IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsJDAFHCGIJE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AEGHJKJK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\CGCFCFBKFCFCBGDGIEGHJDAFHJ
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\FCAAEHJDBKJJKFHJEBKF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\JJEGCBGI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JJEGCBGIDHCAKEBGIIDB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\KJJJDHDGDAAKECAKJDAEGCBKEH
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\KKKEBKJJDGHCBGCAAKEH
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\28693bb4-0ed3-4d01-91ec-c5b3a3c7b07e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\604c7ba0-1462-4e2c-b6cc-5852ccac1294.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6cc4a2e3-2e12-4eac-bc3c-de6f57d663b1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74222641-858d-4ed3-8c72-ea3257b22b67.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\77e43842-496a-4ddb-8ae5-ebbb7293aa3c.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7e1f2bb5-4691-4ac8-8521-12393b7babc7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\bf41ea66-a520-456c-857e-531fafe195bf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6741719B-1FDC.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\10503a72-a0e6-48f7-bf96-0c95f78b891c.tmp
Unicode text, UTF-8 text, with very long lines (17544), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\370dca46-4895-4c1e-87d4-1605288c47e8.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c8aac55-256e-4169-ba62-c18bd8e216ae.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6161755c-6b9c-4e26-becf-8feba69546e4.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6bee8682-8400-47a6-b95e-706aff2c0cf3.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\71c0d66c-175a-4e81-8378-21615a44ae2f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\73b3df05-73fb-4385-b42b-6904f2394794.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\99d540c7-df4b-485c-8ebf-c0627fb5627c.tmp
Unicode text, UTF-8 text, with very long lines (17545), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9c88a6d6-6656-4575-ac6a-a8da3a5ebb13.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4539299a-e013-4690-82b4-f3d26c4e9849.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6d7ae834-c21f-4ce8-9215-08fbc7cf76c7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\74628cf2-426f-44c9-9415-16f2cf6683fe.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3adb6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c2c4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ab1a9729-29fd-4839-8fea-47c904e045c4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dd770729-a35d-4d2b-8e02-61865874e70d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ed01.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41578.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44ded.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4aa94.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3e9d4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF43351.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376815773984991
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\18e15034-0db1-4a85-b421-dcad99b05aaf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\203be858-fbc5-4609-81ea-99ecd660d154.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4a99e6e3-e95b-4d84-85a3-ac552f7d1dc6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3c2c4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aef8b14e-3f48-4f4f-9dfd-bbacde0db42e.tmp
Unicode text, UTF-8 text, with very long lines (17380), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF397ad.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF397bd.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39991.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c063.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4076e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4aa75.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50a58.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a265ff14-3c46-4da4-9053-4ea2b4bd1fa3.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d7e0a9be-630d-49a8-9fd9-93d67fccedfa.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\1008361001\bca166439f.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\33921545-bb36-4483-94f4-978f8ef8587a.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\4339b3b8-d721-4e37-972f-33aa0b6dc324.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\4a0b35ed-17e4-4949-8616-fa3d05704951.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\4cea1464-95e7-4a14-a729-8667e3e03640.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\b6a09b47-8aae-4b4e-8381-225f2038a228.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\c56b4337-571d-49c4-b546-bba358c1ee0f.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\d13cacc1-76e9-4061-9947-070987742f36.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\4339b3b8-d721-4e37-972f-33aa0b6dc324.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\d13cacc1-76e9-4061-9947-070987742f36.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 568
ASCII text, with very long lines (5404)
downloaded
Chrome Cache Entry: 569
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 570
ASCII text
downloaded
Chrome Cache Entry: 571
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 572
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 573
SVG Scalable Vector Graphics image
downloaded
There are 276 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2196,i,8775659685558455544,10122295161962970873,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2012,i,9669449525995071965,9129735360253068169,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5292 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3404 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
malicious
C:\Users\user\DocumentsJDAFHCGIJE.exe
"C:\Users\user\DocumentsJDAFHCGIJE.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7144 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAFHCGIJE.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 7 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://sb.scorecardresearch.com/b2?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.238.49.124
https://c.msn.com/
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dllw3
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://sb.scorecardresearch.com/
unknown
https://deff.nelreports.net/api/report
unknown
http://31.41.244.11/files/random.exe1
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
http://31.41.244.11/
unknown
http://185.215.113.43/Zu7JuNko/index.php
185.215.113.43
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342188666&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342194922&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.100
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239340418546_1PNT9LCA42P8D0DO5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
185.215.113.206/c4becf79229cb002.php
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
http://185.215.113.206/c4becf79229cb002.phpZd
unknown
https://srtb.msn.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
http://185.215.113.206/c4becf79229cb002.php~Q=
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
23.219.161.132
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
23.209.72.40
https://www.msn.com/web-notification-icon-light.png
unknown
http://31.41.244.11/files/random.exe3b31
unknown
https://chromewebstore.google.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
http://185.215.113.206/68b591d6548ec281/nss3.dllm0
unknown
http://31.41.244.11/files/random.exephp
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342194071&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
http://31.41.244.11/files/random.exe
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342194079&w=0&anoncknm=app_anon&NoResponseBody=true
13.89.179.8
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239357296555_1NQZO136EN197N4N8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
http://185.215.113.206/68b591d6548ec281/msvcp140.dllJ
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://sb.scorecardresearch.com/b?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.238.49.124
http://185.215.113.206/c4becf79229cb002.phpSd
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
https://browser.events.data.msn.com/
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
http://31.41.244.11/files/random.exe06ncoded
unknown
http://185.215.113.43/Zu7JuNko/index.phpY
unknown
http://31.41.244.11/A
unknown
https://m.kugou.com/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
fg.microsoft.map.fastly.net
199.232.210.172
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
172.217.17.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
18.165.220.106
www.google.com
142.250.181.100
s-part-0035.t-0009.t-msedge.net
13.107.246.63
ax-0001.ax-msedge.net
150.171.28.10
googlehosted.l.googleusercontent.com
142.250.181.97
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 6 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
13.107.246.63
s-part-0035.t-0009.t-msedge.net
United States
13.107.246.40
unknown
United States
23.44.201.18
unknown
United States
23.219.161.132
unknown
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
2.16.158.75
unknown
European Union
23.219.161.135
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
unknown
United States
2.16.158.35
unknown
European Union
31.41.244.11
unknown
Russian Federation
172.217.17.78
plus.l.google.com
United States
23.33.40.146
unknown
United States
23.209.72.40
unknown
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
142.250.181.100
www.google.com
United States
18.238.49.124
unknown
United States
239.255.255.250
unknown
Reserved
23.44.201.5
unknown
United States
104.117.182.56
unknown
United States
20.75.60.91
unknown
United States
142.250.181.97
googlehosted.l.googleusercontent.com
United States
127.0.0.1
unknown
unknown
13.89.179.8
unknown
United States
There are 18 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197648
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197648
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197648
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197648
WindowTabManagerFileMappingId
There are 97 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
50E0000
direct allocation
page read and write
 malicious
B11000
unkown
page execute and read and write
 malicious
50A0000
direct allocation
page read and write
 malicious
4B40000
direct allocation
page read and write
 malicious
61E000
heap
page read and write
 malicious
3F1000
unkown
page execute and read and write
 malicious
3F1000
unkown
page execute and read and write
 malicious
4BF0000
direct allocation
page read and write
 malicious
F31000
unkown
page execute and read and write
 malicious
FFC000
unkown
page execute and read and write
435F000
stack
page read and write
519F000
stack
page read and write
1354000
heap
page read and write
233F0000
heap
page read and write
1345000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1370000
direct allocation
page read and write
B00000
heap
page read and write
2332D000
stack
page read and write
4BF0000
direct allocation
page read and write
1D1B0000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
51DE000
stack
page read and write
1354000
heap
page read and write
2E30000
direct allocation
page read and write
235B0000
trusted library allocation
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
464E000
stack
page read and write
1355000
heap
page read and write
711000
unkown
page execute and read and write
2BEF000
stack
page read and write
1354000
heap
page read and write
356E000
stack
page read and write
1354000
heap
page read and write
371E000
stack
page read and write
123E000
stack
page read and write
1354000
heap
page read and write
1D1AC000
heap
page read and write
1CFFD000
stack
page read and write
68BE000
stack
page read and write
600000
direct allocation
page read and write
1355000
heap
page read and write
61EB4000
direct allocation
page read and write
5250000
direct allocation
page execute and read and write
400E000
stack
page read and write
1354000
heap
page read and write
2E70000
direct allocation
page read and write
131F000
heap
page read and write
1354000
heap
page read and write
5240000
direct allocation
page execute and read and write
1354000
heap
page read and write
1355000
heap
page read and write
56BC000
stack
page read and write
2E30000
direct allocation
page read and write
4771000
heap
page read and write
61E01000
direct allocation
page execute read
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
600000
direct allocation
page read and write
23350000
heap
page read and write
1354000
heap
page read and write
3E5F000
stack
page read and write
1D195000
heap
page read and write
46B1000
heap
page read and write
2E6E000
stack
page read and write
352F000
stack
page read and write
1354000
heap
page read and write
511E000
stack
page read and write
450E000
stack
page read and write
600000
direct allocation
page read and write
46D0000
heap
page read and write
6C9000
unkown
page execute and read and write
1370000
direct allocation
page read and write
E3E000
heap
page read and write
48CE000
stack
page read and write
1354000
heap
page read and write
370F000
stack
page read and write
39EE000
stack
page read and write
1354000
heap
page read and write
4F1B000
stack
page read and write
1354000
heap
page read and write
4C1F000
stack
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
5270000
direct allocation
page execute and read and write
46B1000
heap
page read and write
1354000
heap
page read and write
129E000
heap
page read and write
4771000
heap
page read and write
30EF000
stack
page read and write
4D40000
direct allocation
page execute and read and write
1354000
heap
page read and write
1354000
heap
page read and write
E80000
direct allocation
page read and write
11DE000
stack
page read and write
F30000
unkown
page read and write
411E000
stack
page read and write
442F000
stack
page read and write
547D000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1D1B0000
heap
page read and write
1354000
heap
page read and write
46B1000
heap
page read and write
4771000
heap
page read and write
50DE000
stack
page read and write
12A0000
heap
page read and write
1354000
heap
page read and write
1370000
direct allocation
page read and write
1214000
heap
page read and write
452000
unkown
page execute and read and write
1354000
heap
page read and write
1370000
direct allocation
page read and write
46B1000
heap
page read and write
550000
heap
page read and write
E80000
direct allocation
page read and write
1D1A2000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
4F8000
stack
page read and write
4ADF000
stack
page read and write
2E30000
direct allocation
page read and write
3ADE000
stack
page read and write
44CF000
stack
page read and write
1214000
heap
page read and write
2BEF000
stack
page read and write
474F000
stack
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
61ED4000
direct allocation
page readonly
1210000
heap
page read and write
46B1000
heap
page read and write
E30000
heap
page read and write
1D17D000
heap
page read and write
133A000
heap
page read and write
372F000
stack
page read and write
1354000
heap
page read and write
1355000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
2AAD000
heap
page read and write
43CE000
stack
page read and write
F0A000
heap
page read and write
108E000
stack
page read and write
CFD000
stack
page read and write
4CCE000
stack
page read and write
1355000
heap
page read and write
1354000
heap
page read and write
1097000
unkown
page execute and read and write
1354000
heap
page read and write
46B1000
heap
page read and write
35CF000
stack
page read and write
34EE000
stack
page read and write
23651000
heap
page read and write
1214000
heap
page read and write
46B1000
heap
page read and write
B10000
unkown
page readonly
46B1000
heap
page read and write
3EAF000
stack
page read and write
1354000
heap
page read and write
23413000
heap
page read and write
1317000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
1250000
heap
page read and write
1354000
heap
page read and write
6C9F1000
unkown
page execute read
1354000
heap
page read and write
46B1000
heap
page read and write
1CA8F000
stack
page read and write
12D0000
heap
page read and write
4771000
heap
page read and write
1327000
heap
page read and write
61ED0000
direct allocation
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
E80000
direct allocation
page read and write
44EF000
stack
page read and write
131F000
heap
page read and write
1354000
heap
page read and write
23430000
trusted library allocation
page read and write
1354000
heap
page read and write
6F80000
trusted library allocation
page read and write
23651000
heap
page read and write
600000
direct allocation
page read and write
E2C000
stack
page read and write
4771000
heap
page read and write
6D8000
heap
page read and write
130E000
heap
page read and write
158F000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
4D70000
direct allocation
page execute and read and write
233F3000
heap
page read and write
12F0000
heap
page read and write
3BDF000
stack
page read and write
4D90000
direct allocation
page execute and read and write
69BF000
stack
page read and write
4771000
heap
page read and write
1370000
direct allocation
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1370000
direct allocation
page read and write
23370000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
46B1000
heap
page read and write
4B30000
direct allocation
page read and write
6EF000
heap
page read and write
FB4000
unkown
page execute and read and write
1354000
heap
page read and write
488F000
stack
page read and write
1D18A000
heap
page read and write
1214000
heap
page read and write
1355000
heap
page read and write
4790000
heap
page read and write
4771000
heap
page read and write
46B1000
heap
page read and write
1370000
direct allocation
page read and write
1354000
heap
page read and write
39AF000
stack
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
1322000
heap
page read and write
46B1000
heap
page read and write
4D70000
direct allocation
page execute and read and write
543F000
stack
page read and write
1354000
heap
page read and write
12AD000
heap
page read and write
46B1000
heap
page read and write
3F9F000
stack
page read and write
3FEF000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1D195000
heap
page read and write
1354000
heap
page read and write
4FE000
stack
page read and write
52E0000
direct allocation
page execute and read and write
1D18D000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1D1A8000
heap
page read and write
46B1000
heap
page read and write
AF0000
heap
page read and write
1D1AD000
heap
page read and write
1D191000
heap
page read and write
1354000
heap
page read and write
4D2F000
stack
page read and write
1D195000
heap
page read and write
1354000
heap
page read and write
43AF000
stack
page read and write
4771000
heap
page read and write
392E000
stack
page read and write
1354000
heap
page read and write
459000
unkown
page write copy
1370000
direct allocation
page read and write
46B1000
heap
page read and write
61A000
heap
page read and write
600000
direct allocation
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
6FB000
unkown
page execute and read and write
1D187000
heap
page read and write
1D189000
heap
page read and write
5200000
direct allocation
page execute and read and write
2E30000
direct allocation
page read and write
2A2B1000
heap
page read and write
4DF0000
direct allocation
page execute and read and write
5260000
direct allocation
page execute and read and write
1D17B000
heap
page read and write
2EAE000
stack
page read and write
1354000
heap
page read and write
1D162000
heap
page read and write
312E000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
1309000
unkown
page execute and read and write
4771000
heap
page read and write
2EEF000
stack
page read and write
1D1A2000
heap
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
1355000
heap
page read and write
5E7000
unkown
page execute and read and write
4B7B000
stack
page read and write
4771000
heap
page read and write
46B1000
heap
page read and write
1CEBD000
stack
page read and write
1354000
heap
page read and write
360E000
stack
page read and write
1214000
heap
page read and write
4D80000
direct allocation
page execute and read and write
1354000
heap
page read and write
DE9000
unkown
page execute and read and write
338E000
stack
page read and write
4CA0000
direct allocation
page execute and read and write
39CE000
stack
page read and write
130F000
heap
page read and write
666E000
stack
page read and write
1327000
heap
page read and write
52B0000
direct allocation
page execute and read and write
9B0000
heap
page read and write
345F000
stack
page read and write
1354000
heap
page read and write
6E9000
heap
page read and write
61ECC000
direct allocation
page read and write
4771000
heap
page read and write
4771000
heap
page read and write
61E00000
direct allocation
page execute and read and write
1354000
heap
page read and write
1317000
heap
page read and write
4780000
heap
page read and write
6FCE0000
unkown
page readonly
4C51000
heap
page read and write
4A0E000
stack
page read and write
4E00000
direct allocation
page execute and read and write
4771000
heap
page read and write
1354000
heap
page read and write
34CE000
stack
page read and write
1D1A4000
heap
page read and write
4771000
heap
page read and write
4D60000
direct allocation
page execute and read and write
49CF000
stack
page read and write
4B30000
direct allocation
page read and write
5260000
direct allocation
page execute and read and write
B72000
unkown
page execute and read and write
4771000
heap
page read and write
50E0000
direct allocation
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1214000
heap
page read and write
421F000
stack
page read and write
B11000
unkown
page execute and write copy
1354000
heap
page read and write
118E000
stack
page read and write
424F000
stack
page read and write
600000
direct allocation
page read and write
1354000
heap
page read and write
6CBD0000
unkown
page read and write
1354000
heap
page read and write
398F000
stack
page read and write
E80000
direct allocation
page read and write
1D195000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
3C1E000
stack
page read and write
1D1AC000
heap
page read and write
1354000
heap
page read and write
E80000
direct allocation
page read and write
2CEF000
stack
page read and write
6FCE1000
unkown
page execute read
46B1000
heap
page read and write
4771000
heap
page read and write
1214000
heap
page read and write
E31000
unkown
page execute and read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
41EE000
stack
page read and write
E7E000
stack
page read and write
4B76000
direct allocation
page read and write
1D1B0000
heap
page read and write
1354000
heap
page read and write
3E8F000
stack
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
233B1000
heap
page read and write
1354000
heap
page read and write
E1B000
unkown
page execute and read and write
5230000
direct allocation
page execute and read and write
1D17B000
heap
page read and write
1170000
heap
page read and write
234AE000
stack
page read and write
395F000
stack
page read and write
3A2F000
stack
page read and write
1370000
direct allocation
page read and write
1354000
heap
page read and write
4F5E000
stack
page read and write
6C9F0000
unkown
page readonly
1354000
heap
page read and write
3A6E000
stack
page read and write
416E000
stack
page read and write
2F8F000
stack
page read and write
46B1000
heap
page read and write
386F000
stack
page read and write
51F0000
direct allocation
page execute and read and write
296E000
stack
page read and write
1354000
heap
page read and write
6FD6E000
unkown
page read and write
2E30000
direct allocation
page read and write
1370000
direct allocation
page read and write
1D195000
heap
page read and write
E80000
direct allocation
page read and write
2A2B0000
heap
page read and write
1354000
heap
page read and write
3C0F000
stack
page read and write
46B1000
heap
page read and write
4BEC000
stack
page read and write
412F000
stack
page read and write
1354000
heap
page read and write
E37000
heap
page read and write
1354000
heap
page read and write
3F0000
unkown
page readonly
1354000
heap
page read and write
23657000
heap
page read and write
4771000
heap
page read and write
5200000
direct allocation
page execute and read and write
446E000
stack
page read and write
B79000
unkown
page write copy
35EF000
stack
page read and write
489E000
stack
page read and write
1D1B0000
heap
page read and write
1DC000
stack
page read and write
1323000
heap
page read and write
23330000
trusted library allocation
page read and write
37EE000
stack
page read and write
1D1A7000
heap
page read and write
46B1000
heap
page read and write
33AE000
stack
page read and write
4C4F000
stack
page read and write
1355000
heap
page read and write
6CBCF000
unkown
page write copy
1354000
heap
page read and write
2AA0000
heap
page read and write
385E000
stack
page read and write
1354000
heap
page read and write
3B2E000
stack
page read and write
46B1000
heap
page read and write
2E30000
direct allocation
page read and write
1354000
heap
page read and write
471F000
stack
page read and write
DEE000
stack
page read and write
1D195000
heap
page read and write
2F9F000
stack
page read and write
12F0000
heap
page read and write
10FD000
stack
page read and write
E20000
heap
page read and write
3FCF000
stack
page read and write
5280000
direct allocation
page execute and read and write
1D1A2000
heap
page read and write
1D195000
heap
page read and write
6A21000
heap
page read and write
1354000
heap
page read and write
46B1000
heap
page read and write
1D1AF000
heap
page read and write
1D172000
heap
page read and write
476F000
stack
page read and write
3E9E000
stack
page read and write
4C21000
heap
page read and write
46B1000
heap
page read and write
1327000
heap
page read and write
1354000
heap
page read and write
310E000
stack
page read and write
5364000
heap
page read and write
23399000
heap
page read and write
320F000
stack
page read and write
23394000
heap
page read and write
1D1A4000
heap
page read and write
4C51000
heap
page read and write
6E2000
heap
page read and write
E3B000
heap
page read and write
B7B000
unkown
page execute and read and write
4CC0000
direct allocation
page execute and read and write
4771000
heap
page read and write
1D1A2000
heap
page read and write
4771000
heap
page read and write
1D179000
heap
page read and write
3F6E000
stack
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
2A6F000
stack
page read and write
141F000
unkown
page execute and read and write
5360000
heap
page read and write
1354000
heap
page read and write
1D1A2000
heap
page read and write
2339F000
heap
page read and write
E80000
direct allocation
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
4CF0000
direct allocation
page execute and read and write
1354000
heap
page read and write
1354000
heap
page read and write
98B000
stack
page read and write
461E000
stack
page read and write
1CD0F000
stack
page read and write
309F000
stack
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
4771000
heap
page read and write
46B1000
heap
page read and write
6670000
heap
page read and write
1354000
heap
page read and write
233AB000
heap
page read and write
46B1000
heap
page read and write
45B000
unkown
page execute and read and write
1D1AF000
heap
page read and write
1354000
heap
page read and write
49DE000
stack
page read and write
432E000
stack
page read and write
6B9B000
stack
page read and write
1D195000
heap
page read and write
E80000
direct allocation
page read and write
1354000
heap
page read and write
46B1000
heap
page read and write
1D195000
heap
page read and write
1D17B000
heap
page read and write
1D195000
heap
page read and write
4771000
heap
page read and write
610000
heap
page read and write
2E30000
direct allocation
page read and write
6CBD5000
unkown
page readonly
4771000
heap
page read and write
1354000
heap
page read and write
1370000
direct allocation
page read and write
1354000
heap
page read and write
130E000
heap
page read and write
55BE000
stack
page read and write
52D0000
direct allocation
page execute and read and write
1354000
heap
page read and write
1D195000
heap
page read and write
4771000
heap
page read and write
1D17F000
heap
page read and write
E9B000
heap
page read and write
2E47000
heap
page read and write
46B1000
heap
page read and write
156D000
stack
page read and write
136E000
stack
page read and write
410F000
stack
page read and write
316F000
stack
page read and write
1D18A000
heap
page read and write
46AF000
stack
page read and write
7780000
heap
page read and write
4771000
heap
page read and write
399E000
stack
page read and write
5141000
direct allocation
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
5200000
direct allocation
page execute and read and write
7911000
heap
page read and write
1354000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
23396000
heap
page read and write
1CBCF000
stack
page read and write
406F000
stack
page read and write
1354000
heap
page read and write
460F000
stack
page read and write
1354000
heap
page read and write
359F000
stack
page read and write
46B1000
heap
page read and write
D07000
unkown
page execute and read and write
1354000
heap
page read and write
132E000
stack
page read and write
37AF000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
702000
unkown
page execute and read and write
13ED000
unkown
page execute and read and write
1354000
heap
page read and write
4771000
heap
page read and write
3ECE000
stack
page read and write
1355000
heap
page read and write
1354000
heap
page read and write
4C51000
direct allocation
page read and write
4771000
heap
page read and write
677F000
stack
page read and write
46B1000
heap
page read and write
4C21000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
439E000
stack
page read and write
52A0000
direct allocation
page execute and read and write
374E000
stack
page read and write
1D16B000
heap
page read and write
46B1000
heap
page read and write
4770000
heap
page read and write
1354000
heap
page read and write
2E30000
direct allocation
page read and write
1337000
heap
page read and write
12F0000
heap
page read and write
557E000
stack
page read and write
42EF000
stack
page read and write
A8A000
stack
page read and write
1344000
heap
page read and write
600000
direct allocation
page read and write
1D187000
heap
page read and write
1354000
heap
page read and write
4DC0000
direct allocation
page execute and read and write
1354000
heap
page read and write
712000
unkown
page execute and write copy
4DE0000
direct allocation
page execute and read and write
505F000
stack
page read and write
1D1A9000
heap
page read and write
414E000
stack
page read and write
4771000
heap
page read and write
1350000
heap
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
E80000
direct allocation
page read and write
5101000
direct allocation
page read and write
4D70000
direct allocation
page execute and read and write
36AE000
stack
page read and write
3F1000
unkown
page execute and write copy
4771000
heap
page read and write
1D160000
heap
page read and write
46B1000
heap
page read and write
4771000
heap
page read and write
4C21000
heap
page read and write
E70000
heap
page read and write
23430000
trusted library allocation
page read and write
1355000
heap
page read and write
475E000
stack
page read and write
4CC0000
direct allocation
page execute and read and write
1354000
heap
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
9E0000
heap
page read and write
5210000
direct allocation
page execute and read and write
1D18A000
heap
page read and write
1354000
heap
page read and write
1D1B0000
heap
page read and write
1D18C000
heap
page read and write
1354000
heap
page read and write
2E20000
heap
page read and write
428D000
stack
page read and write
5290000
direct allocation
page execute and read and write
E6E000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
117C000
unkown
page execute and read and write
46B1000
heap
page read and write
1354000
heap
page read and write
6A30000
heap
page read and write
1354000
heap
page read and write
1370000
direct allocation
page read and write
1D194000
heap
page read and write
1354000
heap
page read and write
3A9F000
stack
page read and write
94C000
stack
page read and write
1354000
heap
page read and write
166F000
stack
page read and write
46B1000
heap
page read and write
EEE000
heap
page read and write
23400000
heap
page read and write
1354000
heap
page read and write
466E000
stack
page read and write
3DEF000
stack
page read and write
4D50000
direct allocation
page execute and read and write
5300000
direct allocation
page execute and read and write
12AA000
heap
page read and write
1D16F000
heap
page read and write
1325000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
3D5E000
stack
page read and write
1D1A2000
heap
page read and write
485F000
stack
page read and write
321E000
stack
page read and write
2322D000
stack
page read and write
12F0000
heap
page read and write
142D000
unkown
page execute and read and write
4771000
heap
page read and write
50E0000
direct allocation
page read and write
5260000
direct allocation
page execute and read and write
1D1AC000
heap
page read and write
1D1B0000
heap
page read and write
5200000
direct allocation
page execute and read and write
1354000
heap
page read and write
1354000
heap
page read and write
5240000
direct allocation
page execute and read and write
4C20000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1D172000
heap
page read and write
919C000
stack
page read and write
69F0000
heap
page read and write
FD6000
unkown
page execute and read and write
1354000
heap
page read and write
677000
heap
page read and write
44DE000
stack
page read and write
1354000
heap
page read and write
1D1A2000
heap
page read and write
1D1A7000
heap
page read and write
46B1000
heap
page read and write
51DF000
stack
page read and write
EFE000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
130E000
heap
page read and write
456F000
stack
page read and write
1354000
heap
page read and write
45B000
unkown
page execute and read and write
1355000
heap
page read and write
30CF000
stack
page read and write
3F0000
unkown
page read and write
1354000
heap
page read and write
4711000
heap
page read and write
6CB8F000
unkown
page readonly
1355000
heap
page read and write
1214000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
3C6E000
stack
page read and write
1310000
heap
page read and write
1355000
heap
page read and write
1214000
heap
page read and write
459000
unkown
page write copy
1D190000
heap
page read and write
348F000
stack
page read and write
4771000
heap
page read and write
52C0000
direct allocation
page execute and read and write
30DE000
stack
page read and write
32AF000
stack
page read and write
499F000
stack
page read and write
46B1000
heap
page read and write
46B1000
heap
page read and write
6A30000
heap
page read and write
31DF000
stack
page read and write
1416000
unkown
page execute and read and write
2FAF000
stack
page read and write
1D1A2000
heap
page read and write
5260000
direct allocation
page execute and read and write
40AE000
stack
page read and write
1354000
heap
page read and write
1D171000
heap
page read and write
46B1000
heap
page read and write
4771000
heap
page read and write
1D195000
heap
page read and write
1D1B0000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
40DF000
stack
page read and write
4771000
heap
page read and write
4774000
heap
page read and write
1D1AD000
heap
page read and write
1354000
heap
page read and write
2DEF000
stack
page read and write
46B1000
heap
page read and write
478E000
stack
page read and write
1354000
heap
page read and write
533E000
stack
page read and write
2E8E000
stack
page read and write
1355000
heap
page read and write
23659000
heap
page read and write
4771000
heap
page read and write
32EE000
stack
page read and write
1354000
heap
page read and write
1CE6F000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
E22000
unkown
page execute and read and write
4DD0000
direct allocation
page execute and read and write
1354000
heap
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
2F2E000
stack
page read and write
46B1000
heap
page read and write
46B1000
heap
page read and write
4CB0000
direct allocation
page execute and read and write
349E000
stack
page read and write
6FD5D000
unkown
page readonly
4B30000
direct allocation
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
2E30000
direct allocation
page read and write
1354000
heap
page read and write
5290000
direct allocation
page execute and read and write
306E000
stack
page read and write
F67000
unkown
page execute and read and write
1214000
heap
page read and write
459000
unkown
page write copy
46B1000
heap
page read and write
1D1AB000
heap
page read and write
43EE000
stack
page read and write
1214000
heap
page read and write
1D17B000
heap
page read and write
1354000
heap
page read and write
E80000
direct allocation
page read and write
6676000
heap
page read and write
1355000
heap
page read and write
2FEE000
stack
page read and write
600000
direct allocation
page read and write
1D1A9000
heap
page read and write
3E2E000
stack
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
662E000
stack
page read and write
1354000
heap
page read and write
46B1000
heap
page read and write
3DAE000
stack
page read and write
2AEF000
stack
page read and write
322F000
stack
page read and write
335E000
stack
page read and write
4D70000
direct allocation
page execute and read and write
6A2E000
heap
page read and write
1354000
heap
page read and write
1160000
heap
page read and write
46B1000
heap
page read and write
1D195000
heap
page read and write
1D195000
heap
page read and write
1200000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
5270000
direct allocation
page execute and read and write
78F0000
heap
page read and write
1D1A7000
heap
page read and write
324E000
stack
page read and write
1354000
heap
page read and write
1D195000
heap
page read and write
6A20000
heap
page read and write
2AEC000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
23330000
heap
page read and write
46B1000
heap
page read and write
2A1AC000
stack
page read and write
2E30000
direct allocation
page read and write
6C9C000
stack
page read and write
139E000
heap
page read and write
1214000
heap
page read and write
342E000
stack
page read and write
1354000
heap
page read and write
366F000
stack
page read and write
125A000
heap
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
6CBCE000
unkown
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
1214000
heap
page read and write
1354000
heap
page read and write
1D18C000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
3D6F000
stack
page read and write
23391000
heap
page read and write
6C9000
unkown
page execute and read and write
5090000
trusted library allocation
page read and write
4771000
heap
page read and write
46B0000
heap
page read and write
E0E000
stack
page read and write
1354000
heap
page read and write
381F000
stack
page read and write
1355000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
4B4E000
stack
page read and write
600000
direct allocation
page read and write
600000
direct allocation
page read and write
12CB000
heap
page read and write
33EF000
stack
page read and write
15D3000
unkown
page execute and read and write
2D6E000
stack
page read and write
2E30000
direct allocation
page read and write
712000
unkown
page execute and write copy
4771000
heap
page read and write
5F0000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
2A2AC000
stack
page read and write
600000
direct allocation
page read and write
46B1000
heap
page read and write
46B1000
heap
page read and write
5E7000
unkown
page execute and read and write
1214000
heap
page read and write
1D187000
heap
page read and write
1355000
heap
page read and write
1D18C000
heap
page read and write
1D18C000
heap
page read and write
131F000
heap
page read and write
8B8000
unkown
page execute and write copy
1354000
heap
page read and write
388E000
stack
page read and write
1354000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1338000
heap
page read and write
4771000
heap
page read and write
1D191000
heap
page read and write
1D280000
trusted library allocation
page read and write
4C2B000
stack
page read and write
38EF000
stack
page read and write
3B0E000
stack
page read and write
4771000
heap
page read and write
3AEF000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
4BF0000
direct allocation
page read and write
1354000
heap
page read and write
2E97000
heap
page read and write
1327000
heap
page read and write
1354000
heap
page read and write
152E000
stack
page read and write
1D198000
heap
page read and write
452E000
stack
page read and write
6DD000
heap
page read and write
E80000
direct allocation
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
2AA7000
heap
page read and write
4771000
heap
page read and write
1D171000
heap
page read and write
1D1AC000
heap
page read and write
47B0000
trusted library allocation
page read and write
4B0F000
stack
page read and write
4B1E000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
302F000
stack
page read and write
1354000
heap
page read and write
687F000
stack
page read and write
38AE000
stack
page read and write
E31000
unkown
page execute and write copy
15D4000
unkown
page execute and write copy
1D1AF000
heap
page read and write
1D1B0000
heap
page read and write
3F0000
unkown
page read and write
459000
unkown
page write copy
702000
unkown
page execute and read and write
5280000
direct allocation
page execute and read and write
1354000
heap
page read and write
23330000
trusted library allocation
page read and write
600000
direct allocation
page read and write
5200000
direct allocation
page execute and read and write
4C90000
direct allocation
page execute and read and write
1370000
direct allocation
page read and write
DFC000
stack
page read and write
4CD0000
direct allocation
page execute and read and write
1D1A2000
heap
page read and write
139A000
heap
page read and write
1355000
heap
page read and write
4771000
heap
page read and write
6CC000
heap
page read and write
1354000
heap
page read and write
1CACE000
stack
page read and write
6FD72000
unkown
page readonly
45AE000
stack
page read and write
426F000
stack
page read and write
2E80000
direct allocation
page execute and read and write
FD8000
unkown
page execute and write copy
46B1000
heap
page read and write
1354000
heap
page read and write
3F2F000
stack
page read and write
EBE000
stack
page read and write
1CC0E000
stack
page read and write
7788000
heap
page read and write
4F3000
stack
page read and write
331F000
stack
page read and write
2E40000
heap
page read and write
3F0000
unkown
page readonly
2E30000
direct allocation
page read and write
E25000
heap
page read and write
1D1B0000
heap
page read and write
1355000
heap
page read and write
540000
heap
page read and write
2E2F000
stack
page read and write
E80000
direct allocation
page read and write
4771000
heap
page read and write
61ECD000
direct allocation
page readonly
1355000
heap
page read and write
1354000
heap
page read and write
462F000
stack
page read and write
1354000
heap
page read and write
5220000
direct allocation
page execute and read and write
1354000
heap
page read and write
2E6F000
stack
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
1D1AA000
heap
page read and write
E80000
direct allocation
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
46B1000
heap
page read and write
2E30000
direct allocation
page read and write
46B1000
heap
page read and write
4771000
heap
page read and write
EDA000
heap
page read and write
142D000
unkown
page execute and write copy
1354000
heap
page read and write
233A7000
heap
page read and write
6DDE000
stack
page read and write
2E4E000
heap
page read and write
142E000
unkown
page execute and write copy
1D1A2000
heap
page read and write
F00000
heap
page read and write
1354000
heap
page read and write
E32000
unkown
page execute and write copy
1354000
heap
page read and write
7910000
heap
page read and write
3ACF000
stack
page read and write
509E000
stack
page read and write
1D1A9000
heap
page read and write
8DE000
stack
page read and write
46B1000
heap
page read and write
117A000
unkown
page read and write
1354000
heap
page read and write
1D195000
heap
page read and write
1D194000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
1CFBE000
stack
page read and write
1D1A2000
heap
page read and write
692000
heap
page read and write
2E90000
heap
page read and write
5230000
direct allocation
page execute and read and write
3FDE000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
A1F000
stack
page read and write
1319000
heap
page read and write
31AE000
stack
page read and write
8B6000
unkown
page execute and read and write
1354000
heap
page read and write
4771000
heap
page read and write
909C000
stack
page read and write
1354000
heap
page read and write
1355000
heap
page read and write
51E0000
direct allocation
page execute and read and write
3D1F000
stack
page read and write
12AF000
heap
page read and write
131C000
heap
page read and write
438F000
stack
page read and write
1D0FC000
stack
page read and write
1354000
heap
page read and write
130E000
heap
page read and write
5A5000
heap
page read and write
35DE000
stack
page read and write
1D1B0000
heap
page read and write
1D18B000
heap
page read and write
3CAF000
stack
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
2A160000
heap
page read and write
4DB0000
direct allocation
page execute and read and write
4E10000
direct allocation
page execute and read and write
4771000
heap
page read and write
1D18D000
heap
page read and write
1D28E000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
2A70000
heap
page read and write
E80000
direct allocation
page read and write
3D4F000
stack
page read and write
1354000
heap
page read and write
1355000
heap
page read and write
1D179000
heap
page read and write
1354000
heap
page read and write
402E000
stack
page read and write
F31000
unkown
page execute and write copy
600000
direct allocation
page read and write
E90000
heap
page read and write
4D70000
direct allocation
page execute and read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
8B8000
unkown
page execute and write copy
1D18C000
heap
page read and write
5260000
direct allocation
page execute and read and write
1355000
heap
page read and write
6CDE000
stack
page read and write
362E000
stack
page read and write
4771000
heap
page read and write
1354000
heap
page read and write
61EB7000
direct allocation
page readonly
1354000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1D18D000
heap
page read and write
425E000
stack
page read and write
521F000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
711000
unkown
page execute and write copy
1D215000
heap
page read and write
41AF000
stack
page read and write
4CE0000
direct allocation
page execute and read and write
23649000
heap
page read and write
1D1B0000
heap
page read and write
1354000
heap
page read and write
1D1B0000
heap
page read and write
1CD6E000
stack
page read and write
8B6000
unkown
page execute and read and write
1354000
heap
page read and write
36DF000
stack
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
336F000
stack
page read and write
125E000
heap
page read and write
1317000
heap
page read and write
1354000
heap
page read and write
711000
unkown
page execute and read and write
FE5000
unkown
page execute and read and write
4771000
heap
page read and write
46B7000
heap
page read and write
B79000
unkown
page write copy
3EEE000
stack
page read and write
12D8000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
384F000
stack
page read and write
2E70000
direct allocation
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
1354000
heap
page read and write
5250000
direct allocation
page execute and read and write
6FB000
unkown
page execute and read and write
1354000
heap
page read and write
3D8E000
stack
page read and write
91E000
stack
page read and write
6675000
heap
page read and write
2FCB000
stack
page read and write
4771000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
5A0000
heap
page read and write
42AE000
stack
page read and write
4771000
heap
page read and write
5200000
direct allocation
page execute and read and write
3C2F000
stack
page read and write
4771000
heap
page read and write
1D195000
heap
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
1D17B000
heap
page read and write
449F000
stack
page read and write
1354000
heap
page read and write
4771000
heap
page read and write
4C51000
heap
page read and write
4771000
heap
page read and write
4C52000
heap
page read and write
1D1B0000
heap
page read and write
1214000
heap
page read and write
1168000
unkown
page execute and read and write
1D1A2000
heap
page read and write
1354000
heap
page read and write
117A000
unkown
page write copy
4771000
heap
page read and write
F30000
unkown
page readonly
376E000
stack
page read and write
1D195000
heap
page read and write
1354000
heap
page read and write
45DF000
stack
page read and write
46B1000
heap
page read and write
2D2F000
stack
page read and write
1354000
heap
page read and write
46B1000
heap
page read and write
1354000
heap
page read and write
52A0000
direct allocation
page execute and read and write
3B6F000
stack
page read and write
1D1AB000
heap
page read and write
46B1000
heap
page read and write
1D195000
heap
page read and write
1354000
heap
page read and write
46C0000
heap
page read and write
1354000
heap
page read and write
52DE000
stack
page read and write
662000
heap
page read and write
1354000
heap
page read and write
1D18E000
heap
page read and write
452000
unkown
page execute and read and write
2E30000
direct allocation
page read and write
1354000
heap
page read and write
1D1B0000
heap
page read and write
3BAE000
stack
page read and write
4D70000
direct allocation
page execute and read and write
46B1000
heap
page read and write
B10000
unkown
page read and write
1D17B000
heap
page read and write
46B1000
heap
page read and write
1D18C000
heap
page read and write
46B1000
heap
page read and write
131F000
heap
page read and write
334F000
stack
page read and write
61ED3000
direct allocation
page read and write
131F000
heap
page read and write
1355000
heap
page read and write
1390000
heap
page read and write
711000
unkown
page execute and write copy
1354000
heap
page read and write
5260000
direct allocation
page execute and read and write
1354000
heap
page read and write
4C7F000
stack
page read and write
34AF000
stack
page read and write
3CED000
stack
page read and write
1370000
direct allocation
page read and write
4771000
heap
page read and write
5EE000
stack
page read and write
1D195000
heap
page read and write
326E000
stack
page read and write
1354000
heap
page read and write
3F1000
unkown
page execute and write copy
4771000
heap
page read and write
4771000
heap
page read and write
52F0000
direct allocation
page execute and read and write
4BB0000
trusted library allocation
page read and write
1354000
heap
page read and write
2C2E000
stack
page read and write
1D183000
heap
page read and write
3C4E000
stack
page read and write
5260000
direct allocation
page execute and read and write
1355000
heap
page read and write
235AE000
stack
page read and write
1354000
heap
page read and write
600000
direct allocation
page read and write
5060000
trusted library allocation
page read and write
1354000
heap
page read and write
There are 1219 hidden memdumps, click here to show them.