IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsFIJKEHJJDA.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFHDHCAA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\CFHDHIJDGCBAKFIEGHCB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\FCBAEHCAEGDHJKFHJKFI
ASCII text, with very long lines (1765), with CRLF line terminators
dropped
C:\ProgramData\FHIIEHJKKECGCBFIIJDAKFHJKJ
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\HDGIEBGHDAEBGDGCFIID
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\HIJJDGDH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\KFCGDBAKKKFBGDHJKFHJJJJDGC
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\101e37fb-2839-483c-931c-106338c92b87.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2f9fdd8b-2f8e-46d7-866e-64c5f0f0788b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3ad0e123-f412-4d77-b04d-1b070b689648.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\660574d6-4ebb-4c0e-a8a4-5d91b3cb3bdf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7e783f77-7e73-40a0-ab33-cae4b3307985.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673F82D8-1F30.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673F82D9-1DB4.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1e871fa9-973d-4741-98e3-2f4cfbd12065.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2147e313-f5f1-49f7-ac09-ec6691a40783.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\65b835a9-e2b3-42b1-90e3-9cd7cee46977.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7859dcae-8a27-45d0-9ba1-df7243697005.tmp
Unicode text, UTF-8 text, with very long lines (17458), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\82201988-ccc6-4390-a65c-d07b10322ab1.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8a7b02ea-9887-48b1-9a4f-05d499e7864c.tmp
Unicode text, UTF-8 text, with very long lines (17457), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8bd51881-a9ba-4897-b798-6a4f02d92557.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7204e4aa-07f9-4deb-bbf4-7e20bb316545.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3b547.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a927.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2be83.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a26d4013-c7d2-4ddc-a87c-300cd8af0052.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a718b6c2-2ec7-45fa-a1fe-9732c901d6a5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b03e3b94-a4d9-409f-8aab-8265a4142983.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b3f1c9f0-0793-47f1-ab74-59fb678e049c.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b7993f14-73cf-4946-b7e7-b7626d562fe5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2efc5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF32f1f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a45f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2e584.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF324ee.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376689116597138
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2b9d7e71-f750-443f-b1d6-a496321a4ba2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2ed0e50b-3166-4d83-af3b-dd1f525d9768.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4d1444d1-c6cf-4ba2-8a05-0f1280bab65d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2be93.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a0f7d575-6198-4be7-936f-9182a769e5cf.tmp
Unicode text, UTF-8 text, with very long lines (17293), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e395bb91-e3cd-449c-a23e-d0e1471d50f9.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF29197.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF291b7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2936c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ba3e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f802.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a430.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF400f6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c407173f-928a-46c9-8c0b-2cb14b67a550.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d95f59a0-268c-4b1f-88e9-6c7e4516ff6b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e78479a2-e45b-43f3-b55f-9e4416ba0827.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\0ed74196-5e5f-4e82-990e-02802c4f079b.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\2a6b4d7e-67ce-470b-926d-4271256d6280.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\35abecd3-59c8-4aea-8cc5-39e958ca198d.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\66094139-062f-4357-9946-00e432bc30ef.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\c799700a-e8d3-4c85-8c64-c3f55140b87a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\eb1f6708-a912-444b-b1b1-a972b2506ccc.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\f2ee7d45-2268-4508-8f2f-e4e8d6164cd4.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\66094139-062f-4357-9946-00e432bc30ef.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_812405277\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_994922954\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_994922954\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_994922954\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_994922954\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7604_994922954\c799700a-e8d3-4c85-8c64-c3f55140b87a.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 17:58:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 17:58:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 17:58:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 17:58:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 17:58:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 470
ASCII text, with very long lines (781)
downloaded
Chrome Cache Entry: 471
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 472
ASCII text
downloaded
Chrome Cache Entry: 473
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 474
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 475
SVG Scalable Vector Graphics image
downloaded
There are 280 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 --field-trial-handle=2152,i,10364576759027782429,328392540784859071,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2232,i,12845795122803726069,17176105221645412444,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2200,i,14336553411767797266,12049629393296315810,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6900 --field-trial-handle=2200,i,14336553411767797266,12049629393296315810,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6916 --field-trial-handle=2200,i,14336553411767797266,12049629393296315810,262144 /prefetch:8
malicious
C:\Users\user\DocumentsFIJKEHJJDA.exe
"C:\Users\user\DocumentsFIJKEHJJDA.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=3092 --field-trial-handle=2200,i,14336553411767797266,12049629393296315810,262144 /prefetch:8
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsFIJKEHJJDA.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllN
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllP
unknown
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732215535351&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.112.67
https://sb.scorecardresearch.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll4
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://185.215.113.206N
unknown
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.100
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732215528917&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.112.67
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732215536191&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.112.67
http://185.215.113.206/c4becf79229cb002.php$
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732215536345&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.112.67
https://drive-daily-2.corp.google.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
unknown
http://185.215.113.206/c4becf79229cb002.php(
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
unknown
http://185.215.113.206/c4becf79229cb002.php3
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://drive-daily-5.corp.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732215535382&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.112.67
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://c.msn.com/c.gif?rnd=1732215528920&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=8265b0b992de4911b760720b63d8fc7c&activityId=8265b0b992de4911b760720b63d8fc7c&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=33A8BC1BE0FE44F8830930B93569D647&MUID=25D6022CE12A6CAA01731712E02D6DC5
20.110.205.119
https://chromewebstore.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllT
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/c4becf79229cb002.phpP
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://185.215.113.16/mine/random.exeE
unknown
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
142.250.181.97
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://sb.scorecardresearch.com/b?rn=1732215528921&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=25D6022CE12A6CAA01731712E02D6DC5&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.165.220.57
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tidal.com/
unknown
https://ntp.msn.com
unknown
https://browser.events.data.msn.cn/
unknown
https://gaana.com/
unknown
https://drive-staging.corp.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllt
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
172.217.17.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.57
www.google.com
142.250.181.100
s-part-0035.t-0009.t-msedge.net
13.107.246.63
googlehosted.l.googleusercontent.com
142.250.181.97
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 4 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.8
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
20.25.227.174
unknown
United States
13.107.246.40
unknown
United States
23.96.180.189
unknown
United States
104.70.121.146
unknown
United States
192.168.2.16
unknown
unknown
162.159.61.3
unknown
United States
52.168.112.67
unknown
United States
20.110.205.119
unknown
United States
23.55.235.251
unknown
United States
204.79.197.219
unknown
United States
18.173.219.84
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
23.44.133.17
unknown
United States
172.217.17.78
plus.l.google.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
18.165.220.57
sb.scorecardresearch.com
United States
185.215.113.16
unknown
Portugal
104.70.121.138
unknown
United States
142.250.181.100
www.google.com
United States
239.255.255.250
unknown
Reserved
104.70.121.26
unknown
United States
142.250.181.97
googlehosted.l.googleusercontent.com
United States
127.0.0.1
unknown
unknown
There are 17 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197706
WindowTabManagerFileMappingId
There are 94 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
11AE000
heap
page read and write
 malicious
4F80000
direct allocation
page read and write
 malicious
D81000
unkown
page execute and read and write
 malicious
7B1000
unkown
page execute and read and write
 malicious
281000
unkown
page execute and read and write
 malicious
4B20000
direct allocation
page read and write
 malicious
52B0000
direct allocation
page read and write
 malicious
7B1000
unkown
page execute and read and write
 malicious
4F90000
direct allocation
page read and write
 malicious
DF3000
stack
page read and write
49CF000
stack
page read and write
3C0F000
stack
page read and write
441F000
stack
page read and write
23911000
heap
page read and write
455F000
stack
page read and write
1510000
direct allocation
page read and write
1134000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
4E21000
heap
page read and write
922000
unkown
page execute and write copy
7D4000
heap
page read and write
7D4000
heap
page read and write
1134000
heap
page read and write
7D4000
heap
page read and write
860000
heap
page read and write
50E0000
direct allocation
page execute and read and write
7D4000
heap
page read and write
2F0E000
stack
page read and write
7D4000
heap
page read and write
348F000
stack
page read and write
961000
heap
page read and write
1D72B000
heap
page read and write
5470000
direct allocation
page execute and read and write
7D4000
heap
page read and write
3BFF000
stack
page read and write
766000
unkown
page execute and read and write
7D4000
heap
page read and write
2DD0000
direct allocation
page read and write
7D4000
heap
page read and write
1134000
heap
page read and write
1D735000
heap
page read and write
455E000
stack
page read and write
61E00000
direct allocation
page execute and read and write
3ECE000
stack
page read and write
4B11000
heap
page read and write
683F000
stack
page read and write
13A0000
heap
page read and write
379F000
stack
page read and write
6CC9F000
unkown
page readonly
7D4000
heap
page read and write
2EDF000
stack
page read and write
1D735000
heap
page read and write
4B11000
heap
page read and write
51A0000
direct allocation
page execute and read and write
1134000
heap
page read and write
11A0000
heap
page read and write
329F000
stack
page read and write
6CCE0000
unkown
page read and write
11D4000
heap
page read and write
2E7E000
stack
page read and write
1D72D000
heap
page read and write
DE2000
unkown
page execute and read and write
13C4000
heap
page read and write
1D72B000
heap
page read and write
52B0000
direct allocation
page read and write
7D4000
heap
page read and write
400E000
stack
page read and write
6CAEE000
unkown
page read and write
7D4000
heap
page read and write
61E01000
direct allocation
page execute read
AC2000
unkown
page execute and write copy
3FFE000
stack
page read and write
AAB000
unkown
page execute and read and write
23AAC000
heap
page read and write
1D727000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
819000
unkown
page write copy
122B000
heap
page read and write
1D55D000
stack
page read and write
2DD0000
direct allocation
page read and write
4FCB000
stack
page read and write
7D4000
heap
page read and write
979000
heap
page read and write
2DD0000
direct allocation
page read and write
5120000
direct allocation
page execute and read and write
1134000
heap
page read and write
61ED4000
direct allocation
page readonly
921000
unkown
page execute and read and write
4A5F000
stack
page read and write
4E20000
heap
page read and write
2DD0000
direct allocation
page read and write
23AB8000
heap
page read and write
DE9000
unkown
page write copy
4B11000
heap
page read and write
409E000
stack
page read and write
1D72D000
heap
page read and write
1190000
heap
page read and write
7D4000
heap
page read and write
1D735000
heap
page read and write
4CDF000
stack
page read and write
7D5000
heap
page read and write
4A9E000
stack
page read and write
1D735000
heap
page read and write
1D72A000
heap
page read and write
315F000
stack
page read and write
5311000
direct allocation
page read and write
5440000
direct allocation
page execute and read and write
319E000
stack
page read and write
7D4000
heap
page read and write
6CCDE000
unkown
page read and write
7D4000
heap
page read and write
812000
unkown
page execute and read and write
960000
heap
page read and write
932000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
5140000
direct allocation
page execute and read and write
2F1E000
stack
page read and write
2A5EB000
stack
page read and write
5110000
direct allocation
page execute and read and write
71B0000
heap
page read and write
1D700000
heap
page read and write
5430000
direct allocation
page execute and read and write
7D4000
heap
page read and write
1D745000
heap
page read and write
4C90000
direct allocation
page execute and read and write
30BF000
stack
page read and write
238D0000
heap
page read and write
1134000
heap
page read and write
7D4000
heap
page read and write
1510000
direct allocation
page read and write
71B8000
heap
page read and write
374E000
stack
page read and write
9A2000
unkown
page execute and read and write
153A000
heap
page read and write
4C90000
direct allocation
page execute and read and write
11D4000
heap
page read and write
34C000
unkown
page execute and read and write
5100000
direct allocation
page execute and read and write
1D735000
heap
page read and write
46A1000
heap
page read and write
7D4000
heap
page read and write
2F17000
heap
page read and write
46DE000
stack
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
1134000
heap
page read and write
870000
direct allocation
page read and write
46A1000
heap
page read and write
50BF000
stack
page read and write
61ED0000
direct allocation
page read and write
431E000
stack
page read and write
7D5000
heap
page read and write
7D4000
heap
page read and write
CFC000
stack
page read and write
34BE000
stack
page read and write
281000
unkown
page execute and write copy
2BD0000
direct allocation
page read and write
3C9F000
stack
page read and write
1D750000
heap
page read and write
870000
direct allocation
page read and write
7D4000
heap
page read and write
DEB000
unkown
page execute and read and write
43CE000
stack
page read and write
1510000
direct allocation
page read and write
7D4000
heap
page read and write
7B1000
unkown
page execute and write copy
4C90000
direct allocation
page execute and read and write
B5E000
stack
page read and write
11D4000
heap
page read and write
2A1E000
stack
page read and write
5430000
direct allocation
page execute and read and write
7D4000
heap
page read and write
1D742000
heap
page read and write
2BD0000
direct allocation
page read and write
870000
direct allocation
page read and write
52B0000
direct allocation
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
8BF0000
heap
page read and write
93D000
heap
page read and write
4D10000
direct allocation
page execute and read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
35CF000
stack
page read and write
424F000
stack
page read and write
6CA61000
unkown
page execute read
76E000
unkown
page execute and read and write
4B11000
heap
page read and write
911000
heap
page read and write
8DE000
heap
page read and write
7D4000
heap
page read and write
A7F000
unkown
page execute and read and write
1D729000
heap
page read and write
1D70F000
heap
page read and write
413E000
stack
page read and write
7D4000
heap
page read and write
23AB2000
heap
page read and write
4D00000
direct allocation
page execute and read and write
2BD0000
direct allocation
page read and write
3C4E000
stack
page read and write
1510000
direct allocation
page read and write
819000
unkown
page write copy
1D711000
heap
page read and write
4B11000
heap
page read and write
909000
heap
page read and write
2DD0000
direct allocation
page read and write
90C000
heap
page read and write
1134000
heap
page read and write
13C4000
heap
page read and write
33DF000
stack
page read and write
11D4000
heap
page read and write
7D4000
heap
page read and write
2F0F000
stack
page read and write
423E000
stack
page read and write
437F000
stack
page read and write
4B17000
heap
page read and write
D80000
unkown
page read and write
7D4000
heap
page read and write
35FE000
stack
page read and write
7D4000
heap
page read and write
5480000
direct allocation
page execute and read and write
410F000
stack
page read and write
2BD0000
direct allocation
page read and write
6CA60000
unkown
page readonly
4CC0000
direct allocation
page execute and read and write
1D735000
heap
page read and write
474F000
stack
page read and write
2E3F000
stack
page read and write
4BDE000
stack
page read and write
1040000
heap
page read and write
1D750000
heap
page read and write
1D72D000
heap
page read and write
1134000
heap
page read and write
1D72B000
heap
page read and write
77D000
unkown
page execute and read and write
870000
direct allocation
page read and write
961000
heap
page read and write
81B000
unkown
page execute and read and write
7D4000
heap
page read and write
1134000
heap
page read and write
956000
heap
page read and write
1134000
heap
page read and write
11D4000
heap
page read and write
4AE0000
trusted library allocation
page read and write
1060000
heap
page read and write
7D5000
heap
page read and write
4D20000
direct allocation
page execute and read and write
3E7000
unkown
page execute and read and write
1134000
heap
page read and write
1134000
heap
page read and write
1D743000
heap
page read and write
488F000
stack
page read and write
7D4000
heap
page read and write
5410000
direct allocation
page execute and read and write
3FBF000
stack
page read and write
7D4000
heap
page read and write
648E000
heap
page read and write
387E000
stack
page read and write
13C0000
heap
page read and write
7D4000
heap
page read and write
94E000
heap
page read and write
40FF000
stack
page read and write
2BD0000
direct allocation
page read and write
870000
direct allocation
page read and write
6015000
heap
page read and write
153E000
heap
page read and write
870000
direct allocation
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
D81000
unkown
page execute and write copy
6CAF2000
unkown
page readonly
4B11000
heap
page read and write
3A5E000
stack
page read and write
4B11000
heap
page read and write
43BE000
stack
page read and write
7D4000
heap
page read and write
3F5E000
stack
page read and write
5100000
direct allocation
page execute and read and write
5420000
direct allocation
page execute and read and write
487F000
stack
page read and write
7B0000
unkown
page readonly
473F000
stack
page read and write
1D742000
heap
page read and write
1D72A000
heap
page read and write
477E000
stack
page read and write
7D4000
heap
page read and write
8F0000
heap
page read and write
4F80000
direct allocation
page read and write
2DD0000
direct allocation
page read and write
1134000
heap
page read and write
961000
heap
page read and write
383F000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
94F000
heap
page read and write
4F50000
trusted library allocation
page read and write
338E000
stack
page read and write
2DF0000
direct allocation
page read and write
94E000
heap
page read and write
F72000
unkown
page execute and read and write
4FBE000
stack
page read and write
54C0000
direct allocation
page execute and read and write
4E1F000
stack
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
1D5FE000
stack
page read and write
7B0000
unkown
page read and write
1092000
unkown
page execute and write copy
1134000
heap
page read and write
3D3F000
stack
page read and write
1510000
direct allocation
page read and write
1D730000
heap
page read and write
7D4000
heap
page read and write
5490000
direct allocation
page execute and read and write
7D5000
heap
page read and write
54A0000
direct allocation
page execute and read and write
3CB000
stack
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
819000
unkown
page write copy
DF8000
stack
page read and write
1D04F000
stack
page read and write
7D4000
heap
page read and write
118E000
stack
page read and write
33DF000
stack
page read and write
61ED3000
direct allocation
page read and write
3F1F000
stack
page read and write
7D4000
heap
page read and write
1510000
direct allocation
page read and write
239D0000
trusted library allocation
page read and write
481E000
stack
page read and write
92E000
heap
page read and write
1510000
direct allocation
page read and write
1134000
heap
page read and write
97C000
heap
page read and write
1D750000
heap
page read and write
4C90000
direct allocation
page execute and read and write
4D30000
direct allocation
page execute and read and write
1D711000
heap
page read and write
238F0000
heap
page read and write
6CB00000
unkown
page readonly
5100000
direct allocation
page execute and read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
1280000
heap
page read and write
95E000
heap
page read and write
1092000
unkown
page execute and read and write
1134000
heap
page read and write
1D72B000
heap
page read and write
94E000
heap
page read and write
45FF000
stack
page read and write
11D4000
heap
page read and write
5260000
trusted library allocation
page read and write
146E000
stack
page read and write
44FE000
stack
page read and write
4CD0000
direct allocation
page execute and read and write
3A5E000
stack
page read and write
301F000
stack
page read and write
4B11000
heap
page read and write
2C9E000
stack
page read and write
13C4000
heap
page read and write
280000
unkown
page readonly
1D718000
heap
page read and write
2BD0000
direct allocation
page read and write
1D735000
heap
page read and write
2DD0000
direct allocation
page read and write
870000
direct allocation
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
92E000
heap
page read and write
3D8E000
stack
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
1D71B000
heap
page read and write
94E000
heap
page read and write
8BF1000
heap
page read and write
23973000
heap
page read and write
3B5F000
stack
page read and write
4B11000
heap
page read and write
105B000
heap
page read and write
AC2000
unkown
page execute and read and write
2DD0000
direct allocation
page read and write
351F000
stack
page read and write
4FC6000
direct allocation
page read and write
52EE000
stack
page read and write
365F000
stack
page read and write
2FBE000
stack
page read and write
65FB000
stack
page read and write
1520000
heap
page read and write
4B01000
heap
page read and write
49FE000
stack
page read and write
1134000
heap
page read and write
7B0000
unkown
page readonly
11D4000
heap
page read and write
4B01000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
1390000
heap
page read and write
7D4000
heap
page read and write
46A1000
heap
page read and write
AC2000
unkown
page execute and write copy
D77000
heap
page read and write
5F5E000
stack
page read and write
7D4000
heap
page read and write
48BE000
stack
page read and write
1D741000
heap
page read and write
1D820000
trusted library allocation
page read and write
369E000
stack
page read and write
13C4000
heap
page read and write
7B0000
unkown
page read and write
2DCE000
stack
page read and write
7D5000
heap
page read and write
DFD000
stack
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
1D71B000
heap
page read and write
1D741000
heap
page read and write
1510000
direct allocation
page read and write
11D4000
heap
page read and write
7D4000
heap
page read and write
1D741000
heap
page read and write
1D750000
heap
page read and write
7D4000
heap
page read and write
3AFE000
stack
page read and write
7D4000
heap
page read and write
5430000
direct allocation
page execute and read and write
932000
heap
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
1160000
heap
page read and write
1D31D000
stack
page read and write
133D000
stack
page read and write
1134000
heap
page read and write
53EF000
stack
page read and write
4FE1000
direct allocation
page read and write
97C000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
23AAA000
heap
page read and write
469F000
stack
page read and write
4B11000
heap
page read and write
13C4000
heap
page read and write
419F000
stack
page read and write
8C0000
heap
page read and write
11ED000
heap
page read and write
7D4000
heap
page read and write
14EE000
stack
page read and write
2BC0000
heap
page read and write
172F000
stack
page read and write
1130000
heap
page read and write
431E000
stack
page read and write
932000
heap
page read and write
66FC000
stack
page read and write
5150000
direct allocation
page execute and read and write
1D735000
heap
page read and write
8E0000
heap
page read and write
2BD0000
direct allocation
page read and write
11AA000
heap
page read and write
11D4000
heap
page read and write
4B8000
unkown
page execute and read and write
6580000
heap
page read and write
23AB4000
heap
page read and write
1134000
heap
page read and write
77D000
unkown
page execute and write copy
3F5E000
stack
page read and write
459E000
stack
page read and write
329F000
stack
page read and write
2A630000
heap
page read and write
2B5E000
stack
page read and write
1D750000
heap
page read and write
1134000
heap
page read and write
37DE000
stack
page read and write
1D18F000
stack
page read and write
1D735000
heap
page read and write
1D72F000
heap
page read and write
4E44000
heap
page read and write
3B0E000
stack
page read and write
5100000
direct allocation
page execute and read and write
1D750000
heap
page read and write
3E1E000
stack
page read and write
23836000
heap
page read and write
3A1F000
stack
page read and write
3D7E000
stack
page read and write
D7E000
heap
page read and write
123C000
stack
page read and write
445E000
stack
page read and write
1D742000
heap
page read and write
4D1E000
stack
page read and write
1D72F000
heap
page read and write
4C5F000
stack
page read and write
2F7F000
stack
page read and write
1D746000
heap
page read and write
438F000
stack
page read and write
1134000
heap
page read and write
23953000
heap
page read and write
4B11000
heap
page read and write
398F000
stack
page read and write
5160000
direct allocation
page execute and read and write
977000
heap
page read and write
13C4000
heap
page read and write
2B1F000
stack
page read and write
7D4000
heap
page read and write
37DE000
stack
page read and write
238D0000
trusted library allocation
page read and write
3B9E000
stack
page read and write
459E000
stack
page read and write
1510000
direct allocation
page read and write
11D4000
heap
page read and write
4B11000
heap
page read and write
11D4000
heap
page read and write
239C8000
heap
page read and write
13C4000
heap
page read and write
4F40000
trusted library allocation
page read and write
AAB000
unkown
page execute and read and write
1D750000
heap
page read and write
2DF0000
direct allocation
page read and write
4B11000
heap
page read and write
812000
unkown
page execute and read and write
85E000
stack
page read and write
1D74D000
heap
page read and write
238D0000
trusted library allocation
page read and write
1D735000
heap
page read and write
3CDE000
stack
page read and write
4B11000
heap
page read and write
120A000
heap
page read and write
2E0B000
heap
page read and write
5100000
direct allocation
page execute and read and write
95E000
heap
page read and write
7D4000
heap
page read and write
365F000
stack
page read and write
280000
unkown
page read and write
2BAE000
stack
page read and write
3D4F000
stack
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
360E000
stack
page read and write
1D742000
heap
page read and write
8EE000
heap
page read and write
4B11000
heap
page read and write
1134000
heap
page read and write
CFC000
stack
page read and write
1083000
unkown
page execute and read and write
3B5F000
stack
page read and write
7D4000
heap
page read and write
2BD0000
direct allocation
page read and write
7D4000
heap
page read and write
AC3000
unkown
page execute and write copy
4B11000
heap
page read and write
AC3000
unkown
page execute and write copy
4B11000
heap
page read and write
7D4000
heap
page read and write
320F000
stack
page read and write
11D4000
heap
page read and write
469F000
stack
page read and write
4C90000
direct allocation
page execute and read and write
5130000
direct allocation
page execute and read and write
8C01000
heap
page read and write
4B11000
heap
page read and write
4CA000
unkown
page write copy
93D000
heap
page read and write
4B11000
heap
page read and write
104F000
unkown
page execute and read and write
1134000
heap
page read and write
3F1F000
stack
page read and write
409E000
stack
page read and write
4CF0000
direct allocation
page execute and read and write
46A2000
heap
page read and write
1D82D000
heap
page read and write
333F000
stack
page read and write
92E000
heap
page read and write
4B11000
heap
page read and write
2398D000
heap
page read and write
460F000
stack
page read and write
1134000
heap
page read and write
7D4000
heap
page read and write
370F000
stack
page read and write
7D4000
heap
page read and write
1D742000
heap
page read and write
97B000
heap
page read and write
1D732000
heap
page read and write
870000
direct allocation
page read and write
1D727000
heap
page read and write
32DE000
stack
page read and write
1134000
heap
page read and write
2BD0000
direct allocation
page read and write
5110000
direct allocation
page execute and read and write
1D735000
heap
page read and write
319E000
stack
page read and write
38DF000
stack
page read and write
324E000
stack
page read and write
1CF4E000
stack
page read and write
7D4000
heap
page read and write
DFE000
stack
page read and write
7D4000
heap
page read and write
1D74D000
heap
page read and write
7D4000
heap
page read and write
97C000
heap
page read and write
7D4000
heap
page read and write
730000
heap
page read and write
2D8E000
stack
page read and write
4B81000
direct allocation
page read and write
4B11000
heap
page read and write
384F000
stack
page read and write
4B11000
heap
page read and write
AB3000
unkown
page execute and read and write
397F000
stack
page read and write
1D735000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
2DDE000
stack
page read and write
310F000
stack
page read and write
13B0000
heap
page read and write
405F000
stack
page read and write
77E000
unkown
page execute and write copy
1D727000
heap
page read and write
495E000
stack
page read and write
2BD0000
direct allocation
page read and write
1D719000
heap
page read and write
3E1E000
stack
page read and write
7D4000
heap
page read and write
463E000
stack
page read and write
7D4000
heap
page read and write
1D731000
heap
page read and write
1070000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
5F9E000
stack
page read and write
4B0F000
stack
page read and write
2DD0000
direct allocation
page read and write
73B000
unkown
page execute and read and write
977000
heap
page read and write
4C60000
direct allocation
page execute and read and write
1134000
heap
page read and write
5100000
direct allocation
page execute and read and write
1D750000
heap
page read and write
1D74A000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
1D6FE000
stack
page read and write
4B9F000
stack
page read and write
13AF000
stack
page read and write
5170000
direct allocation
page execute and read and write
7D4000
heap
page read and write
176E000
stack
page read and write
870000
direct allocation
page read and write
631F000
stack
page read and write
388E000
stack
page read and write
A7F000
unkown
page execute and read and write
239D0000
trusted library allocation
page read and write
428E000
stack
page read and write
13C4000
heap
page read and write
4F80000
direct allocation
page read and write
4B11000
heap
page read and write
50E0000
heap
page read and write
6016000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
9A2000
unkown
page execute and read and write
2DF0000
direct allocation
page read and write
5130000
direct allocation
page execute and read and write
1134000
heap
page read and write
50E0000
direct allocation
page execute and read and write
7D4000
heap
page read and write
42DF000
stack
page read and write
2BD0000
direct allocation
page read and write
1134000
heap
page read and write
4B5E000
stack
page read and write
2D4B000
stack
page read and write
7D4000
heap
page read and write
4E21000
heap
page read and write
11D4000
heap
page read and write
4CA000
unkown
page read and write
369E000
stack
page read and write
1D1DE000
stack
page read and write
1134000
heap
page read and write
955000
heap
page read and write
1D08E000
stack
page read and write
1510000
direct allocation
page read and write
112D000
stack
page read and write
4B11000
heap
page read and write
92E000
heap
page read and write
7D4000
heap
page read and write
1D71B000
heap
page read and write
6CCE5000
unkown
page readonly
54B0000
direct allocation
page execute and read and write
1D750000
heap
page read and write
41DE000
stack
page read and write
4AFF000
stack
page read and write
92E000
heap
page read and write
46A0000
heap
page read and write
914000
heap
page read and write
23969000
heap
page read and write
4E40000
heap
page read and write
870000
direct allocation
page read and write
D5F000
stack
page read and write
1093000
unkown
page execute and write copy
4B11000
heap
page read and write
13C4000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
478E000
stack
page read and write
1510000
direct allocation
page read and write
7D4000
heap
page read and write
1CE0E000
stack
page read and write
7D4000
heap
page read and write
1D735000
heap
page read and write
4B20000
heap
page read and write
7D4000
heap
page read and write
48CE000
stack
page read and write
1134000
heap
page read and write
673E000
stack
page read and write
5400000
direct allocation
page execute and read and write
8EF000
heap
page read and write
39CE000
stack
page read and write
870000
direct allocation
page read and write
97C000
heap
page read and write
13C4000
heap
page read and write
95E000
heap
page read and write
1D72B000
heap
page read and write
23A10000
trusted library allocation
page read and write
337E000
stack
page read and write
315F000
stack
page read and write
4B11000
heap
page read and write
1D745000
heap
page read and write
7B1000
unkown
page execute and write copy
1D735000
heap
page read and write
5190000
direct allocation
page execute and read and write
4B00000
heap
page read and write
3FCF000
stack
page read and write
6490000
heap
page read and write
38DF000
stack
page read and write
740000
heap
page read and write
4B11000
heap
page read and write
1231000
unkown
page execute and read and write
2C5F000
stack
page read and write
419F000
stack
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
6CCDF000
unkown
page write copy
1134000
heap
page read and write
50F0000
direct allocation
page execute and read and write
1134000
heap
page read and write
305E000
stack
page read and write
107B000
unkown
page execute and read and write
4A0E000
stack
page read and write
1134000
heap
page read and write
7D4000
heap
page read and write
61EB4000
direct allocation
page read and write
2E00000
heap
page read and write
7D4000
heap
page read and write
341E000
stack
page read and write
1134000
heap
page read and write
4B11000
heap
page read and write
1D743000
heap
page read and write
1D45D000
stack
page read and write
7D4000
heap
page read and write
334F000
stack
page read and write
4C80000
direct allocation
page execute and read and write
5FDE000
stack
page read and write
1D41D000
stack
page read and write
4B30000
heap
page read and write
11D4000
heap
page read and write
C61000
unkown
page execute and read and write
5430000
direct allocation
page execute and read and write
441F000
stack
page read and write
391E000
stack
page read and write
7D4000
heap
page read and write
30FE000
stack
page read and write
7D4000
heap
page read and write
1D750000
heap
page read and write
1D2DF000
stack
page read and write
1D733000
heap
page read and write
1134000
heap
page read and write
69B0000
trusted library allocation
page read and write
61ECC000
direct allocation
page read and write
81B000
unkown
page execute and read and write
6FA000
stack
page read and write
3DDF000
stack
page read and write
94E000
heap
page read and write
1510000
direct allocation
page read and write
1D72E000
heap
page read and write
D70000
heap
page read and write
AB3000
unkown
page execute and read and write
341E000
stack
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
1134000
heap
page read and write
5430000
direct allocation
page execute and read and write
6481000
heap
page read and write
4B01000
heap
page read and write
93D000
heap
page read and write
870000
direct allocation
page read and write
3DDF000
stack
page read and write
323E000
stack
page read and write
1D71D000
heap
page read and write
31FF000
stack
page read and write
11F2000
heap
page read and write
5100000
direct allocation
page execute and read and write
36FF000
stack
page read and write
6480000
heap
page read and write
427E000
stack
page read and write
239A0000
heap
page read and write
5120000
direct allocation
page execute and read and write
1D735000
heap
page read and write
7D4000
heap
page read and write
1D706000
heap
page read and write
7D5000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
41DE000
stack
page read and write
C5E000
stack
page read and write
819000
unkown
page write copy
4B11000
heap
page read and write
305E000
stack
page read and write
6490000
heap
page read and write
44CF000
stack
page read and write
870000
direct allocation
page read and write
10DE000
stack
page read and write
7D4000
heap
page read and write
1D750000
heap
page read and write
49BF000
stack
page read and write
1D742000
heap
page read and write
405F000
stack
page read and write
DE9000
unkown
page write copy
1134000
heap
page read and write
2DD0000
direct allocation
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
692B000
stack
page read and write
355E000
stack
page read and write
D60000
direct allocation
page read and write
7D4000
heap
page read and write
42DF000
stack
page read and write
7D4000
heap
page read and write
3A1F000
stack
page read and write
2A73C000
stack
page read and write
32DE000
stack
page read and write
4C70000
direct allocation
page execute and read and write
4B11000
heap
page read and write
2E0E000
heap
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
11D0000
heap
page read and write
1D735000
heap
page read and write
347F000
stack
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
1510000
direct allocation
page read and write
39BE000
stack
page read and write
1D719000
heap
page read and write
4C90000
direct allocation
page execute and read and write
6CADD000
unkown
page readonly
4E21000
heap
page read and write
7D4000
heap
page read and write
1134000
heap
page read and write
445E000
stack
page read and write
7D4000
heap
page read and write
D60000
direct allocation
page read and write
304000
unkown
page execute and read and write
5180000
direct allocation
page execute and read and write
335000
unkown
page execute and read and write
7D4000
heap
page read and write
23933000
heap
page read and write
34CE000
stack
page read and write
7D4000
heap
page read and write
5110000
direct allocation
page execute and read and write
8BEC000
stack
page read and write
2BD0000
direct allocation
page read and write
2BF0000
heap
page read and write
23799000
heap
page read and write
1D735000
heap
page read and write
95E000
heap
page read and write
3ACF000
stack
page read and write
379F000
stack
page read and write
81E000
stack
page read and write
46B0000
heap
page read and write
1CF0F000
stack
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
932000
heap
page read and write
2DD0000
direct allocation
page read and write
3C9F000
stack
page read and write
2E07000
heap
page read and write
1D732000
heap
page read and write
4B10000
heap
page read and write
890000
heap
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
50CF000
stack
page read and write
7AD000
stack
page read and write
1D750000
heap
page read and write
3E7F000
stack
page read and write
5450000
direct allocation
page execute and read and write
1134000
heap
page read and write
4B11000
heap
page read and write
2DD0000
direct allocation
page read and write
414E000
stack
page read and write
4CC000
unkown
page execute and read and write
7D4000
heap
page read and write
46A1000
heap
page read and write
4B11000
heap
page read and write
641F000
stack
page read and write
C61000
unkown
page execute and read and write
7D4000
heap
page read and write
2BF7000
heap
page read and write
450E000
stack
page read and write
7D0000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
6420000
heap
page read and write
11CE000
stack
page read and write
2B7000
unkown
page execute and read and write
D80000
unkown
page readonly
351F000
stack
page read and write
870000
direct allocation
page read and write
95B000
heap
page read and write
65B000
unkown
page execute and read and write
977000
heap
page read and write
61ECD000
direct allocation
page readonly
464E000
stack
page read and write
1134000
heap
page read and write
7D4000
heap
page read and write
300F000
stack
page read and write
7D4000
heap
page read and write
932000
heap
page read and write
2D3E000
stack
page read and write
3ABF000
stack
page read and write
6010000
heap
page read and write
7D4000
heap
page read and write
4B11000
heap
page read and write
1530000
heap
page read and write
7D4000
heap
page read and write
1D71B000
heap
page read and write
1260000
heap
page read and write
1D735000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
2F10000
heap
page read and write
93C000
heap
page read and write
4B11000
heap
page read and write
7D4000
heap
page read and write
13C4000
heap
page read and write
7D4000
heap
page read and write
2DD0000
direct allocation
page read and write
2CFF000
stack
page read and write
50F0000
direct allocation
page execute and read and write
47DF000
stack
page read and write
4B11000
heap
page read and write
977000
heap
page read and write
3B9E000
stack
page read and write
1D738000
heap
page read and write
4B11000
heap
page read and write
2BD0000
direct allocation
page read and write
5460000
direct allocation
page execute and read and write
6CB01000
unkown
page execute read
1D735000
heap
page read and write
1D750000
heap
page read and write
5430000
direct allocation
page execute and read and write
104B000
heap
page read and write
2DD0000
direct allocation
page read and write
1510000
direct allocation
page read and write
910000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
3CDE000
stack
page read and write
3EBE000
stack
page read and write
89E000
heap
page read and write
4B11000
heap
page read and write
956000
heap
page read and write
7D4000
heap
page read and write
7D4000
heap
page read and write
373E000
stack
page read and write
2A740000
heap
page read and write
61EB7000
direct allocation
page readonly
50D0000
direct allocation
page execute and read and write
3E8F000
stack
page read and write
301F000
stack
page read and write
2D9F000
stack
page read and write
44BF000
stack
page read and write
7D4000
heap
page read and write
AC2000
unkown
page execute and read and write
491F000
stack
page read and write
7D5000
heap
page read and write
1D72B000
heap
page read and write
2BD0000
direct allocation
page read and write
7D4000
heap
page read and write
89A000
heap
page read and write
11D4000
heap
page read and write
3C3E000
stack
page read and write
391E000
stack
page read and write
1D72D000
heap
page read and write
7D4000
heap
page read and write
1D71B000
heap
page read and write
1D742000
heap
page read and write
1D71B000
heap
page read and write
1134000
heap
page read and write
35BF000
stack
page read and write
8EE000
heap
page read and write
621F000
stack
page read and write
1134000
heap
page read and write
355E000
stack
page read and write
There are 997 hidden memdumps, click here to show them.