IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\DocumentsIEBFHCAKFB.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AEBGIEGCFHCFHIDHIJEC
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\CFIIIJJKJKFHIDGDBAKJEBKEGC
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\DGDBKFBA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\DGDBKFBAKFBFHIECFBFI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\EBAKKFHJDBKKEBFHDAAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IDHIDBAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\ProgramData\KJEHDHIEGIIIDHIDHDHJJKJKJJ
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1f6e1b8d-d43f-4e86-a1e6-cbe6ae8b9a66.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\30639763-4b97-4c6d-ace9-af02acbb9b25.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\30e200b7-4dbe-4767-8ba9-1d08edf566e0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\70c4c8eb-3053-401a-a513-5418b2ead836.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\85f71161-a94e-4de3-a6e1-f191aa785aea.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\9a8aace5-cd32-49c4-a087-1fba766c0784.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67424231-22F0.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3e32dacc-915b-4b72-a3aa-da476cea9660.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4766c49b-ea49-49cc-8ccf-eb7047c38db6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4b45d5df-1613-481c-ab8c-132c65bbdeac.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\50f6d5b9-47ff-417c-89ef-8705e99eabb5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6820e650-d37c-4500-b987-168cf3904b92.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\90f53db5-99fc-4187-b95d-978fc7e67c43.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3958430f-1566-4ccf-905c-592e48d9e224.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\39b6ee48-2e02-46d6-8151-a00a3db7fe1c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4c417.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ae13.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ce3e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b7991799-f9b5-4f53-8a80-c928140aedf8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cfb3a9bf-ec47-42f8-948f-67466d51b645.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d8466bf1-63b8-4a95-8f02-455b2ef97a5c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dbe54d81-fa63-4a71-b0ef-3cc749768f45.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f87a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF43e5d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b39d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3f53e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376869171927577
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\20832809-0002-4f3d-aedc-e4fcd6583289.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\555ecb09-dc7d-44f9-878d-1ead3add59ab.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6868b288-e050-4103-943b-bbca4ab66ce6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3ce3e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e0b87adc-3ed8-4da5-ac08-b1d3596272fe.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a06c1dec-08a8-4227-a5b1-81a5b95f4f16.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e2c299db-6d37-4b01-a3b8-4c1e45232b03.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ed14a95b-1511-43ab-8284-1c5b2dda97d2.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a0a6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a0b6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a24c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c94c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b35e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50ecc.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c5399dc4-2e1b-43ec-be44-1d5b9fe9da37.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fc89c950-f4b3-4a8b-8fcd-9984e8910f4f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\09e9d01c-a09b-46d8-981b-125dc2e46f0c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\0f211ae6-4574-4ca9-bf2f-4f4a472250c2.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\4711f56c-e10a-4c1b-b138-41225e4393e1.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\9654f70b-d41e-4a3e-a9f9-ab4adb4c1591.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3
dropped
C:\Users\user\AppData\Local\Temp\c6d2fb51-95cf-4e7f-8e98-8b1c45d3c744.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\d44d1cd6-52d0-414c-8a27-982d18463763.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\f396d042-c9e9-45e0-b641-f620fec2cc5a.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1415441098\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1415441098\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1415441098\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1415441098\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1415441098\c6d2fb51-95cf-4e7f-8e98-8b1c45d3c744.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\09e9d01c-a09b-46d8-981b-125dc2e46f0c.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (3777)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8944_1616840605\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (3782)
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Windows\Tasks\skotes.job
data
dropped
Chrome Cache Entry: 335
ASCII text, with very long lines (764)
downloaded
Chrome Cache Entry: 336
ASCII text, with very long lines (2586)
downloaded
Chrome Cache Entry: 337
ASCII text
downloaded
Chrome Cache Entry: 338
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 339
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 340
SVG Scalable Vector Graphics image
downloaded
There are 263 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2168,i,15450045308724304407,3334776206142890789,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2412,i,7409656468165010788,2301756924555516473,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1984,i,13239440553099230890,9220133317394539061,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6568 --field-trial-handle=1984,i,13239440553099230890,9220133317394539061,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6736 --field-trial-handle=1984,i,13239440553099230890,9220133317394539061,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7328 --field-trial-handle=1984,i,13239440553099230890,9220133317394539061,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7328 --field-trial-handle=1984,i,13239440553099230890,9220133317394539061,262144 /prefetch:8
malicious
C:\Users\user\DocumentsIEBFHCAKFB.exe
"C:\Users\user\DocumentsIEBFHCAKFB.exe"
malicious
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6444 --field-trial-handle=1984,i,13239440553099230890,9220133317394539061,262144 /prefetch:8
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsIEBFHCAKFB.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-2.2.2&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732395573000&w=0&anoncknm=app_anon
52.168.112.67
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
unknown
https://assets2.msn.com/bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js
23.209.72.33
https://ntp.msn.com/_default
unknown
https://www.last.fm/
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
https://www.instagram.com
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239379451728_14XNMF6X4FSK32IPX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://web.skype.com/?browsername=edge_canary_shoreline
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
https://drive.google.com/
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
https://www.messenger.com
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.68
http://185.215.113.206/c4becf79229cb002.php4f
unknown
https://unitedstates4.ss.wd.microsoft.us/
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://web.telegram.org/
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
http://185.215.113.206/c4becf79229cb002.php#
unknown
https://drive-daily-2.corp.google.com/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://drive-daily-4.corp.google.com/
unknown
https://vibe.naver.com/today
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/c4becf79229cb002.php7
unknown
http://185.215.113.206ngineer
unknown
https://drive-daily-5.corp.google.com/
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://www.google.com/chrome
unknown
https://www.tiktok.com/
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
http://185.215.113.16/mine/random.exek
unknown
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
unknown
https://chrome.google.com/webstore/
unknown
https://y.music.163.com/m/
unknown
https://unitedstates2.ss.wd.microsoft.us/
unknown
https://bard.google.com/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
https://web.whatsapp.com
unknown
https://m.kugou.com/
unknown
http://185.215.113.206/c4becf79229cb002.phpd
unknown
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239379451727_17498QGLTWDI94GLW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
172.217.19.225
http://185.215.113.16/mine/random.exe
185.215.113.16
https://powerpoint.new?from=EdgeM365Shoreline
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://tse1.mm.bing.net/th?id=OADD2.10239379264246_1WZI9SDGXO2UI868L&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
https://tidal.com/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://tse1.mm.bing.net/th?id=OADD2.10239379264247_1V1UB3I9T9AQAMZ40&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
150.171.27.10
https://gaana.com/
unknown
https://drive-staging.corp.google.com/
unknown
https://outlook.live.com/mail/compose?isExtension=true
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/c4becf79229cb002.phptemDrive=C:System
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
unknown
https://apis.google.com
unknown
https://ntp.msn.com/
unknown
http://www.sqlite.org/copyright.html.
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
unknown
https://latest.web.skype.com/?browsername=edge_canary_shoreline
unknown
https://ntp.msn.com/ntp.msn.com_default
unknown
https://word.new?from=EdgeM365Shoreline
unknown
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
unknown
https://outlook.office.com/mail/0/
unknown
https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
150.171.27.10
https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://m.soundcloud.com/
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
fg.microsoft.map.fastly.net
199.232.214.172
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
172.217.17.78
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
sb.scorecardresearch.com
3.160.188.68
www.google.com
142.250.181.68
googlehosted.l.googleusercontent.com
172.217.19.225
ax-0001.ax-msedge.net
150.171.27.10
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.215.113.43
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
185.215.113.16
unknown
Portugal
malicious
185.215.113.206
unknown
Portugal
malicious
3.160.188.68
sb.scorecardresearch.com
United States
13.107.246.40
unknown
United States
172.217.19.225
googlehosted.l.googleusercontent.com
United States
162.159.61.3
unknown
United States
23.43.85.29
unknown
United States
142.250.181.68
www.google.com
United States
23.209.72.33
unknown
United States
52.168.112.67
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
172.217.17.78
plus.l.google.com
United States
94.245.104.56
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
United Kingdom
239.255.255.250
unknown
Reserved
23.209.72.42
unknown
United States
23.59.251.201
unknown
United States
127.0.0.1
unknown
unknown
There are 9 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197730
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197730
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197730
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197730
WindowTabManagerFileMappingId
There are 95 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4C00000
direct allocation
page read and write
 malicious
137E000
heap
page read and write
 malicious
11000
unkown
page execute and read and write
 malicious
E1000
unkown
page execute and read and write
 malicious
8C1000
unkown
page execute and read and write
 malicious
48B0000
direct allocation
page read and write
 malicious
51F0000
direct allocation
page read and write
 malicious
1D9B5000
heap
page read and write
EF4000
heap
page read and write
4760000
direct allocation
page read and write
575000
unkown
page execute and write copy
1484000
heap
page read and write
4D80000
direct allocation
page execute and read and write
EF4000
heap
page read and write
419F000
stack
page read and write
4D61000
heap
page read and write
DA1000
heap
page read and write
4D61000
heap
page read and write
32DE000
stack
page read and write
3B9E000
stack
page read and write
3E4F000
stack
page read and write
980000
heap
page read and write
1DA35000
heap
page read and write
297E000
stack
page read and write
23B10000
trusted library allocation
page read and write
1484000
heap
page read and write
EF4000
heap
page read and write
1D9C7000
heap
page read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
B00000
heap
page read and write
EF4000
heap
page read and write
51F0000
direct allocation
page read and write
379F000
stack
page read and write
EF4000
heap
page read and write
1D9D0000
heap
page read and write
4D61000
heap
page read and write
1484000
heap
page read and write
1D991000
heap
page read and write
4C0F000
stack
page read and write
EF4000
heap
page read and write
330F000
stack
page read and write
9D0000
direct allocation
page read and write
6046000
heap
page read and write
23A10000
trusted library allocation
page read and write
4A40000
direct allocation
page execute and read and write
1D999000
heap
page read and write
E1000
unkown
page execute and write copy
EF4000
heap
page read and write
4760000
direct allocation
page read and write
53A0000
direct allocation
page execute and read and write
351F000
stack
page read and write
48B0000
direct allocation
page read and write
3E8E000
stack
page read and write
380F000
stack
page read and write
9D0000
direct allocation
page read and write
4D61000
heap
page read and write
1D9A7000
heap
page read and write
EF4000
heap
page read and write
DB4000
unkown
page execute and read and write
EF4000
heap
page read and write
484F000
stack
page read and write
EF4000
heap
page read and write
385F000
stack
page read and write
DA5000
heap
page read and write
465E000
stack
page read and write
DD7000
heap
page read and write
EF4000
heap
page read and write
1484000
heap
page read and write
4AA0000
direct allocation
page execute and read and write
EF5000
heap
page read and write
13D8000
heap
page read and write
DA5000
heap
page read and write
DB0000
heap
page read and write
4D50000
direct allocation
page read and write
4760000
direct allocation
page read and write
4AB0000
direct allocation
page execute and read and write
1D9D0000
heap
page read and write
C9E000
unkown
page execute and read and write
DC9000
heap
page read and write
9D0000
direct allocation
page read and write
2AC0000
heap
page read and write
DD4000
heap
page read and write
146A000
heap
page read and write
1D9B5000
heap
page read and write
1D9B5000
heap
page read and write
451E000
stack
page read and write
B0A000
unkown
page write copy
27DF000
stack
page read and write
4D50000
direct allocation
page read and write
1D9C2000
heap
page read and write
305E000
stack
page read and write
420F000
stack
page read and write
369E000
stack
page read and write
EF4000
heap
page read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
1D99B000
heap
page read and write
3E2000
unkown
page execute and read and write
301F000
stack
page read and write
41DE000
stack
page read and write
2F9F000
stack
page read and write
1D9B4000
heap
page read and write
3DDF000
stack
page read and write
4A80000
direct allocation
page execute and read and write
61ECC000
direct allocation
page read and write
1484000
heap
page read and write
4C00000
direct allocation
page read and write
EF4000
heap
page read and write
23C8E000
stack
page read and write
3C0E000
stack
page read and write
88D0000
heap
page read and write
4D61000
heap
page read and write
4D61000
heap
page read and write
398E000
stack
page read and write
9E0000
heap
page read and write
9F0000
heap
page read and write
EF4000
heap
page read and write
1D9CC000
heap
page read and write
35DF000
stack
page read and write
1484000
heap
page read and write
EF4000
heap
page read and write
1D9B5000
heap
page read and write
DB0000
heap
page read and write
D7A000
heap
page read and write
83C000
stack
page read and write
4D61000
heap
page read and write
4D61000
heap
page read and write
5370000
direct allocation
page execute and read and write
10000
unkown
page read and write
4D50000
direct allocation
page read and write
6CBF5000
unkown
page readonly
1480000
heap
page read and write
EF4000
heap
page read and write
4D61000
heap
page read and write
325E000
stack
page read and write
F50000
unkown
page execute and read and write
11000
unkown
page execute and write copy
23A77000
heap
page read and write
2F7E000
stack
page read and write
3FDF000
stack
page read and write
371F000
stack
page read and write
4771000
heap
page read and write
970000
heap
page read and write
EF4000
heap
page read and write
45CF000
stack
page read and write
61ED4000
direct allocation
page readonly
72000
unkown
page execute and read and write
61EB7000
direct allocation
page readonly
5390000
direct allocation
page execute and read and write
3D0F000
stack
page read and write
2C5F000
stack
page read and write
EF4000
heap
page read and write
4770000
heap
page read and write
6C971000
unkown
page execute read
EF4000
heap
page read and write
2FB000
unkown
page execute and read and write
335F000
stack
page read and write
F51000
unkown
page execute and write copy
1D9B4000
heap
page read and write
EF4000
heap
page read and write
4D50000
direct allocation
page execute and read and write
1D9D0000
heap
page read and write
4D61000
heap
page read and write
361E000
stack
page read and write
1D9D0000
heap
page read and write
1D9B5000
heap
page read and write
4D60000
heap
page read and write
1D9CC000
heap
page read and write
DDB000
heap
page read and write
1D9D0000
heap
page read and write
D0A000
heap
page read and write
1D9C2000
heap
page read and write
4D50000
direct allocation
page read and write
DD7000
heap
page read and write
53B0000
direct allocation
page execute and read and write
EF4000
heap
page read and write
1484000
heap
page read and write
DA1000
heap
page read and write
533F000
stack
page read and write
3F1F000
stack
page read and write
415E000
stack
page read and write
34DE000
stack
page read and write
4C00000
direct allocation
page read and write
1D9D0000
heap
page read and write
EF4000
heap
page read and write
4A5000
unkown
page execute and write copy
2A991000
heap
page read and write
D5E000
heap
page read and write
4D61000
heap
page read and write
4A90000
direct allocation
page execute and read and write
3D9E000
stack
page read and write
EF4000
heap
page read and write
4760000
direct allocation
page read and write
26A0000
heap
page read and write
EF4000
heap
page read and write
1D9AC000
heap
page read and write
EF4000
heap
page read and write
4D61000
heap
page read and write
1484000
heap
page read and write
4D61000
heap
page read and write
49CE000
stack
page read and write
1D9CA000
heap
page read and write
D7F000
heap
page read and write
72A0000
heap
page read and write
DB0000
heap
page read and write
4C4E000
stack
page read and write
4D3F000
stack
page read and write
1D992000
heap
page read and write
D59000
heap
page read and write
DC1000
heap
page read and write
EF4000
heap
page read and write
1D30E000
stack
page read and write
1D991000
heap
page read and write
1484000
heap
page read and write
1D9C2000
heap
page read and write
3C1F000
stack
page read and write
1D9C2000
heap
page read and write
1D9C7000
heap
page read and write
4760000
direct allocation
page read and write
23A92000
heap
page read and write
1D99B000
heap
page read and write
4D61000
heap
page read and write
4C3E000
stack
page read and write
EF4000
heap
page read and write
4A60000
direct allocation
page execute and read and write
1484000
heap
page read and write
DED000
heap
page read and write
1D9B5000
heap
page read and write
3F5E000
stack
page read and write
EF4000
heap
page read and write
1D87D000
stack
page read and write
6C970000
unkown
page readonly
1484000
heap
page read and write
1D9CF000
heap
page read and write
EF4000
heap
page read and write
488E000
stack
page read and write
4D61000
heap
page read and write
1D9AB000
heap
page read and write
4ACF000
stack
page read and write
62CE000
stack
page read and write
EF4000
heap
page read and write
39E000
unkown
page execute and read and write
9D0000
direct allocation
page read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
6CA10000
unkown
page readonly
1D9B5000
heap
page read and write
72A9000
heap
page read and write
1D980000
heap
page read and write
61ECD000
direct allocation
page readonly
EF4000
heap
page read and write
DD7000
heap
page read and write
3ACE000
stack
page read and write
4D80000
direct allocation
page execute and read and write
4860000
trusted library allocation
page read and write
EF4000
heap
page read and write
628F000
stack
page read and write
EF4000
heap
page read and write
5226000
direct allocation
page read and write
1D9AC000
heap
page read and write
1D9AD000
heap
page read and write
EF4000
heap
page read and write
1484000
heap
page read and write
2A7F000
stack
page read and write
6CBAF000
unkown
page readonly
261E000
stack
page read and write
2ADE000
heap
page read and write
4AC0000
direct allocation
page execute and read and write
1D9CB000
heap
page read and write
438D000
stack
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
DCF000
heap
page read and write
DB0000
heap
page read and write
7430000
heap
page read and write
EF4000
heap
page read and write
1484000
heap
page read and write
EF4000
heap
page read and write
23D32000
heap
page read and write
4D61000
heap
page read and write
1DAA0000
trusted library allocation
page read and write
319E000
stack
page read and write
23A10000
heap
page read and write
975000
unkown
page execute and read and write
4D61000
heap
page read and write
1D9D0000
heap
page read and write
EF4000
heap
page read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
1D9D0000
heap
page read and write
1484000
heap
page read and write
1D9AA000
heap
page read and write
EF4000
heap
page read and write
3A8F000
stack
page read and write
4D61000
heap
page read and write
4AD0000
direct allocation
page execute and read and write
305000
unkown
page execute and read and write
28DF000
stack
page read and write
EF4000
heap
page read and write
4D50000
direct allocation
page read and write
1D9A7000
heap
page read and write
1D9AD000
heap
page read and write
7B000
unkown
page execute and read and write
573000
unkown
page execute and read and write
EF4000
heap
page read and write
10000
unkown
page readonly
EF4000
heap
page read and write
DC9000
heap
page read and write
39DE000
stack
page read and write
EF5000
heap
page read and write
1484000
heap
page read and write
655C000
stack
page read and write
EF4000
heap
page read and write
4D4F000
stack
page read and write
4D90000
direct allocation
page execute and read and write
13F2000
heap
page read and write
1484000
heap
page read and write
1484000
heap
page read and write
D00000
heap
page read and write
448F000
stack
page read and write
A27000
unkown
page execute and read and write
355E000
stack
page read and write
D50000
heap
page read and write
4D61000
heap
page read and write
38DF000
stack
page read and write
4E00000
direct allocation
page execute and read and write
6CBF0000
unkown
page read and write
4760000
direct allocation
page read and write
4D50000
direct allocation
page read and write
26D7000
heap
page read and write
EF4000
heap
page read and write
B0A000
heap
page read and write
EF4000
heap
page read and write
103E000
stack
page read and write
EF4000
heap
page read and write
23A50000
heap
page read and write
4DF0000
direct allocation
page execute and read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
AFE000
stack
page read and write
401E000
stack
page read and write
1D9B0000
heap
page read and write
DB4000
unkown
page execute and write copy
D9B000
unkown
page execute and read and write
EF4000
heap
page read and write
1D999000
heap
page read and write
4A30000
direct allocation
page execute and read and write
D5D000
heap
page read and write
EF4000
heap
page read and write
4D61000
heap
page read and write
310B000
heap
page read and write
D74000
unkown
page execute and read and write
2CB000
unkown
page execute and read and write
DDB000
heap
page read and write
EF4000
heap
page read and write
4D61000
heap
page read and write
1D9C2000
heap
page read and write
1484000
heap
page read and write
334E000
stack
page read and write
1484000
heap
page read and write
23A10000
trusted library allocation
page read and write
EF4000
heap
page read and write
3A5E000
stack
page read and write
9D0000
direct allocation
page read and write
1D6DE000
stack
page read and write
1D9CF000
heap
page read and write
4760000
direct allocation
page read and write
EF4000
heap
page read and write
23A86000
heap
page read and write
4D61000
heap
page read and write
4A30000
direct allocation
page execute and read and write
24DE000
stack
page read and write
523C000
stack
page read and write
1D9B5000
heap
page read and write
375E000
stack
page read and write
1D9C9000
heap
page read and write
1D9C2000
heap
page read and write
2A1E000
stack
page read and write
EF4000
heap
page read and write
DA5000
heap
page read and write
311E000
stack
page read and write
1484000
heap
page read and write
1D9B5000
heap
page read and write
1D9AC000
heap
page read and write
DD7000
heap
page read and write
EF4000
heap
page read and write
DC9000
heap
page read and write
4D80000
heap
page read and write
344F000
stack
page read and write
DCF000
heap
page read and write
1D9AA000
heap
page read and write
1D9C2000
heap
page read and write
DD2000
heap
page read and write
EF4000
heap
page read and write
3C9F000
stack
page read and write
79000
unkown
page write copy
DD7000
heap
page read and write
CFA000
stack
page read and write
944000
unkown
page execute and read and write
4D61000
heap
page read and write
23AD2000
heap
page read and write
4DC0000
direct allocation
page execute and read and write
4D50000
direct allocation
page read and write
4760000
direct allocation
page read and write
97B000
stack
page read and write
DDB000
heap
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
107E000
stack
page read and write
EF4000
heap
page read and write
460E000
stack
page read and write
1D9C9000
heap
page read and write
61ED3000
direct allocation
page read and write
EF4000
heap
page read and write
3A1F000
stack
page read and write
8C0000
unkown
page read and write
315F000
stack
page read and write
EF4000
heap
page read and write
7431000
heap
page read and write
4BB0000
trusted library allocation
page read and write
399F000
stack
page read and write
1484000
heap
page read and write
D4D000
heap
page read and write
B0C000
unkown
page execute and read and write
DD6000
heap
page read and write
4A10000
direct allocation
page execute and read and write
F3E000
stack
page read and write
3BCF000
stack
page read and write
EF4000
heap
page read and write
199E000
stack
page read and write
4A20000
direct allocation
page execute and read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
1D9D0000
heap
page read and write
4C61000
direct allocation
page read and write
EF4000
heap
page read and write
1484000
heap
page read and write
1D9B5000
heap
page read and write
EF4000
heap
page read and write
E0000
unkown
page read and write
DD7000
heap
page read and write
EF4000
heap
page read and write
23C90000
trusted library allocation
page read and write
1D40E000
stack
page read and write
2D5E000
stack
page read and write
DD6000
heap
page read and write
4D50000
direct allocation
page read and write
1D18F000
stack
page read and write
1D99B000
heap
page read and write
EF4000
heap
page read and write
23A73000
heap
page read and write
4D61000
heap
page read and write
2BDF000
stack
page read and write
8C1000
unkown
page execute and write copy
EF4000
heap
page read and write
1D99F000
heap
page read and write
4DA0000
direct allocation
page execute and read and write
61E01000
direct allocation
page execute read
1484000
heap
page read and write
2DDE000
stack
page read and write
2FDE000
stack
page read and write
4D61000
heap
page read and write
2D1F000
stack
page read and write
4D61000
heap
page read and write
1D7DD000
stack
page read and write
9D0000
direct allocation
page read and write
1484000
heap
page read and write
35CE000
stack
page read and write
9D0000
direct allocation
page read and write
EF4000
heap
page read and write
1D9C2000
heap
page read and write
DA1000
heap
page read and write
6C9FE000
unkown
page read and write
312000
unkown
page execute and read and write
1484000
heap
page read and write
149000
unkown
page write copy
EF4000
heap
page read and write
9E6000
heap
page read and write
389E000
stack
page read and write
7440000
heap
page read and write
FE0000
heap
page read and write
1D9B5000
heap
page read and write
DEE000
heap
page read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
137A000
heap
page read and write
1D9B5000
heap
page read and write
9E0000
heap
page read and write
1D98F000
heap
page read and write
1D9D0000
heap
page read and write
6040000
heap
page read and write
DA6000
unkown
page execute and read and write
269E000
stack
page read and write
1484000
heap
page read and write
D0E000
heap
page read and write
743E000
heap
page read and write
409E000
stack
page read and write
4DD0000
direct allocation
page execute and read and write
4D61000
heap
page read and write
2ABE000
stack
page read and write
669E000
stack
page read and write
30BB000
stack
page read and write
1D99B000
heap
page read and write
4421000
heap
page read and write
4D61000
heap
page read and write
4D61000
heap
page read and write
1484000
heap
page read and write
1D9C9000
heap
page read and write
1D54F000
stack
page read and write
640E000
stack
page read and write
1D08E000
stack
page read and write
1D9B5000
heap
page read and write
142000
unkown
page execute and read and write
EF4000
heap
page read and write
1D9B1000
heap
page read and write
410E000
stack
page read and write
23D2B000
heap
page read and write
23D3A000
heap
page read and write
DC2000
heap
page read and write
EF4000
heap
page read and write
1484000
heap
page read and write
B0A000
unkown
page read and write
EF4000
heap
page read and write
4D50000
direct allocation
page read and write
3D5000
unkown
page execute and read and write
44CE000
stack
page read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
4D50000
direct allocation
page read and write
411F000
stack
page read and write
3E1E000
stack
page read and write
1D97D000
stack
page read and write
4B0E000
stack
page read and write
4D89000
stack
page read and write
EF5000
heap
page read and write
1D9C2000
heap
page read and write
EF5000
heap
page read and write
DB5000
unkown
page execute and write copy
679F000
stack
page read and write
EF4000
heap
page read and write
341E000
stack
page read and write
EF4000
heap
page read and write
4A30000
direct allocation
page execute and read and write
1D9CF000
heap
page read and write
1D99B000
heap
page read and write
4D61000
heap
page read and write
6CA11000
unkown
page execute read
310E000
heap
page read and write
DCF000
heap
page read and write
26C0000
heap
page read and write
4D50000
direct allocation
page read and write
4D50000
direct allocation
page read and write
461F000
stack
page read and write
3B1E000
stack
page read and write
40CF000
stack
page read and write
EF4000
heap
page read and write
4771000
heap
page read and write
2C1E000
stack
page read and write
4D61000
heap
page read and write
4780000
heap
page read and write
DED000
heap
page read and write
EF4000
heap
page read and write
4A3000
unkown
page execute and read and write
EF4000
heap
page read and write
1D2CF000
stack
page read and write
4D61000
heap
page read and write
4D61000
heap
page read and write
1D9C2000
heap
page read and write
2AD7000
heap
page read and write
EF4000
heap
page read and write
EF5000
heap
page read and write
EF4000
heap
page read and write
1D9C4000
heap
page read and write
4D61000
heap
page read and write
475F000
stack
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
EF5000
heap
page read and write
4D80000
direct allocation
page execute and read and write
44DF000
stack
page read and write
1D9B1000
heap
page read and write
4771000
heap
page read and write
9D0000
direct allocation
page read and write
D87000
heap
page read and write
4D61000
heap
page read and write
1D9D0000
heap
page read and write
424E000
stack
page read and write
6AA0000
trusted library allocation
page read and write
8C0000
unkown
page readonly
EF4000
heap
page read and write
23B10000
trusted library allocation
page read and write
3B5F000
stack
page read and write
3E9F000
stack
page read and write
1D99B000
heap
page read and write
2AD0000
heap
page read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
431E000
stack
page read and write
AF8000
unkown
page execute and read and write
4771000
heap
page read and write
4A00000
direct allocation
page execute and read and write
3100000
heap
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
1D9C4000
heap
page read and write
4D61000
heap
page read and write
1D9C8000
heap
page read and write
DA5000
heap
page read and write
4D61000
heap
page read and write
391E000
stack
page read and write
1D9B5000
heap
page read and write
23B8E000
stack
page read and write
134E000
stack
page read and write
4D61000
heap
page read and write
2F1E000
stack
page read and write
12FB000
stack
page read and write
329F000
stack
page read and write
4DE0000
direct allocation
page execute and read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
2B5E000
stack
page read and write
1484000
heap
page read and write
CFF000
stack
page read and write
4D80000
direct allocation
page execute and read and write
EF4000
heap
page read and write
4D80000
direct allocation
page execute and read and write
48EE000
stack
page read and write
1D9A7000
heap
page read and write
42DF000
stack
page read and write
2D9F000
stack
page read and write
4760000
direct allocation
page read and write
694B000
stack
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
1484000
heap
page read and write
4F60000
heap
page read and write
4D61000
heap
page read and write
4D50000
direct allocation
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
2C9E000
stack
page read and write
9D0000
direct allocation
page read and write
EF4000
heap
page read and write
320F000
stack
page read and write
EF4000
heap
page read and write
14B000
unkown
page execute and read and write
49EF000
stack
page read and write
61ED0000
direct allocation
page read and write
EF4000
heap
page read and write
3F8F000
stack
page read and write
1D9AD000
heap
page read and write
439F000
stack
page read and write
3EDE000
stack
page read and write
23A8F000
heap
page read and write
EF4000
heap
page read and write
149000
unkown
page write copy
1D9AC000
heap
page read and write
4D50000
direct allocation
page read and write
6CBEF000
unkown
page write copy
365F000
stack
page read and write
EF4000
heap
page read and write
79000
unkown
page write copy
2CE000
unkown
page execute and read and write
5380000
direct allocation
page execute and read and write
4D61000
heap
page read and write
8F7000
unkown
page execute and read and write
3E2000
unkown
page execute and write copy
9D0000
direct allocation
page read and write
3D4E000
stack
page read and write
1D9B8000
heap
page read and write
3ADF000
stack
page read and write
B0E000
heap
page read and write
3CB000
unkown
page execute and read and write
E0000
unkown
page readonly
5350000
direct allocation
page execute and read and write
1D9A9000
heap
page read and write
4D61000
heap
page read and write
12F2000
stack
page read and write
1484000
heap
page read and write
7440000
heap
page read and write
EF4000
heap
page read and write
23D31000
heap
page read and write
F9C000
stack
page read and write
3D5F000
stack
page read and write
1D59D000
stack
page read and write
1484000
heap
page read and write
339E000
stack
page read and write
1D9B5000
heap
page read and write
425F000
stack
page read and write
4F64000
heap
page read and write
26D0000
heap
page read and write
1484000
heap
page read and write
3FCE000
stack
page read and write
DDB000
heap
page read and write
265E000
stack
page read and write
EF4000
heap
page read and write
4F2B000
stack
page read and write
5380000
direct allocation
page execute and read and write
6C9ED000
unkown
page readonly
4DB0000
direct allocation
page execute and read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
1484000
heap
page read and write
4911000
direct allocation
page read and write
1D44E000
stack
page read and write
1D9C2000
heap
page read and write
D6F000
heap
page read and write
1470000
heap
page read and write
1DAAA000
heap
page read and write
33DF000
stack
page read and write
1D9B5000
heap
page read and write
650F000
stack
page read and write
6CA02000
unkown
page readonly
4A30000
direct allocation
page execute and read and write
470F000
stack
page read and write
312000
unkown
page execute and write copy
12F7000
stack
page read and write
4760000
direct allocation
page read and write
23A75000
heap
page read and write
EF5000
heap
page read and write
1370000
heap
page read and write
434F000
stack
page read and write
665C000
stack
page read and write
1484000
heap
page read and write
61E00000
direct allocation
page execute and read and write
1D9D0000
heap
page read and write
DED000
heap
page read and write
EF4000
heap
page read and write
1D9C2000
heap
page read and write
4D70000
heap
page read and write
1D9AA000
heap
page read and write
1484000
heap
page read and write
4D61000
heap
page read and write
4E20000
direct allocation
page execute and read and write
1D9A3000
heap
page read and write
1D9CB000
heap
page read and write
4D61000
heap
page read and write
93D000
stack
page read and write
4E60000
trusted library allocation
page read and write
EF4000
heap
page read and write
DD7000
heap
page read and write
2A7E0000
heap
page read and write
4420000
heap
page read and write
EF4000
heap
page read and write
321F000
stack
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
63CF000
stack
page read and write
405F000
stack
page read and write
61EB4000
direct allocation
page read and write
4D72000
heap
page read and write
2A7DB000
stack
page read and write
6045000
heap
page read and write
D30000
heap
page read and write
29DF000
stack
page read and write
23A30000
heap
page read and write
30DF000
stack
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
429E000
stack
page read and write
348E000
stack
page read and write
2A990000
heap
page read and write
51F0000
direct allocation
page read and write
1D9AC000
heap
page read and write
4A30000
direct allocation
page execute and read and write
313000
unkown
page execute and write copy
4760000
direct allocation
page read and write
EF4000
heap
page read and write
384E000
stack
page read and write
1D9D0000
heap
page read and write
EF4000
heap
page read and write
9D0000
direct allocation
page read and write
EF4000
heap
page read and write
4760000
direct allocation
page read and write
EF4000
heap
page read and write
358F000
stack
page read and write
1D992000
heap
page read and write
EF4000
heap
page read and write
37DE000
stack
page read and write
EF4000
heap
page read and write
1D986000
heap
page read and write
EF4000
heap
page read and write
117F000
stack
page read and write
1D9B5000
heap
page read and write
1484000
heap
page read and write
DDB000
heap
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
30FE000
stack
page read and write
23A71000
heap
page read and write
4D60000
direct allocation
page execute and read and write
23AB2000
heap
page read and write
189E000
stack
page read and write
1D9CD000
heap
page read and write
165E000
stack
page read and write
2E5F000
stack
page read and write
2EDF000
stack
page read and write
4760000
direct allocation
page read and write
498F000
stack
page read and write
EF4000
heap
page read and write
4760000
direct allocation
page read and write
1484000
heap
page read and write
4D61000
heap
page read and write
4D80000
direct allocation
page execute and read and write
25DF000
stack
page read and write
2E9E000
stack
page read and write
4A50000
direct allocation
page execute and read and write
1FB000
unkown
page execute and read and write
1D69D000
stack
page read and write
FD0000
heap
page read and write
4D70000
direct allocation
page execute and read and write
474E000
stack
page read and write
349F000
stack
page read and write
36CF000
stack
page read and write
4D61000
heap
page read and write
23A7D000
heap
page read and write
EF4000
heap
page read and write
9D0000
direct allocation
page read and write
394F000
stack
page read and write
618E000
stack
page read and write
1484000
heap
page read and write
67A0000
heap
page read and write
EF4000
heap
page read and write
13C5000
heap
page read and write
2B1F000
stack
page read and write
1D9CC000
heap
page read and write
23A89000
heap
page read and write
4D61000
heap
page read and write
EF0000
heap
page read and write
4D61000
heap
page read and write
EF4000
heap
page read and write
1D9D0000
heap
page read and write
DB0000
heap
page read and write
4A70000
direct allocation
page execute and read and write
98C000
unkown
page execute and read and write
6CBEE000
unkown
page read and write
9D0000
direct allocation
page read and write
307F000
stack
page read and write
EF4000
heap
page read and write
1D9B5000
heap
page read and write
EF4000
heap
page read and write
1D99D000
heap
page read and write
43DE000
stack
page read and write
1D9AC000
heap
page read and write
51F0000
direct allocation
page read and write
EF4000
heap
page read and write
EF4000
heap
page read and write
5360000
direct allocation
page execute and read and write
9D0000
direct allocation
page read and write
6510000
heap
page read and write
88F1000
heap
page read and write
1484000
heap
page read and write
1D9B5000
heap
page read and write
370E000
stack
page read and write
4A30000
direct allocation
page execute and read and write
1484000
heap
page read and write
2A98C000
stack
page read and write
1D1CE000
stack
page read and write
D6F000
heap
page read and write
1D9CD000
heap
page read and write
88CC000
stack
page read and write
DA1000
heap
page read and write
4E10000
direct allocation
page execute and read and write
1D9CC000
heap
page read and write
3E3000
unkown
page execute and write copy
1D9B5000
heap
page read and write
3CDE000
stack
page read and write
EF4000
heap
page read and write
3107000
heap
page read and write
1D9C7000
heap
page read and write
11000
unkown
page execute and write copy
3C5E000
stack
page read and write
48B0000
direct allocation
page read and write
1D9AE000
heap
page read and write
5350000
heap
page read and write
23D23000
heap
page read and write
441F000
stack
page read and write
There are 873 hidden memdumps, click here to show them.