IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsJDAFIEHIEG.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BAEHIEBGHDAFIEBGIEHJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\CAAEBKEG
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\DBFBFBGDBKJJKFIEHJDBAFIECG
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\GCGCBAEC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\IDHJEBGIEBFIJKEBFBFH
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\ProgramData\JDHCBAEHJJJKKFIDGHJE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\KEGIDHJKKJDGCBGCGIJKKECAAE
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\07488784-b7fb-4104-8a3a-344a16366af5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1be492b5-d28b-4fe1-9140-6985443b2163.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3ac5a80e-e7d4-420d-855f-9b2b781e5825.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\55ba6956-25d2-4779-a6be-077f57373537.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\98adef91-d97c-4f67-8373-1876dcb5b805.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\f9b9f7dc-fc2e-4d43-8a6d-9759e585f757.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673FBE2B-1E1C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1e1d8c99-4693-42c5-8ffa-6371374a8214.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\56f85567-a4f5-4841-b80c-8c553d1a91c3.tmp
Unicode text, UTF-8 text, with very long lines (17601), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5f987a8f-1383-4187-b311-e4f44522e6b4.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7083be55-1ca7-421a-a05a-900442168aeb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8266a9f4-5278-4275-a9d8-b1bb40fe3e17.tmp
Unicode text, UTF-8 text, with very long lines (17436), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8cb0b911-6fa9-412d-97d4-578cb22b36f1.tmp
Unicode text, UTF-8 text, with very long lines (17601), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1d1ba661-35e3-4fb6-b197-91e7a2b5c572.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5f2a9821-0862-47ae-8336-bc75537bca9b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7b9b32f4-4ed3-43de-94d8-359b6d2e465f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c0e0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3d5fe.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a9349895-3bf6-4f67-a941-b2b7a5d948ee.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dbbd97c7-1c18-4a40-8256-21f5c4d5fed1.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40607.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF445c0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4baff.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3f7de.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF43f28.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376704301927163
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\10edaaa5-2665-476c-9c7f-8b6fd3c7c6fd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2df4dfdf-ea8f-4be1-bc30-f4785db61041.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3d60e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d9c7878f-8da6-4a74-80d6-2b7121bbcfe3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a06d0f63-9fb6-4d7e-b582-b46920b9b924.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bac1f521-58d0-400c-b334-a6c223905a5e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d6477043-ce8a-4082-bb85-c36ddf8dc7dd.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a857.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3aa2b.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3d0fd.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41171.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4bae0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF516ea.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ba44c1f2-9be9-416a-aeb5-4b66475d4ca1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ca5ea011-d79d-4bf5-a55d-9103c4a1e975.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e71353af-8486-474e-bc33-dfa356a6ca40.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\1189237d-c1fa-446b-949a-4ab4df67d943.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\33a381dc-0137-4253-b1ef-367c8646818c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\3a467e09-7be5-49fe-8a22-6e099a34697d.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
dropped
C:\Users\user\AppData\Local\Temp\cfd4084c-a183-4215-9222-ccebf50c956b.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cff88a93-c52a-408e-9e24-85d849c8477d.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\db76b82e-d3b8-4828-9edb-f6d6f7519ac0.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\f1903620-1058-4d04-b92c-3aa13a55142a.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\33a381dc-0137-4253-b1ef-367c8646818c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_128371501\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_215138373\1189237d-c1fa-446b-949a-4ab4df67d943.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_215138373\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_215138373\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_215138373\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7708_215138373\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 22:11:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 22:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 22:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 22:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 22:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 470
ASCII text, with very long lines (3907)
downloaded
Chrome Cache Entry: 471
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 472
ASCII text
downloaded
Chrome Cache Entry: 473
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 474
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 475
SVG Scalable Vector Graphics image
downloaded
There are 278 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=2180,i,2346990794852362482,14346715251733473473,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2152,i,10331360522470495270,3768999544705103513,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2348,i,8810042862309211089,17614865435975973735,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6572 --field-trial-handle=2348,i,8810042862309211089,17614865435975973735,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6796 --field-trial-handle=2348,i,8810042862309211089,17614865435975973735,262144 /prefetch:8
malicious
C:\Users\user\DocumentsJDAFIEHIEG.exe
"C:\Users\user\DocumentsJDAFIEHIEG.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7400 --field-trial-handle=2348,i,8810042862309211089,17614865435975973735,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAFIEHIEG.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732230714886&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.168
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
http://185.215.113.16/mine/random.exe24U
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732230722126&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.168
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
http://185.215.113.43/Zu7JuNko/index.phpncoded
unknown
https://sb.scorecardresearch.com/
unknown
http://185.215.113.43/Zu7JuNko/index.php38c2817dba29a4b5b25dcf0
unknown
https://docs.google.com/
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll6
unknown
https://www.youtube.com
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732230722120&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.168
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/c4becf79229cb002.phpation
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dlla;
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://sb.scorecardresearch.com/b2?rn=1732230714889&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=306F509DFB216A50056745A3FA536B36&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.219.113
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
172.217.21.36
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732230722657&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.168
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://c.msn.com/c.gif?rnd=1732230714888&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=53c96a7ddf164fe5bea8add971aea1bc&activityId=53c96a7ddf164fe5bea8add971aea1bc&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=2D251323873B4956AEDB92FD764EF17E&MUID=306F509DFB216A50056745A3FA536B36
20.110.205.119
185.215.113.206/c4becf79229cb002.php
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732230721121&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.168
https://drive-daily-2.corp.google.com/
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllP;
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://185.215.113.16/mine/random.exeQ4
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://drive-daily-5.corp.google.com/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
http://185.215.113.206$e
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://www.msn.com/web-notification-icon-light.png
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://185.215.113.43/Zu7JuNko/index.phpW
unknown
https://m.kugou.com/
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
142.250.181.65
http://185.215.113.206/c4becf79229cb002.phpf
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
http://185.215.113.16/mine/random.exe
185.215.113.16
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
http://185.215.113.43/Zu7JuNko/index.phpK
unknown
https://tidal.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpr
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
142.250.181.110
play.google.com
172.217.19.238
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.106
www.google.com
172.217.21.36
googlehosted.l.googleusercontent.com
142.250.181.65
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 4 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.5
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.40
unknown
United States
18.165.220.106
sb.scorecardresearch.com
United States
23.57.90.111
unknown
United States
152.195.19.97
unknown
United States
192.168.2.8
unknown
unknown
23.49.251.42
unknown
United States
142.250.181.110
plus.l.google.com
United States
162.159.61.3
unknown
United States
23.219.82.72
unknown
United States
172.217.21.36
www.google.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
142.250.181.65
googlehosted.l.googleusercontent.com
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
18.173.219.113
unknown
United States
4.153.57.10
unknown
United States
239.255.255.250
unknown
Reserved
20.75.60.91
unknown
United States
52.168.117.168
unknown
United States
127.0.0.1
unknown
unknown
There are 15 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197744
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197744
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197744
WindowTabManagerFileMappingId
There are 93 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
A61000
unkown
page execute and read and write
 malicious
151000
unkown
page execute and read and write
 malicious
EF1000
unkown
page execute and read and write
 malicious
EF1000
unkown
page execute and read and write
 malicious
5410000
direct allocation
page read and write
 malicious
48E0000
direct allocation
page read and write
 malicious
5150000
direct allocation
page read and write
 malicious
49A0000
direct allocation
page read and write
 malicious
161E000
heap
page read and write
 malicious
4F8E000
stack
page read and write
13A4000
heap
page read and write
4AB0000
direct allocation
page execute and read and write
1574000
heap
page read and write
4521000
heap
page read and write
42DF000
stack
page read and write
379F000
stack
page read and write
4A60000
direct allocation
page execute and read and write
1DBE0000
heap
page read and write
EEC000
stack
page read and write
1DBAB000
heap
page read and write
1574000
heap
page read and write
9DE000
stack
page read and write
6E4000
heap
page read and write
EAE000
stack
page read and write
6C5A1000
unkown
page execute read
624000
heap
page read and write
4521000
heap
page read and write
11B4000
unkown
page execute and read and write
1DBC5000
heap
page read and write
39DF000
stack
page read and write
4F71000
heap
page read and write
52C0000
direct allocation
page execute and read and write
4A60000
direct allocation
page execute and read and write
34DF000
stack
page read and write
EA7000
heap
page read and write
117C000
stack
page read and write
13A4000
heap
page read and write
351E000
stack
page read and write
16C6000
heap
page read and write
6C77F000
unkown
page write copy
1DBB7000
heap
page read and write
1574000
heap
page read and write
624000
heap
page read and write
457E000
stack
page read and write
3E1E000
stack
page read and write
13A4000
heap
page read and write
5400000
direct allocation
page read and write
4521000
heap
page read and write
68FF000
stack
page read and write
6C77E000
unkown
page read and write
1571000
heap
page read and write
32BE000
stack
page read and write
13A4000
heap
page read and write
4521000
heap
page read and write
624000
heap
page read and write
B2C000
unkown
page execute and read and write
138A000
unkown
page execute and write copy
1DBDD000
heap
page read and write
1DBD5000
heap
page read and write
4A70000
direct allocation
page execute and read and write
33BF000
stack
page read and write
3B7E000
stack
page read and write
14FE000
stack
page read and write
13A4000
heap
page read and write
5590000
direct allocation
page execute and read and write
1574000
heap
page read and write
55A0000
direct allocation
page execute and read and write
1DB92000
heap
page read and write
7A0000
direct allocation
page read and write
1DBBD000
heap
page read and write
4F71000
heap
page read and write
455F000
stack
page read and write
11E0000
unkown
page execute and read and write
407E000
stack
page read and write
3DDF000
stack
page read and write
2F5E000
stack
page read and write
13A4000
heap
page read and write
2C5E000
stack
page read and write
1D39F000
stack
page read and write
14FB000
stack
page read and write
1DBC5000
heap
page read and write
13A4000
heap
page read and write
1DBBF000
heap
page read and write
52D0000
direct allocation
page execute and read and write
1574000
heap
page read and write
1B2000
unkown
page execute and read and write
7B0000
heap
page read and write
1574000
heap
page read and write
52E0000
direct allocation
page execute and read and write
4521000
heap
page read and write
23D60000
trusted library allocation
page read and write
624000
heap
page read and write
6E4000
heap
page read and write
1DBC5000
heap
page read and write
13A4000
heap
page read and write
4B9F000
stack
page read and write
4521000
heap
page read and write
4521000
heap
page read and write
4F71000
heap
page read and write
7C0000
heap
page read and write
4A9E000
stack
page read and write
1D4DF000
stack
page read and write
4F71000
heap
page read and write
4F5F000
stack
page read and write
924E000
heap
page read and write
3DBF000
stack
page read and write
5310000
direct allocation
page execute and read and write
151F000
heap
page read and write
2ABA1000
heap
page read and write
4521000
heap
page read and write
538E000
stack
page read and write
1DBE0000
heap
page read and write
13A4000
heap
page read and write
1DBC5000
heap
page read and write
377F000
stack
page read and write
4B50000
direct allocation
page execute and read and write
4FD4000
heap
page read and write
4D1E000
stack
page read and write
6C592000
unkown
page readonly
6D0000
heap
page read and write
11F6000
unkown
page execute and read and write
4F71000
heap
page read and write
77E000
stack
page read and write
4521000
heap
page read and write
33DE000
stack
page read and write
4A60000
direct allocation
page execute and read and write
2A9F000
stack
page read and write
15C3000
heap
page read and write
4F71000
heap
page read and write
5560000
direct allocation
page execute and read and write
1574000
heap
page read and write
61E01000
direct allocation
page execute read
15C2000
heap
page read and write
CAA000
unkown
page read and write
13A4000
heap
page read and write
7EF000
heap
page read and write
4ADF000
stack
page read and write
4B70000
direct allocation
page execute and read and write
13A4000
heap
page read and write
459D000
stack
page read and write
4F71000
heap
page read and write
4F71000
heap
page read and write
23DC1000
heap
page read and write
456000
unkown
page execute and write copy
13A4000
heap
page read and write
9231000
heap
page read and write
13A4000
heap
page read and write
23EA0000
trusted library allocation
page read and write
1DBC5000
heap
page read and write
13A4000
heap
page read and write
624000
heap
page read and write
4521000
heap
page read and write
2EEE000
stack
page read and write
4521000
heap
page read and write
4521000
heap
page read and write
F52000
unkown
page execute and read and write
4F71000
heap
page read and write
8F9C000
stack
page read and write
325F000
stack
page read and write
1574000
heap
page read and write
7A80000
heap
page read and write
4F71000
heap
page read and write
1D51E000
stack
page read and write
4B20000
direct allocation
page execute and read and write
61ED4000
direct allocation
page readonly
F49000
unkown
page execute and write copy
313F000
stack
page read and write
3CDE000
stack
page read and write
EF0000
unkown
page read and write
922C000
stack
page read and write
41DE000
stack
page read and write
61ECD000
direct allocation
page readonly
4AE0000
direct allocation
page execute and read and write
14C0000
direct allocation
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
1569000
heap
page read and write
150000
unkown
page read and write
23F3D000
heap
page read and write
6C780000
unkown
page read and write
13A4000
heap
page read and write
369E000
stack
page read and write
5EA000
unkown
page execute and write copy
912B000
stack
page read and write
3250000
heap
page read and write
4521000
heap
page read and write
6E0000
heap
page read and write
13A4000
heap
page read and write
4A60000
direct allocation
page execute and read and write
7C0000
direct allocation
page read and write
4521000
heap
page read and write
4F71000
heap
page read and write
61ED0000
direct allocation
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
1DBAB000
heap
page read and write
495E000
stack
page read and write
1DBDD000
heap
page read and write
7E0000
heap
page read and write
1DBE0000
heap
page read and write
4B30000
direct allocation
page execute and read and write
5446000
direct allocation
page read and write
4BC0000
direct allocation
page execute and read and write
23D60000
heap
page read and write
6E4000
heap
page read and write
4521000
heap
page read and write
620000
heap
page read and write
4521000
heap
page read and write
1D8ED000
stack
page read and write
1230000
heap
page read and write
1DBC5000
heap
page read and write
23DFB000
heap
page read and write
4F71000
heap
page read and write
4B40000
direct allocation
page execute and read and write
CAA000
unkown
page write copy
1DBC5000
heap
page read and write
7C0000
direct allocation
page read and write
1DB9F000
heap
page read and write
A61000
unkown
page execute and write copy
1DBC5000
heap
page read and write
1D75F000
stack
page read and write
4521000
heap
page read and write
4F71000
heap
page read and write
624000
heap
page read and write
1DBBB000
heap
page read and write
6AE000
stack
page read and write
F59000
unkown
page write copy
61EB4000
direct allocation
page read and write
6E4000
heap
page read and write
13A4000
heap
page read and write
1DBBA000
heap
page read and write
15A3000
heap
page read and write
7A0000
direct allocation
page read and write
2D9E000
stack
page read and write
33B000
unkown
page execute and read and write
15A1000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
52A0000
direct allocation
page execute and read and write
7A0000
direct allocation
page read and write
1DCB0000
trusted library allocation
page read and write
6A60000
heap
page read and write
3C5F000
stack
page read and write
4B20000
direct allocation
page execute and read and write
13A4000
heap
page read and write
2DDF000
stack
page read and write
13A4000
heap
page read and write
1BB000
unkown
page execute and read and write
66BE000
stack
page read and write
83F000
heap
page read and write
4F70000
heap
page read and write
335F000
stack
page read and write
5400000
direct allocation
page read and write
4521000
heap
page read and write
4E1F000
stack
page read and write
13A4000
heap
page read and write
3F1E000
stack
page read and write
47FE000
stack
page read and write
13A4000
heap
page read and write
67BF000
stack
page read and write
331E000
stack
page read and write
325B000
heap
page read and write
3CBE000
stack
page read and write
1DBC0000
heap
page read and write
14DA000
heap
page read and write
469F000
stack
page read and write
15BB000
heap
page read and write
361F000
stack
page read and write
13A4000
heap
page read and write
52D0000
direct allocation
page execute and read and write
1DBA1000
heap
page read and write
48E0000
direct allocation
page read and write
4521000
heap
page read and write
13A4000
heap
page read and write
4F71000
heap
page read and write
6E4000
heap
page read and write
7C0000
direct allocation
page read and write
1DBAB000
heap
page read and write
38FE000
stack
page read and write
13A4000
heap
page read and write
624000
heap
page read and write
4CD0000
heap
page read and write
4F60000
direct allocation
page read and write
4521000
heap
page read and write
49A0000
direct allocation
page read and write
156D000
heap
page read and write
14C0000
direct allocation
page read and write
554F000
stack
page read and write
624000
heap
page read and write
345E000
stack
page read and write
4B20000
direct allocation
page execute and read and write
11E8000
unkown
page execute and read and write
1595000
heap
page read and write
11E0000
unkown
page execute and read and write
405E000
stack
page read and write
624000
heap
page read and write
13A4000
heap
page read and write
7A0000
direct allocation
page read and write
6A3F000
stack
page read and write
1DB8D000
stack
page read and write
4521000
heap
page read and write
4521000
heap
page read and write
4521000
heap
page read and write
1DBAB000
heap
page read and write
1DBB7000
heap
page read and write
6C500000
unkown
page readonly
3EDF000
stack
page read and write
6E4000
heap
page read and write
1DBC5000
heap
page read and write
7A0000
direct allocation
page read and write
1DA8E000
stack
page read and write
15C2000
heap
page read and write
13A5000
heap
page read and write
491F000
stack
page read and write
4521000
heap
page read and write
440000
unkown
page execute and read and write
73E000
stack
page read and write
4F71000
heap
page read and write
1D7AD000
stack
page read and write
7C0000
direct allocation
page read and write
EAD000
heap
page read and write
624000
heap
page read and write
1DCB4000
heap
page read and write
1574000
heap
page read and write
4E5E000
stack
page read and write
4F60000
direct allocation
page read and write
624000
heap
page read and write
13A4000
heap
page read and write
1553000
heap
page read and write
F3A000
unkown
page execute and read and write
B15000
unkown
page execute and read and write
138A000
unkown
page execute and write copy
1574000
heap
page read and write
13A4000
heap
page read and write
14AE000
stack
page read and write
4521000
heap
page read and write
158D000
heap
page read and write
1B9000
unkown
page write copy
4AD0000
direct allocation
page execute and read and write
3A9E000
stack
page read and write
16BF000
heap
page read and write
4521000
heap
page read and write
4521000
heap
page read and write
4F71000
heap
page read and write
CAC000
unkown
page execute and read and write
317E000
stack
page read and write
2F1F000
stack
page read and write
624000
heap
page read and write
38DE000
stack
page read and write
F5B000
unkown
page execute and read and write
41BE000
stack
page read and write
1574000
heap
page read and write
152F000
heap
page read and write
151000
unkown
page execute and write copy
EF0000
unkown
page readonly
325E000
heap
page read and write
14B0000
heap
page read and write
13A4000
heap
page read and write
57D000
stack
page read and write
6E4000
heap
page read and write
1DBC2000
heap
page read and write
409F000
stack
page read and write
4F60000
direct allocation
page read and write
624000
heap
page read and write
4F71000
heap
page read and write
50FE000
stack
page read and write
4F84000
heap
page read and write
1574000
heap
page read and write
405F000
stack
page read and write
4B00000
direct allocation
page execute and read and write
15C3000
heap
page read and write
11E0000
heap
page read and write
4F71000
heap
page read and write
1DBD2000
heap
page read and write
76E000
stack
page read and write
4B20000
direct allocation
page execute and read and write
4521000
heap
page read and write
1DBBA000
heap
page read and write
23F44000
heap
page read and write
16B5000
heap
page read and write
1574000
heap
page read and write
7A0000
direct allocation
page read and write
48FF000
stack
page read and write
7C0000
direct allocation
page read and write
4521000
heap
page read and write
457000
unkown
page execute and write copy
10E1000
unkown
page execute and read and write
1DBD2000
heap
page read and write
152D000
heap
page read and write
42FE000
stack
page read and write
1D9ED000
stack
page read and write
4F71000
heap
page read and write
52D0000
direct allocation
page execute and read and write
417F000
stack
page read and write
161A000
heap
page read and write
165D000
heap
page read and write
52D0000
direct allocation
page execute and read and write
49A0000
direct allocation
page read and write
14C0000
direct allocation
page read and write
6E4000
heap
page read and write
3E1F000
stack
page read and write
4D0E000
stack
page read and write
156D000
heap
page read and write
1570000
heap
page read and write
3240000
heap
page read and write
4F4F000
stack
page read and write
520000
heap
page read and write
1610000
heap
page read and write
4F71000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
8E9B000
stack
page read and write
37DF000
stack
page read and write
534D000
stack
page read and write
2E9F000
stack
page read and write
624000
heap
page read and write
F0A000
unkown
page execute and read and write
37BE000
stack
page read and write
4F71000
heap
page read and write
15A3000
heap
page read and write
13A4000
heap
page read and write
7A0000
direct allocation
page read and write
4521000
heap
page read and write
13A4000
heap
page read and write
4A60000
direct allocation
page execute and read and write
311F000
stack
page read and write
303F000
stack
page read and write
4960000
heap
page read and write
5340000
direct allocation
page execute and read and write
32DF000
stack
page read and write
16AE000
heap
page read and write
51B1000
direct allocation
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
13A5000
heap
page read and write
5100000
trusted library allocation
page read and write
4521000
heap
page read and write
47BF000
stack
page read and write
6C5A0000
unkown
page readonly
159E000
heap
page read and write
4521000
heap
page read and write
4521000
heap
page read and write
47C000
stack
page read and write
4F71000
heap
page read and write
3A1F000
stack
page read and write
156D000
heap
page read and write
4A50000
direct allocation
page execute and read and write
4F71000
heap
page read and write
624000
heap
page read and write
624000
heap
page read and write
381E000
stack
page read and write
23DA0000
heap
page read and write
FCA000
stack
page read and write
2EAF000
stack
page read and write
13A4000
heap
page read and write
4521000
heap
page read and write
1DB96000
heap
page read and write
624000
heap
page read and write
4B00000
direct allocation
page execute and read and write
6C501000
unkown
page execute read
23F35000
heap
page read and write
15A3000
heap
page read and write
339F000
stack
page read and write
7C0000
direct allocation
page read and write
11F6000
unkown
page execute and write copy
1574000
heap
page read and write
4B60000
direct allocation
page execute and read and write
2AB9C000
stack
page read and write
15C2000
heap
page read and write
1B9000
unkown
page write copy
53B0000
trusted library allocation
page read and write
391F000
stack
page read and write
13A4000
heap
page read and write
18DE000
stack
page read and write
4E0F000
stack
page read and write
1DBC5000
heap
page read and write
3D1E000
stack
page read and write
61EB7000
direct allocation
page readonly
13A4000
heap
page read and write
11F6000
unkown
page execute and write copy
299F000
stack
page read and write
1DBC1000
heap
page read and write
4A40000
direct allocation
page execute and read and write
1DBE0000
heap
page read and write
624000
heap
page read and write
13A4000
heap
page read and write
15A4000
heap
page read and write
1DBD2000
heap
page read and write
4AF0000
direct allocation
page execute and read and write
14F3000
stack
page read and write
1DBAB000
heap
page read and write
52D0000
direct allocation
page execute and read and write
55B0000
direct allocation
page execute and read and write
429F000
stack
page read and write
4521000
heap
page read and write
13A4000
heap
page read and write
624000
heap
page read and write
624000
heap
page read and write
13A4000
heap
page read and write
4F71000
heap
page read and write
1DB90000
heap
page read and write
31DE000
stack
page read and write
453F000
stack
page read and write
13A4000
heap
page read and write
4F60000
direct allocation
page read and write
431F000
stack
page read and write
11F0000
heap
page read and write
F59000
unkown
page write copy
2F2E000
stack
page read and write
1D61E000
stack
page read and write
3B9F000
stack
page read and write
81E000
heap
page read and write
31BB000
stack
page read and write
4521000
heap
page read and write
4F60000
direct allocation
page read and write
4B2C000
stack
page read and write
EF0000
unkown
page readonly
4AF0000
direct allocation
page execute and read and write
66E000
stack
page read and write
7C0000
direct allocation
page read and write
5300000
direct allocation
page execute and read and write
9230000
heap
page read and write
6C785000
unkown
page readonly
4F71000
heap
page read and write
5360000
direct allocation
page execute and read and write
435E000
stack
page read and write
14D0000
heap
page read and write
4BDE000
stack
page read and write
4521000
heap
page read and write
4BBE000
stack
page read and write
13A4000
heap
page read and write
419F000
stack
page read and write
ADF000
stack
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
359E000
stack
page read and write
23C20000
heap
page read and write
1574000
heap
page read and write
160E000
stack
page read and write
4F71000
heap
page read and write
4521000
heap
page read and write
1DBBB000
heap
page read and write
4521000
heap
page read and write
7A0000
direct allocation
page read and write
13A4000
heap
page read and write
1DBC5000
heap
page read and write
13A4000
heap
page read and write
4521000
heap
page read and write
3B5F000
stack
page read and write
1574000
heap
page read and write
A60000
unkown
page readonly
14C0000
direct allocation
page read and write
9BE000
stack
page read and write
6E4000
heap
page read and write
5150000
direct allocation
page read and write
624000
heap
page read and write
4F71000
heap
page read and write
5E8000
unkown
page execute and read and write
7990000
heap
page read and write
4A1F000
stack
page read and write
1574000
heap
page read and write
2ABA1000
heap
page read and write
315E000
stack
page read and write
4521000
heap
page read and write
624000
heap
page read and write
834000
heap
page read and write
1574000
heap
page read and write
41DF000
stack
page read and write
441F000
stack
page read and write
4461000
heap
page read and write
7A0000
direct allocation
page read and write
624000
heap
page read and write
1DBE0000
heap
page read and write
1DBD2000
heap
page read and write
4CC1000
heap
page read and write
7BE000
stack
page read and write
34FF000
stack
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
4521000
heap
page read and write
11E8000
unkown
page execute and read and write
4CC0000
heap
page read and write
1DBE0000
heap
page read and write
154B000
heap
page read and write
3EFF000
stack
page read and write
365E000
stack
page read and write
137E000
stack
page read and write
1D29E000
stack
page read and write
15BE000
heap
page read and write
4CC1000
heap
page read and write
4FD000
stack
page read and write
8E5E000
stack
page read and write
1DBAD000
heap
page read and write
80A000
heap
page read and write
13A4000
heap
page read and write
4CC1000
heap
page read and write
13A4000
heap
page read and write
5330000
direct allocation
page execute and read and write
3DDE000
stack
page read and write
305F000
stack
page read and write
4521000
heap
page read and write
4F71000
heap
page read and write
11B4000
unkown
page execute and read and write
13A4000
heap
page read and write
42DE000
stack
page read and write
4A60000
direct allocation
page execute and read and write
1574000
heap
page read and write
421E000
stack
page read and write
4F60000
direct allocation
page read and write
7C0000
direct allocation
page read and write
13A4000
heap
page read and write
14C0000
direct allocation
page read and write
2B1E000
stack
page read and write
4521000
heap
page read and write
624000
heap
page read and write
353E000
stack
page read and write
13A4000
heap
page read and write
23EE0000
heap
page read and write
1DBD2000
heap
page read and write
1574000
heap
page read and write
15A4000
heap
page read and write
13A4000
heap
page read and write
1388000
unkown
page execute and read and write
13A4000
heap
page read and write
624000
heap
page read and write
1DBE0000
heap
page read and write
6C58E000
unkown
page read and write
14C0000
direct allocation
page read and write
2ADF000
stack
page read and write
ECB000
stack
page read and write
341F000
stack
page read and write
36DE000
stack
page read and write
1DBD2000
heap
page read and write
4F71000
heap
page read and write
3D9F000
stack
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
4521000
heap
page read and write
13A4000
heap
page read and write
15BA000
heap
page read and write
389F000
stack
page read and write
624000
heap
page read and write
1663000
heap
page read and write
3A5E000
stack
page read and write
610000
heap
page read and write
4F71000
heap
page read and write
5320000
direct allocation
page execute and read and write
1DBC2000
heap
page read and write
355F000
stack
page read and write
4CCB000
stack
page read and write
67FE000
stack
page read and write
4521000
heap
page read and write
1574000
heap
page read and write
155D000
stack
page read and write
A60000
unkown
page read and write
5E0000
heap
page read and write
13A4000
heap
page read and write
1DBC5000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
2F3E000
heap
page read and write
1595000
heap
page read and write
23F4C000
heap
page read and write
11F7000
unkown
page execute and write copy
1693000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
1591000
heap
page read and write
40DE000
stack
page read and write
4521000
heap
page read and write
4CBF000
stack
page read and write
1DBA9000
heap
page read and write
7CB000
heap
page read and write
4521000
heap
page read and write
4521000
heap
page read and write
4F71000
heap
page read and write
1574000
heap
page read and write
1DBBB000
heap
page read and write
448000
unkown
page execute and read and write
13A4000
heap
page read and write
13A5000
heap
page read and write
4941000
direct allocation
page read and write
548C000
stack
page read and write
BC7000
unkown
page execute and read and write
EF0000
unkown
page read and write
624000
heap
page read and write
6E4000
heap
page read and write
2D5F000
stack
page read and write
367E000
stack
page read and write
369F000
stack
page read and write
770000
heap
page read and write
524E000
stack
page read and write
1DBE0000
heap
page read and write
3F5E000
stack
page read and write
15A3000
heap
page read and write
4521000
heap
page read and write
624000
heap
page read and write
1DBC5000
heap
page read and write
409E000
stack
page read and write
13A4000
heap
page read and write
3B3F000
stack
page read and write
23E0C000
heap
page read and write
13A4000
heap
page read and write
154F000
heap
page read and write
13A4000
heap
page read and write
3CDF000
stack
page read and write
13A4000
heap
page read and write
1550000
heap
page read and write
3F3E000
stack
page read and write
624000
heap
page read and write
2EDE000
stack
page read and write
1571000
heap
page read and write
13A4000
heap
page read and write
1574000
heap
page read and write
299F000
stack
page read and write
13A4000
heap
page read and write
13A5000
heap
page read and write
4B90000
direct allocation
page execute and read and write
4960000
trusted library allocation
page read and write
7A0000
direct allocation
page read and write
1574000
heap
page read and write
A97000
unkown
page execute and read and write
1310000
heap
page read and write
329E000
stack
page read and write
23E60000
trusted library allocation
page read and write
1574000
heap
page read and write
13A0000
heap
page read and write
4521000
heap
page read and write
319F000
stack
page read and write
1574000
heap
page read and write
15C2000
heap
page read and write
624000
heap
page read and write
EA0000
heap
page read and write
EEE000
stack
page read and write
838000
heap
page read and write
13A4000
heap
page read and write
61E00000
direct allocation
page execute and read and write
693E000
stack
page read and write
4521000
heap
page read and write
624000
heap
page read and write
1DBD1000
heap
page read and write
14C0000
direct allocation
page read and write
150000
unkown
page readonly
1DBBD000
heap
page read and write
3A1E000
stack
page read and write
4F71000
heap
page read and write
13A4000
heap
page read and write
E32000
unkown
page execute and read and write
1574000
heap
page read and write
13A5000
heap
page read and write
13A4000
heap
page read and write
4521000
heap
page read and write
2B9F000
stack
page read and write
F4A000
unkown
page execute and write copy
13A4000
heap
page read and write
13A4000
heap
page read and write
4F71000
heap
page read and write
4F71000
heap
page read and write
441E000
stack
page read and write
13A5000
heap
page read and write
1574000
heap
page read and write
23E26000
heap
page read and write
1DBE0000
heap
page read and write
1DBBE000
heap
page read and write
544C000
stack
page read and write
8D5D000
stack
page read and write
42BF000
stack
page read and write
1DBBD000
heap
page read and write
3C7F000
stack
page read and write
4CC1000
heap
page read and write
2AA9B000
stack
page read and write
39FE000
stack
page read and write
491E000
stack
page read and write
13A4000
heap
page read and write
43DF000
stack
page read and write
4461000
heap
page read and write
14C0000
direct allocation
page read and write
E8E000
stack
page read and write
14C0000
direct allocation
page read and write
13A4000
heap
page read and write
C98000
unkown
page execute and read and write
624000
heap
page read and write
55C0000
direct allocation
page execute and read and write
46BE000
stack
page read and write
13A4000
heap
page read and write
624000
heap
page read and write
13A4000
heap
page read and write
508F000
stack
page read and write
1DBC5000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
4F71000
heap
page read and write
13A4000
heap
page read and write
4F60000
direct allocation
page read and write
624000
heap
page read and write
445F000
stack
page read and write
5400000
direct allocation
page read and write
1DBD1000
heap
page read and write
13A4000
heap
page read and write
15BA000
heap
page read and write
1DBBB000
heap
page read and write
4F60000
direct allocation
page read and write
152F000
heap
page read and write
4BB0000
direct allocation
page execute and read and write
6E4000
heap
page read and write
317F000
stack
page read and write
4A01000
direct allocation
page read and write
4460000
heap
page read and write
624000
heap
page read and write
4F71000
heap
page read and write
13A4000
heap
page read and write
6675000
heap
page read and write
52B0000
direct allocation
page execute and read and write
1BC000
stack
page read and write
15A3000
heap
page read and write
ABE000
stack
page read and write
23E60000
trusted library allocation
page read and write
13A4000
heap
page read and write
600000
heap
page read and write
13A4000
heap
page read and write
1DBE0000
heap
page read and write
72E000
stack
page read and write
624000
heap
page read and write
1571000
heap
page read and write
379E000
stack
page read and write
2E1E000
stack
page read and write
23D80000
heap
page read and write
47DF000
stack
page read and write
3BDE000
stack
page read and write
443E000
stack
page read and write
7C0000
direct allocation
page read and write
4521000
heap
page read and write
13A4000
heap
page read and write
1DBD2000
heap
page read and write
1574000
heap
page read and write
14C0000
direct allocation
page read and write
13A4000
heap
page read and write
7EA000
heap
page read and write
4F71000
heap
page read and write
F59000
unkown
page write copy
6C57D000
unkown
page readonly
13A4000
heap
page read and write
1DBC5000
heap
page read and write
2CDE000
stack
page read and write
1D3DE000
stack
page read and write
1DBB7000
heap
page read and write
1DBC5000
heap
page read and write
2F30000
heap
page read and write
289F000
stack
page read and write
7EE000
heap
page read and write
4538000
heap
page read and write
13A4000
heap
page read and write
1DBE0000
heap
page read and write
F5B000
unkown
page execute and read and write
43FE000
stack
page read and write
37DE000
stack
page read and write
624000
heap
page read and write
4B20000
direct allocation
page execute and read and write
4A5F000
stack
page read and write
4F60000
direct allocation
page read and write
13A4000
heap
page read and write
4521000
heap
page read and write
4B10000
direct allocation
page execute and read and write
13A4000
heap
page read and write
1DBE0000
heap
page read and write
1DBBB000
heap
page read and write
5590000
direct allocation
page execute and read and write
4F60000
direct allocation
page read and write
1574000
heap
page read and write
4521000
heap
page read and write
493E000
stack
page read and write
5350000
direct allocation
page execute and read and write
51FF000
stack
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
624000
heap
page read and write
3C9E000
stack
page read and write
5370000
direct allocation
page execute and read and write
F59000
unkown
page write copy
72F0000
heap
page read and write
6E4000
heap
page read and write
15A4000
heap
page read and write
4F60000
direct allocation
page read and write
2F37000
heap
page read and write
4F71000
heap
page read and write
4A90000
direct allocation
page execute and read and write
4F71000
heap
page read and write
3B5D000
stack
page read and write
15BE000
stack
page read and write
3E5E000
stack
page read and write
1DBBD000
heap
page read and write
4521000
heap
page read and write
301E000
stack
page read and write
38DF000
stack
page read and write
403F000
stack
page read and write
445E000
stack
page read and write
415F000
stack
page read and write
AE4000
unkown
page execute and read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
3F5F000
stack
page read and write
6AF0000
trusted library allocation
page read and write
38BF000
stack
page read and write
395E000
stack
page read and write
13A4000
heap
page read and write
4F71000
heap
page read and write
4F71000
heap
page read and write
52F0000
direct allocation
page execute and read and write
13A4000
heap
page read and write
1DBB9000
heap
page read and write
1571000
heap
page read and write
4521000
heap
page read and write
309E000
stack
page read and write
14C0000
direct allocation
page read and write
13A4000
heap
page read and write
7C0000
direct allocation
page read and write
13A4000
heap
page read and write
4F71000
heap
page read and write
4F71000
heap
page read and write
624000
heap
page read and write
61ECC000
direct allocation
page read and write
1574000
heap
page read and write
7A0000
direct allocation
page read and write
13A4000
heap
page read and write
4521000
heap
page read and write
52D0000
direct allocation
page execute and read and write
7A0000
direct allocation
page read and write
4F71000
heap
page read and write
5150000
direct allocation
page read and write
61ED3000
direct allocation
page read and write
13A4000
heap
page read and write
1DBC5000
heap
page read and write
1574000
heap
page read and write
46DE000
stack
page read and write
1574000
heap
page read and write
365F000
stack
page read and write
4521000
heap
page read and write
23DE1000
heap
page read and write
345F000
stack
page read and write
391E000
stack
page read and write
4F71000
heap
page read and write
327F000
stack
page read and write
798E000
heap
page read and write
808000
heap
page read and write
4521000
heap
page read and write
11F7000
unkown
page execute and write copy
13A4000
heap
page read and write
7980000
heap
page read and write
156D000
heap
page read and write
4B80000
direct allocation
page execute and read and write
624000
heap
page read and write
10DB000
unkown
page execute and read and write
3DFE000
stack
page read and write
1388000
unkown
page execute and read and write
4521000
heap
page read and write
13A4000
heap
page read and write
518E000
stack
page read and write
3B9E000
stack
page read and write
1574000
heap
page read and write
777000
heap
page read and write
23F43000
heap
page read and write
13A4000
heap
page read and write
363F000
stack
page read and write
4F90000
heap
page read and write
13A4000
heap
page read and write
2C9F000
stack
page read and write
624000
heap
page read and write
4521000
heap
page read and write
528F000
stack
page read and write
54D4000
heap
page read and write
4521000
heap
page read and write
3F1F000
stack
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
1DBBB000
heap
page read and write
4521000
heap
page read and write
1D65E000
stack
page read and write
481E000
stack
page read and write
4F71000
heap
page read and write
29DE000
stack
page read and write
4F71000
heap
page read and write
7C0000
direct allocation
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
2FDF000
stack
page read and write
4F60000
direct allocation
page read and write
13A4000
heap
page read and write
4A30000
direct allocation
page execute and read and write
624000
heap
page read and write
4521000
heap
page read and write
4521000
heap
page read and write
7981000
heap
page read and write
1574000
heap
page read and write
1D8AC000
stack
page read and write
451F000
stack
page read and write
13A4000
heap
page read and write
7C0000
direct allocation
page read and write
1DBC5000
heap
page read and write
4521000
heap
page read and write
14DE000
heap
page read and write
13A4000
heap
page read and write
2DAE000
stack
page read and write
4F80000
heap
page read and write
467F000
stack
page read and write
1DBA9000
heap
page read and write
624000
heap
page read and write
7C0000
direct allocation
page read and write
6E4000
heap
page read and write
13A4000
heap
page read and write
1DBE0000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
4F71000
heap
page read and write
15BA000
heap
page read and write
5560000
heap
page read and write
6676000
heap
page read and write
7990000
heap
page read and write
1DBA1000
heap
page read and write
1DBC5000
heap
page read and write
4B7F000
stack
page read and write
4F71000
heap
page read and write
13A4000
heap
page read and write
23CC8000
heap
page read and write
375F000
stack
page read and write
4A7E000
stack
page read and write
1DBAB000
heap
page read and write
14C0000
direct allocation
page read and write
48A0000
trusted library allocation
page read and write
4A3F000
stack
page read and write
11F6000
unkown
page execute and read and write
1DBBF000
heap
page read and write
4F71000
heap
page read and write
4521000
heap
page read and write
31FE000
stack
page read and write
624000
heap
page read and write
13A4000
heap
page read and write
1DBC8000
heap
page read and write
4CDF000
stack
page read and write
4E4E000
stack
page read and write
323E000
stack
page read and write
6C73F000
unkown
page readonly
624000
heap
page read and write
1DBDA000
heap
page read and write
F49000
unkown
page execute and read and write
23D60000
trusted library allocation
page read and write
49DB000
stack
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
401F000
stack
page read and write
16CC000
heap
page read and write
15BA000
heap
page read and write
431E000
stack
page read and write
1574000
heap
page read and write
4A80000
direct allocation
page execute and read and write
4AC0000
direct allocation
page execute and read and write
1DBD3000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
4520000
heap
page read and write
4F71000
heap
page read and write
3A3E000
stack
page read and write
1548000
heap
page read and write
355F000
stack
page read and write
16BA000
heap
page read and write
F52000
unkown
page execute and read and write
3A5F000
stack
page read and write
4F60000
direct allocation
page read and write
13A4000
heap
page read and write
5580000
direct allocation
page execute and read and write
33FE000
stack
page read and write
13A4000
heap
page read and write
6E4000
heap
page read and write
4521000
heap
page read and write
7A0000
direct allocation
page read and write
2C1F000
stack
page read and write
14C0000
direct allocation
page read and write
624000
heap
page read and write
1574000
heap
page read and write
1DBC3000
heap
page read and write
4540000
heap
page read and write
1DBAB000
heap
page read and write
4521000
heap
page read and write
4B20000
direct allocation
page execute and read and write
4F71000
heap
page read and write
F33000
unkown
page execute and read and write
4530000
heap
page read and write
14F8000
stack
page read and write
1574000
heap
page read and write
4BA0000
direct allocation
page execute and read and write
13A4000
heap
page read and write
1DBD3000
heap
page read and write
3257000
heap
page read and write
7A0000
direct allocation
page read and write
3C9F000
stack
page read and write
624000
heap
page read and write
1574000
heap
page read and write
624000
heap
page read and write
4461000
heap
page read and write
4521000
heap
page read and write
14C0000
direct allocation
page read and write
151B000
heap
page read and write
456000
unkown
page execute and read and write
13A4000
heap
page read and write
3F9E000
stack
page read and write
4F71000
heap
page read and write
3B1F000
stack
page read and write
4F60000
direct allocation
page read and write
1678000
heap
page read and write
EF1000
unkown
page execute and write copy
4F71000
heap
page read and write
13A4000
heap
page read and write
414000
unkown
page execute and read and write
48E0000
direct allocation
page read and write
7C0000
direct allocation
page read and write
6E4000
heap
page read and write
EF1000
unkown
page execute and write copy
4521000
heap
page read and write
10DB000
unkown
page execute and read and write
289F000
stack
page read and write
1574000
heap
page read and write
1DBD5000
heap
page read and write
1DBD6000
heap
page read and write
1DBD1000
heap
page read and write
5570000
direct allocation
page execute and read and write
419E000
stack
page read and write
4521000
heap
page read and write
1574000
heap
page read and write
13A4000
heap
page read and write
54D0000
heap
page read and write
23E01000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
13A4000
heap
page read and write
624000
heap
page read and write
6670000
heap
page read and write
4AA0000
direct allocation
page execute and read and write
There are 1128 hidden memdumps, click here to show them.