack
page read and write
D7C000
unkown
page execute and read and write
5141000
heap
page read and write
1DD33000
heap
page read and write
1380000
heap
page read and write
61FE000
stack
page read and write
420E000
stack
page read and write
394E000
stack
page read and write
1DD70000
heap
page read and write
9F0000
direct allocation
page read and write
42CF000
stack
page read and write
F30000
direct allocation
page read and write
FE4000
heap
page read and write
4EBF000
stack
page read and write
19F0000
direct allocation
page read and write
4DD1000
heap
page read and write
364F000
stack
page read and write
F5E000
heap
page read and write
FE4000
heap
page read and write
490E000
stack
page read and write
FE4000
heap
page read and write
9AE000
stack
page read and write
54E0000
direct allocation
page execute and read and write
4CA0000
direct allocation
page execute and read and write
54A0000
direct allocation
page execute and read and write
53E0000
direct allocation
page execute and read and write
4DFF000
stack
page read and write
AE2000
unkown
page execute and read and write
4B4F000
stack
page read and write
5141000
heap
page read and write
1135000
heap
page read and write
CF5000
unkown
page execute and read and write
4CF0000
direct allocation
page execute and read and write
FE4000
heap
page read and write
2B0F000
stack
page read and write
10CC000
heap
page read and write
3ABF000
stack
page read and write
87B000
heap
page read and write
4FFF000
stack
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
545F000
stack
page read and write
FE4000
heap
page read and write
53E0000
direct allocation
page execute and read and write
333E000
stack
page read and write
1680000
heap
page read and write
8E8000
heap
page read and write
44BE000
stack
page read and write
31B0000
direct allocation
page read and write
FE4000
heap
page read and write
4691000
heap
page read and write
FE4000
heap
page read and write
473F000
stack
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
4F80000
trusted library allocation
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
F50000
heap
page read and write
1DD61000
heap
page read and write
1DD5C000
heap
page read and write
5260000
direct allocation
page read and write
4E81000
heap
page read and write
3B4E000
stack
page read and write
4D7F000
stack
page read and write
3B8F000
stack
page read and write
9F0000
direct allocation
page read and write
E0A000
unkown
page write copy
463E000
stack
page read and write
D8B000
unkown
page execute and write copy
D0B000
unkown
page execute and read and write
3F0E000
stack
page read and write
FE4000
heap
page read and write
536F000
stack
page read and write
433F000
stack
page read and write
54A0000
direct allocation
page execute and read and write
1128000
heap
page read and write
2F3F000
stack
page read and write
10C2000
heap
page read and write
74C0000
heap
page read and write
FE4000
heap
page read and write
418F000
stack
page read and write
61E01000
direct allocation
page execute read
43CE000
stack
page read and write
A00000
unkown
page read and write
112F000
heap
page read and write
39CF000
stack
page read and write
5450000
direct allocation
page execute and read and write
1DD20000
heap
page read and write
2AD21000
heap
page read and write
659F000
stack
page read and write
114C000
heap
page read and write
61ECD000
direct allocation
page readonly
FE4000
heap
page read and write
529E000
stack
page read and write
FE4000
heap
page read and write
623E000
stack
page read and write
FE4000
heap
page read and write
5141000
heap
page read and write
187F000
stack
page read and write
3E0E000
stack
page read and write
314F000
stack
page read and write
1DD3B000
heap
page read and write
8EC0000
heap
page read and write
A80000
unkown
page readonly
FE4000
heap
page read and write
378E000
stack
page read and write
35FE000
stack
page read and write
F1E000
unkown
page execute and read and write
5320000
direct allocation
page read and write
454E000
stack
page read and write
470E000
stack
page read and write
4A0F000
stack
page read and write
1370000
heap
page read and write
D0B000
unkown
page execute and write copy
5470000
direct allocation
page execute and read and write
510E000
stack
page read and write
37FF000
stack
page read and write
4E60000
direct allocation
page execute and read and write
C44000
unkown
page execute and read and write
1860000
heap
page read and write
1690000
heap
page read and write
54F0000
direct allocation
page execute and read and write
6CBF000
stack
page read and write
FE4000
heap
page read and write
10C3000
unkown
page execute and read and write
574E000
stack
page read and write
1DD2F000
heap
page read and write
1DD51000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
53AD000
stack
page read and write
A6B000
unkown
page execute and read and write
3E7E000
stack
page read and write
FE4000
heap
page read and write
676C000
stack
page read and write
4E70000
direct allocation
page read and write
8B5000
heap
page read and write
35BE000
stack
page read and write
125E000
stack
page read and write
400F000
stack
page read and write
1DD55000
heap
page read and write
A80000
unkown
page readonly
D8B000
unkown
page execute and write copy
10C0000
heap
page read and write
32FF000
stack
page read and write
FE4000
heap
page read and write
9F0000
direct allocation
page read and write
5150000
heap
page read and write
350F000
stack
page read and write
1DD54000
heap
page read and write
360F000
stack
page read and write
430F000
stack
page read and write
1AA6000
heap
page read and write
FE4000
heap
page read and write
3D0E000
stack
page read and write
61EB7000
direct allocation
page readonly
FE4000
heap
page read and write
FE4000
heap
page read and write
23DD0000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
33CF000
stack
page read and write
31B0000
direct allocation
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
FE5000
heap
page read and write
9F0000
direct allocation
page read and write
4E10000
direct allocation
page execute and read and write
440E000
stack
page read and write
4E70000
direct allocation
page read and write
1DD5F000
heap
page read and write
FE4000
heap
page read and write
106E000
heap
page read and write
31B0000
direct allocation
page read and write
318E000
stack
page read and write
1A74000
heap
page read and write
5440000
direct allocation
page execute and read and write
478F000
stack
page read and write
5141000
heap
page read and write
649E000
stack
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
31C0000
heap
page read and write
240D6000
heap
page read and write
1DD3C000
heap
page read and write
3B8E000
stack
page read and write
9F0000
heap
page read and write
23DB0000
trusted library allocation
page read and write
494F000
stack
page read and write
112F000
heap
page read and write
1DD49000
heap
page read and write
10A6000
heap
page read and write
D49000
unkown
page execute and read and write
5470000
direct allocation
page execute and read and write
3FFE000
stack
page read and write
A81000
unkown
page execute and write copy
3D8F000
stack
page read and write
1DD22000
heap
page read and write
14BE000
stack
page read and write
5430000
direct allocation
page execute and read and write
111F000
heap
page read and write
5740000
direct allocation
page execute and read and write
180D000
stack
page read and write
23EB0000
trusted library allocation
page read and write
19F0000
direct allocation
page read and write
4691000
heap
page read and write
4C0E000
stack
page read and write
302F000
stack
page read and write
140A000
heap
page read and write
C75000
unkown
page execute and read and write
45FE000
stack
page read and write
2AD1C000
stack
page read and write
AEB000
unkown
page execute and read and write
FE4000
heap
page read and write
49FE000
stack
page read and write
FE4000
heap
page read and write
EEE000
stack
page read and write
19F0000
direct allocation
page read and write
2D8F000
stack
page read and write
FE4000
heap
page read and write
1DD61000
heap
page read and write
4841000
heap
page read and write
390E000
stack
page read and write
53E0000
direct allocation
page execute and read and write
240D1000
heap
page read and write
FE4000
heap
page read and write
468F000
stack
page read and write
5530000
direct allocation
page execute and read and write
FE4000
heap
page read and write
1510000
heap
page read and write
4EFE000
stack
page read and write
FE4000
heap
page read and write
707000
heap
page read and write
1DD3B000
heap
page read and write
FE4000
heap
page read and write
1DD47000
heap
page read and write
4CCE000
stack
page read and write
1DD4E000
heap
page read and write
5520000
direct allocation
page execute and read and write
AE9000
unkown
page write copy
304E000
stack
page read and write
1DD31000
heap
page read and write
23E14000
heap
page read and write
D8C000
unkown
page execute and write copy
FE4000
heap
page read and write
560E000
stack
page read and write
1DD3B000
heap
page read and write
F20000
unkown
page execute and write copy
31B0000
direct allocation
page read and write
1DD4C000
heap
page read and write
FE4000
heap
page read and write
2AD20000
heap
page read and write
165E000
stack
page read and write
1102000
heap
page read and write
4E70000
direct allocation
page read and write
F30000
direct allocation
page read and write
4E80000
direct allocation
page execute and read and write
9F0000
direct allocation
page read and write
1DD3B000
heap
page read and write
61ED0000
direct allocation
page read and write
A80000
unkown
page readonly
10DC000
heap
page read and write
707000
heap
page read and write
700C0000
unkown
page readonly
61ECC000
direct allocation
page read and write
5730000
direct allocation
page execute and read and write
FE4000
heap
page read and write
1DD53000
heap
page read and write
1DD31000
heap
page read and write
31C7000
heap
page read and write
340E000
stack
page read and write
32CE000
stack
page read and write
19F0000
direct allocation
page read and write
23F2E000
stack
page read and write
240C9000
heap
page read and write
163E000
stack
page read and write
FE5000
heap
page read and write
23DF1000
heap
page read and write
9F0000
direct allocation
page read and write
53D0000
direct allocation
page execute and read and write
D8B000
unkown
page execute and write copy
54AD000
stack
page read and write
19F0000
direct allocation
page read and write
4E70000
direct allocation
page execute and read and write
177E000
stack
page read and write
3FBE000
stack
page read and write
388F000
stack
page read and write
4E81000
heap
page read and write
4DCF000
stack
page read and write
F98000
unkown
page execute and read and write
3A4E000
stack
page read and write
5090000
heap
page read and write
1660000
heap
page read and write
F30000
direct allocation
page read and write
C74000
unkown
page execute and read and write
1DD55000
heap
page read and write
350E000
stack
page read and write
1DD53000
heap
page read and write
4D4E000
stack
page read and write
FE4000
heap
page read and write
E0C000
unkown
page execute and read and write
447F000
stack
page read and write
380E000
stack
page read and write
1DD50000
heap
page read and write
2DCE000
stack
page read and write
54A0000
direct allocation
page execute and read and write
1DD43000
heap
page read and write
F30000
direct allocation
page read and write
4A4E000
stack
page read and write
5510000
direct allocation
page execute and read and write
FE4000
heap
page read and write
4DD1000
heap
page read and write
358E000
stack
page read and write
4DD1000
heap
page read and write
47CE000
stack
page read and write
1460000
heap
page read and write
10BF000
heap
page read and write
FE4000
heap
page read and write
D75000
unkown
page execute and read and write
3F0F000
stack
page read and write
37CF000
stack
page read and write
357F000
stack
page read and write
FE4000
heap
page read and write
54D0000
direct allocation
page execute and read and write
AE9000
unkown
page write copy
FE4000
heap
page read and write
4E80000
heap
page read and write
145E000
stack
page read and write
1DD4E000
heap
page read and write
C74000
unkown
page execute and read and write
FE4000
heap
page read and write
5141000
heap
page read and write
5260000
direct allocation
page read and write
4CC0000
direct allocation
page execute and read and write
F30000
direct allocation
page read and write
1DC1E000
stack
page read and write
4D10000
direct allocation
page execute and read and write
1DD70000
heap
page read and write
5490000
direct allocation
page execute and read and write
397E000
stack
page read and write
40FF000
stack
page read and write
1DD40000
heap
page read and write
FE4000
heap
page read and write
EA0000
unkown
page execute and write copy
4E70000
direct allocation
page read and write
1897000
heap
page read and write
383E000
stack
page read and write
2DFF000
stack
page read and write
4940000
trusted library allocation
page read and write
312F000
stack
page read and write
8EE2000
heap
page read and write
307F000
stack
page read and write
1A10000
direct allocation
page read and write
31B0000
direct allocation
page read and write
1DD51000
heap
page read and write
53E0000
direct allocation
page execute and read and write
5C0000
heap
page read and write
FE5000
heap
page read and write
140E000
heap
page read and write
173E000
stack
page read and write
1DD3F000
heap
page read and write
6CC0000
trusted library allocation
page read and write
FE4000
heap
page read and write
FE5000
heap
page read and write
4691000
heap
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
12FD000
stack
page read and write
5320000
direct allocation
page read and write
4AFF000
stack
page read and write
10D2000
heap
page read and write
550E000
stack
page read and write
2E3E000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
FE4000
heap
page read and write
F30000
direct allocation
page read and write
FE0000
heap
page read and write
FE4000
heap
page read and write
1DD53000
heap
page read and write
6250000
heap
page read and write
458E000
stack
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
4E8E000
stack
page read and write
23E27000
heap
page read and write
707000
heap
page read and write
FE4000
heap
page read and write
F30000
direct allocation
page read and write
4D00000
direct allocation
page execute and read and write
5141000
heap
page read and write
111F000
heap
page read and write
61ED4000
direct allocation
page readonly
FE4000
heap
page read and write
4850000
heap
page read and write
FE4000
heap
page read and write
FE5000
heap
page read and write
54A0000
direct allocation
page execute and read and write
31B0000
direct allocation
page read and write
FE4000
heap
page read and write
3030000
heap
page read and write
404F000
stack
page read and write
1DD31000
heap
page read and write
16A9000
heap
page read and write
3C8F000
stack
page read and write
19F0000
direct allocation
page read and write
444E000
stack
page read and write
7014E000
unkown
page read and write
3E7F000
stack
page read and write
19F0000
direct allocation
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
4E70000
direct allocation
page read and write
D8C000
unkown
page execute and write copy
1DD3C000
heap
page read and write
70152000
unkown
page readonly
4841000
heap
page read and write
4D21000
direct allocation
page read and write
8B9000
heap
page read and write
FE4000
heap
page read and write
A00000
heap
page read and write
4E10000
direct allocation
page execute and read and write
1DD3B000
heap
page read and write
1C1E000
stack
page read and write
FE4000
heap
page read and write
49BF000
stack
page read and write
480F000
stack
page read and write
378F000
stack
page read and write
3BBF000
stack
page read and write
FE4000
heap
page read and write
3A0F000
stack
page read and write
1DD55000
heap
page read and write
434E000
stack
page read and write
1400000
heap
page read and write
3C8E000
stack
page read and write
1137000
heap
page read and write
FE4000
heap
page read and write
24030000
trusted library allocation
page read and write
1DD53000
heap
page read and write
10E8000
heap
page read and write
FE4000
heap
page read and write
5710000
direct allocation
page execute and read and write
23DB0000
heap
page read and write
513F000
stack
page read and write
31B0000
direct allocation
page read and write
1890000
heap
page read and write
4E4F000
stack
page read and write
FE4000
heap
page read and write
3D3E000
stack
page read and write
535E000
stack
page read and write
A62000
unkown
page execute and read and write
1DD51000
heap
page read and write
10B4000
unkown
page execute and read and write
1DD61000
heap
page read and write
30BE000
stack
page read and write
53B0000
direct allocation
page execute and read and write
53E0000
direct allocation
page execute and read and write
F2E000
stack
page read and write
FE4000
heap
page read and write
6CDD1000
unkown
page execute read
5140000
heap
page read and write
4840000
heap
page read and write
1DD4B000
heap
page read and write
645F000
stack
page read and write
33CF000
stack
page read and write
1DD49000
heap
page read and write
1DD55000
heap
page read and write
10B2000
heap
page read and write
A07000
heap
page read and write
41CE000
stack
page read and write
1DD70000
heap
page read and write
A4E000
stack
page read and write
19EC000
stack
page read and write
5400000
direct allocation
page execute and read and write
AEB000
unkown
page execute and read and write
364E000
stack
page read and write
700000
heap
page read and write
8EBC000
stack
page read and write
4F80000
heap
page read and write
1102000
heap
page read and write
1DD53000
heap
page read and write
1090000
heap
page read and write
1431000
heap
page read and write
FE4000
heap
page read and write
1DD61000
heap
page read and write
BF7000
unkown
page execute and read and write
FE4000
heap
page read and write
487E000
stack
page read and write
3ECF000
stack
page read and write
4E90000
direct allocation
page execute and read and write
FE4000
heap
page read and write
46FF000
stack
page read and write
23EB0000
trusted library allocation
page read and write
4B81000
direct allocation
page read and write
D75000
unkown
page execute and read and write
9F0000
direct allocation
page read and write
4E50000
direct allocation
page execute and read and write
44BF000
stack
page read and write
1DD55000
heap
page read and write
31CE000
stack
page read and write
111F000
heap
page read and write
23E9B000
heap
page read and write
FE4000
heap
page read and write
1DD53000
heap
page read and write
16F3000
stack
page read and write
29CF000
stack
page read and write
6A9B000
stack
page read and write
1DD70000
heap
page read and write
1106000
heap
page read and write
7013D000
unkown
page readonly
418E000
stack
page read and write
114A000
heap
page read and write
4B5C000
stack
page read and write
61ED3000
direct allocation
page read and write
2C8E000
stack
page read and write
23E30000
heap
page read and write
D7C000
unkown
page execute and read and write
1DD4C000
heap
page read and write
23E8D000
heap
page read and write
169B000
heap
page read and write
4690000
heap
page read and write
3DCE000
stack
page read and write
23E16000
heap
page read and write
48CF000
stack
page read and write
1106000
heap
page read and write
1D68E000
stack
page read and write
318F000
stack
page read and write
FE4000
heap
page read and write
31AE000
stack
page read and write
19F0000
direct allocation
page read and write
1127000
heap
page read and write
19F0000
direct allocation
page read and write
1DD4F000
heap
page read and write
4E70000
direct allocation
page read and write
9F0000
direct allocation
page read and write
4841000
heap
page read and write
F20000
unkown
page execute and write copy
31FE000
stack
page read and write
450F000
stack
page read and write
1DD49000
heap
page read and write
10DD000
heap
page read and write
5420000
direct allocation
page execute and read and write
FE4000
heap
page read and write
1DA3D000
stack
page read and write
FE4000
heap
page read and write
4BCF000
stack
page read and write
19F0000
direct allocation
page read and write
FE4000
heap
page read and write
4C5F000
stack
page read and write
1DD52000
heap
page read and write
3E0F000
stack
page read and write
1DD47000
heap
page read and write
54B0000
direct allocation
page execute and read and write
FE4000
heap
page read and write
2ECF000
stack
page read and write
55FB000
stack
page read and write
FE4000
heap
page read and write
4E10000
direct allocation
page execute and read and write
189B000
heap
page read and write
240C8000
heap
page read and write
5141000
heap
page read and write
5240000
trusted library allocation
page read and write
3BCE000
stack
page read and write
FE4000
heap
page read and write
1DD42000
heap
page read and write
1030000
direct allocation
page read and write
31B0000
direct allocation
page read and write
1D93D000
stack
page read and write
4DD1000
heap
page read and write
F30000
direct allocation
page read and write
23DB0000
trusted library allocation
page read and write
1DE46000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
10CB000
heap
page read and write
4B8E000
stack
page read and write
705000
heap
page read and write
31BF000
stack
page read and write
32CF000
stack
page read and write
3AFE000
stack
page read and write
5D0000
heap
page read and write
464F000
stack
page read and write
1120000
heap
page read and write
5480000
direct allocation
page execute and read and write
31B0000
direct allocation
page read and write
1DD54000
heap
page read and write
FE4000
heap
page read and write
126E000
unkown
page execute and write copy
503E000
stack
page read and write
AE9000
unkown
page write copy
1DA7D000
stack
page read and write
8D4000
heap
page read and write
5410000
direct allocation
page execute and read and write
5141000
heap
page read and write
F30000
direct allocation
page read and write
1D7FE000
stack
page read and write
114A000
heap
page read and write
4C70000
direct allocation
page execute and read and write
D8B000
unkown
page execute and read and write
347E000
stack
page read and write
112C000
heap
page read and write
3E3F000
stack
page read and write
4DD1000
heap
page read and write
FE4000
heap
page read and write
1DD6D000
heap
page read and write
C8C000
unkown
page execute and read and write
FDE000
stack
page read and write
FBC000
stack
page read and write
427E000
stack
page read and write
10AB000
unkown
page execute and read and write
CC9000
unkown
page execute and read and write
4E81000
heap
page read and write
1DD49000
heap
page read and write
4E40000
direct allocation
page execute and read and write
61EB4000
direct allocation
page read and write
374F000
stack
page read and write
13EE000
stack
page read and write
FE4000
heap
page read and write
AEB000
unkown
page execute and read and write
1DD4E000
heap
page read and write
1DD52000
heap
page read and write
4C8F000
stack
page read and write
1040000
direct allocation
page execute and read and write
66F0000
heap
page read and write
430E000
stack
page read and write
1DD3B000
heap
page read and write
1A89000
heap
page read and write
4B0C000
stack
page read and write
FE4000
heap
page read and write
1DD70000
heap
page read and write
5540000
direct allocation
page execute and read and write
32CF000
stack
page read and write
111F000
heap
page read and write
539F000
stack
page read and write
404E000
stack
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
19AE000
stack
page read and write
1DD49000
heap
page read and write
10D2000
heap
page read and write
46CF000
stack
page read and write
3F8E000
stack
page read and write
1DD44000
heap
page read and write
137D000
stack
page read and write
3F4E000
stack
page read and write
5141000
heap
page read and write
FE4000
heap
page read and write
373E000
stack
page read and write
FE5000
heap
page read and write
3D7E000
stack
page read and write
19F0000
direct allocation
page read and write
14D0000
heap
page read and write
3BFE000
stack
page read and write
6CFB0000
unkown
page read and write
4E30000
direct allocation
page execute and read and write
FE4000
heap
page read and write
1A10000
direct allocation
page read and write
FE4000
heap
page read and write
6CF6F000
unkown
page readonly
4E70000
direct allocation
page read and write
1DD4F000
heap
page read and write
1106000
heap
page read and write
FE4000
heap
page read and write
19F0000
direct allocation
page read and write
127C000
stack
page read and write
870000
heap
page read and write
14D5000
heap
page read and write
BC0000
unkown
page readonly
1A71000
heap
page read and write
458F000
stack
page read and write
28CF000
stack
page read and write
3CCE000
stack
page read and write
1D78F000
stack
page read and write
1DD26000
heap
page read and write
FE4000
heap
page read and write
330E000
stack
page read and write
FE4000
heap
page read and write
483F000
stack
page read and write
FE4000
heap
page read and write
387E000
stack
page read and write
383F000
stack
page read and write
8FA000
stack
page read and write
1DD49000
heap
page read and write
3F7F000
stack
page read and write
A81000
unkown
page execute and write copy
3C3E000
stack
page read and write
FE4000
heap
page read and write
397F000
stack
page read and write
1106000
heap
page read and write
36CE000
stack
page read and write
4E81000
heap
page read and write
10E8000
heap
page read and write
5094000
heap
page read and write
AE2000
unkown
page execute and read and write
FE5000
heap
page read and write
5720000
direct allocation
page execute and read and write
54C0000
direct allocation
page execute and read and write
A0D000
heap
page read and write
FE4000
heap
page read and write
6255000
heap
page read and write
423F000
stack
page read and write
354E000
stack
page read and write
13F0000
heap
page read and write
3F4F000
stack
page read and write
8CD000
heap
page read and write
19F0000
direct allocation
page read and write
444F000
stack
page read and write
F1E000
unkown
page execute and read and write
F9E000
stack
page read and write
6CFAE000
unkown
page read and write
408F000
stack
page read and write
A80000
unkown
page read and write
FE4000
heap
page read and write
52C1000
direct allocation
page read and write
1DD4B000
heap
page read and write
1DD53000
heap
page read and write
4D0F000
stack
page read and write
FE4000
heap
page read and write
468E000
stack
page read and write
6CFAF000
unkown
page write copy
55B000
stack
page read and write
1A6F000
heap
page read and write
4E4B000
stack
page read and write
840000
heap
page read and write
31B0000
direct allocation
page read and write
185E000
stack
page read and write
F30000
direct allocation
page read and write
53C0000
direct allocation
page execute and read and write
526E000
stack
page read and write
2B4E000
stack
page read and write
4841000
heap
page read and write
DF8000
unkown
page execute and read and write
1DD55000
heap
page read and write
4E70000
direct allocation
page read and write
65FE000
heap
page read and write
484E000
stack
page read and write
54A0000
direct allocation
page execute and read and write
1DD70000
heap
page read and write
23E19000
heap
page read and write
5500000
direct allocation
page execute and read and write
3037000
heap
page read and write
4E10000
direct allocation
page execute and read and write
A69000
unkown
page write copy
1DD3B000
heap
page read and write
4E70000
direct allocation
page read and write
4FCE000
stack
page read and write
FE4000
heap
page read and write
54A0000
direct allocation
page execute and read and write
FE4000
heap
page read and write
2C4F000
stack
page read and write
4CA0000
direct allocation
page execute and read and write
4A8F000
stack
page read and write
F30000
direct allocation
page read and write
354F000
stack
page read and write
D8C000
unkown
page execute and write copy
343F000
stack
page read and write
A80000
unkown
page read and write
F30000
direct allocation
page read and write
4E81000
heap
page read and write
4E81000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
1A20000
heap
page read and write
D7C000
unkown
page execute and read and write
6600000
heap
page read and write
240D0000
heap
page read and write
2CFF000
stack
page read and write
328F000
stack
page read and write
FE4000
heap
page read and write
6256000
heap
page read and write
50CF000
stack
page read and write
41FF000
stack
page read and write
FE4000
heap
page read and write
55F6000
direct allocation
page read and write
437E000
stack
page read and write
4DD0000
heap
page read and write
4DD1000
heap
page read and write
FE4000
heap
page read and write
24070000
heap
page read and write
48BE000
stack
page read and write
126D000
unkown
page execute and read and write
1DD48000
heap
page read and write
344E000
stack
page read and write
FE4000
heap
page read and write
34BF000
stack
page read and write
69AE000
stack
page read and write
390F000
stack
page read and write
454F000
stack
page read and write
FE4000
heap
page read and write
1B15000
heap
page read and write
23E11000
heap
page read and write
FE4000
heap
page read and write
F1E000
unkown
page execute and read and write
4C7E000
stack
page read and write
FE4000
heap
page read and write
AE9000
unkown
page write copy
3D3F000
stack
page read and write
4D30000
direct allocation
page execute and read and write
E9E000
unkown
page execute and read and write
1DD4D000
heap
page read and write
1106000
heap
page read and write
FE4000
heap
page read and write
2402E000
stack
page read and write
FE4000
heap
page read and write
368E000
stack
page read and write
1DB7C000
stack
page read and write
13E0000
heap
page read and write
31B0000
direct allocation
page read and write
6BBE000
stack
page read and write
1102000
heap
page read and write
1DD4A000
heap
page read and write
D49000
unkown
page execute and read and write
1DE40000
trusted library allocation
page read and write
9F0000
direct allocation
page read and write
37CE000
stack
page read and write
408E000
stack
page read and write
F20000
unkown
page execute and write copy
4E20000
direct allocation
page execute and read and write
31B0000
direct allocation
page read and write
1DD54000
heap
page read and write
1DD5D000
heap
page read and write
2BFF000
stack
page read and write
1DD33000
heap
page read and write
A01000
unkown
page execute and write copy
1DD3B000
heap
page read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
4B20000
direct allocation
page read and write
448D000
stack
page read and write
4E81000
heap
page read and write
308E000
stack
page read and write
1DD70000
heap
page read and write
42CE000
stack
page read and write
FE4000
heap
page read and write
1D8FF000
stack
page read and write
FE4000
heap
page read and write
61E00000
direct allocation
page execute and read and write
FE4000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
FE4000
heap
page read and write
3CFF000
stack
page read and write
23E82000
heap
page read and write
4C90000
direct allocation
page execute and read and write
5750000
direct allocation
page execute and read and write
FE4000
heap
page read and write
FE4000
heap
page read and write
4DBE000
stack
page read and write
FE4000
heap
page read and write
4D40000
direct allocation
page execute and read and write
1320000
heap
page read and write
68AE000
stack
page read and write
FE4000
heap
page read and write
1132000
heap
page read and write
4E70000
direct allocation
page read and write
2AC1C000
stack
page read and write
BF4000
unkown
page execute and read and write
43BE000
stack
page read and write
4B3E000
stack
page read and write
300F000
stack
page read and write
4790000
trusted library allocation
page read and write
5141000
heap
page read and write
440F000
stack
page read and write
4E50000
heap
page read and write
3CC000
stack
page read and write
AE9000
unkown
page write copy
1060000
heap
page read and write
4E10000
direct allocation
page execute and read and write
3ABE000
stack
page read and write
FE4000
heap
page read and write
D8B000
unkown
page execute and read and write
FE4000
heap
page read and write
1DD70000
heap
page read and write
413E000
stack
page read and write
4C3F000
stack
page read and write
AE2000
unkown
page execute and read and write
3C4F000
stack
page read and write
1DD39000
heap
page read and write
53F0000
direct allocation
page execute and read and write
A00000
unkown
page readonly
10C4000
unkown
page execute and write copy
4E00000
direct allocation
page execute and read and write
635F000
stack
page read and write
1102000
heap
page read and write
74C9000
heap
page read and write
437F000
stack
page read and write
1085000
unkown
page execute and read and write
161E000
stack
page read and write
A80000
unkown
page read and write
10BF000
heap
page read and write
1DD60000
heap
page read and write
1DD61000
heap
page read and write
9F0000
direct allocation
page read and write
65F0000
heap
page read and write
2A0C000
stack
page read and write
C74000
unkown
page execute and read and write
FE4000
heap
page read and write
There are 1063 hidden memdumps, click here to show them.