Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\BAAFBFBAAKEC\AAKKKEBFC
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\DHJKJK
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\EBAFHC
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\EHIDAK
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\FIIEHJDBK
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\GIJECG
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie
0x36, schema 4, UTF-8, version-valid-for 10
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\HCBGDG
|
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version
2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\HCBGDG-shm
|
data
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\HDAKFC
|
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version
2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\HDAKFC-shm
|
data
|
dropped
|
||
|
C:\ProgramData\BAAFBFBAAKEC\JJECAA
|
ASCII text, with very long lines (1743), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\143e866c-d711-46df-8d08-83f6ff57e66f.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\44c7abec-5e61-4c54-88c9-ba6950150ec6.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\46d6dbf8-7a5d-4d8b-923d-1ddd257ccc35.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6790d195-345f-4a4c-adb1-8bf6440dc945.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67445291-1D64.pma
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1d4593ad-319d-4a17-91c3-cb420270ef48.tmp
|
Unicode text, UTF-8 text, with very long lines (17533), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\34a9345a-e8da-4d26-9188-daed980a99c4.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\41ceb599-96b5-49ed-bfd4-577df6f4893f.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\462e8309-9cda-4c9c-94f2-ac283816e65a.tmp
|
Unicode text, UTF-8 text, with very long lines (17368), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6cd9719b-a6f4-4c37-9d36-cca31a70c159.tmp
|
Unicode text, UTF-8 text, with very long lines (17183), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\85879299-3e57-4e2b-9bc5-39936979e919.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5,
schema 4, UTF-8, version-valid-for 5
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
|
ASCII text, with very long lines (1597), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\02e1b5ef-b337-4c4e-b2af-64345ea11305.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\644beb23-716c-4471-8f8c-f3a81fbf1b16.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8be50629-d5c7-4086-9dad-9f66202a7f2b.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9de0937f-b92f-4031-b3cc-dad617b69ce6.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 8
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF411cf.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4268f.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fa822fd6-14d1-4f23-9dd2-3c7affcf037c.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF454f2.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF47d2b.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b10c.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF44d9f.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF49576.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377004436387015
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0dd84eb8-ee2d-4883-9b14-1c84aef16d52.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\237b71be-2451-4d85-adc7-b39870019d51.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\29d3e708-56f5-4dc1-abc4-b4828fdd9af5.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network
Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports~RF4268f.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch
Dictionaries (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust
Tokens
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d549f04c-37c4-4822-b2f2-97fce6224d63.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie
0x36, schema 4, UTF-8, version-valid-for 10
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
|
ASCII text, with very long lines (3951), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bd7418f8-a0f2-4de6-ad26-acbf6f673c08.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d044ea84-fc99-4a28-988c-7adc56c4b7eb.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f01e2021-85af-4286-a877-c1bb115acee0.tmp
|
ASCII text, with very long lines (1597), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fbe5.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fc05.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fdca.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4247c.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF46955.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
|
raw G3 (Group 3) FAX, byte-padded
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\be426f37-9411-4a75-ab08-1dac29dc46bf.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d5730f8d-1a9b-4cd0-861c-3cc5ec94062e.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\014214e0-ee21-4ca4-aa91-6e8a2cfec14b.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0fa673b3-bc62-41fb-aeab-60124d1890de.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5952f0da-9298-47c5-91a3-85504c44082d.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\b1bcff61-19fc-4c97-b9a6-510ce1a05960.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cbdde2b0-0135-4329-a3e4-8518bbf63e5e.tmp
|
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cv_debug.log
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\delays.tmp
|
DOS executable (COM)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f007b5f9-5c99-4437-9910-bdb91a320770.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\f9627de7-01a3-41a8-b4d5-cfa120235516.tmp
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\5952f0da-9298-47c5-91a3-85504c44082d.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\CRX_INSTALL\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\CRX_INSTALL\content.js
|
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\CRX_INSTALL\content_new.js
|
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\CRX_INSTALL\manifest.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\af\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\am\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ar\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\az\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\be\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\bg\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\bn\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ca\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\cs\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\cy\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\da\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\de\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\el\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\en\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\en_CA\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\en_GB\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\en_US\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\es\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\es_419\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\et\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\eu\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fa\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fi\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fil\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fr_CA\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\gl\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\gu\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\hi\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\hr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\hu\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\hy\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\id\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\is\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\it\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\iw\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ja\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ka\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\kk\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\km\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\kn\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ko\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\lo\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\lt\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\lv\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ml\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\mn\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\mr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ms\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\my\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ne\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\nl\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\no\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\pa\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\pl\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\pt_BR\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\pt_PT\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ro\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ru\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\si\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sk\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sl\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sv\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sw\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ta\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\te\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\th\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\tr\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\uk\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ur\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\vi\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\zh_CN\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\zh_HK\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\zh_TW\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\zu\messages.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_metadata\verified_contents.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\dasherSettingSchema.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\manifest.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\offscreendocument.html
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\offscreendocument_main.js
|
ASCII text, with very long lines (3777)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\page_embed_script.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\service_worker_bin_prod.js
|
ASCII text, with very long lines (3782)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\f007b5f9-5c99-4437-9910-bdb91a320770.tmp
|
Google Chrome extension, version 3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 449
|
ASCII text, with very long lines (4801)
|
downloaded
|
||
|
Chrome Cache Entry: 450
|
ASCII text, with very long lines (2586)
|
downloaded
|
||
|
Chrome Cache Entry: 451
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 452
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
|
Chrome Cache Entry: 453
|
ASCII text, with very long lines (5162), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 454
|
SVG Scalable Vector Graphics image
|
downloaded
|
There are 267 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2628 --field-trial-handle=2536,i,5756797432895461405,5854280884996212389,262144
/prefetch:8
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2316,i,7298558400750836120,13581212135822597317,262144
/prefetch:3
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin
--flag-switches-end --disable-nacl --do-not-de-elevate
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144
/prefetch:3
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService
--lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5252 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144
/prefetch:8
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor
--lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6732 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144
/prefetch:8
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker
--lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6736 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144
/prefetch:8
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAAFBFBAAKEC" & exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout /t 10
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://b2een.xyz/freebl3.dll
|
49.13.32.95
|
|
|
|
https://b2een.xyz/softokn3.dll
|
49.13.32.95
|
|
|
|
https://b2een.xyz/
|
49.13.32.95
|
|
|
|
https://b2een.xyz/vcruntime140.dll
|
49.13.32.95
|
|
|
|
https://b2een.xyz/nss3.dll
|
49.13.32.95
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://c.msn.com/
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://assets.msn.com/bundles/v1/edgeChromium/latest/common.070b7e2c0c11bf3433e5.js
|
23.209.72.7
|
||
|
http://www.broofa.com
|
unknown
|
||
|
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
|
unknown
|
||
|
https://ntp.msn.com/0
|
unknown
|
||
|
https://ntp.msn.com/_default
|
unknown
|
||
|
https://c.msn.com/c.gif?rnd=1732530850447&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c9ace0f4103f4a3e9851b1567c7f1f66&activityId=c9ace0f4103f4a3e9851b1567c7f1f66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0
|
20.110.205.119
|
||
|
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
|
unknown
|
||
|
https://www.last.fm/
|
unknown
|
||
|
https://b2een.xyz/sqlo.dllb
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ntp.msn.cn/edge/ntp
|
unknown
|
||
|
https://sb.scorecardresearch.com/
|
unknown
|
||
|
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530856083&w=0&anoncknm=app_anon&NoResponseBody=true
|
20.50.201.195
|
||
|
https://b2een.xyz/softokn3.dll9
|
unknown
|
||
|
https://t.me/fu4chmo
|
149.154.167.99
|
||
|
https://docs.google.com/
|
unknown
|
||
|
https://c.msn.com/c.gif?rnd=1732530850447&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c9ace0f4103f4a3e9851b1567c7f1f66&activityId=c9ace0f4103f4a3e9851b1567c7f1f66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=BEDBCD4E4EB849C3A0914972165CB7CB&MUID=3B41451CF8CD6E141684505EF9E46F8C
|
20.110.205.119
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://www.instagram.com
|
unknown
|
||
|
https://web.skype.com/?browsername=edge_canary_shoreline
|
unknown
|
||
|
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530857078&w=0&anoncknm=app_anon&NoResponseBody=true
|
20.50.201.195
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://t.me/fu4chmor08etMozilla/5.0
|
unknown
|
||
|
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
|
unknown
|
||
|
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
|
unknown
|
||
|
https://www.messenger.com
|
unknown
|
||
|
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
|
unknown
|
||
|
https://outlook.office.com/mail/compose?isExtension=true
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.181.68
|
||
|
https://unitedstates4.ss.wd.microsoft.us/
|
unknown
|
||
|
https://i.y.qq.com/n2/m/index.html
|
unknown
|
||
|
https://www.deezer.com/
|
unknown
|
||
|
https://web.telegram.org/
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
https://b2een.xyzIECBKEGH
|
unknown
|
||
|
https://mozilla.org0/
|
unknown
|
||
|
https://drive-daily-2.corp.google.com/
|
unknown
|
||
|
https://drive-daily-4.corp.google.com/
|
unknown
|
||
|
https://vibe.naver.com/today
|
unknown
|
||
|
https://srtb.msn.com/
|
unknown
|
||
|
https://unitedstates1.ss.wd.microsoft.us/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js
|
23.209.72.7
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://drive-daily-1.corp.google.com/
|
unknown
|
||
|
https://excel.new?from=EdgeM365Shoreline
|
unknown
|
||
|
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
|
unknown
|
||
|
https://drive-daily-5.corp.google.com/
|
unknown
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://bzib.nelreports.net/api/report?cat=bingbusiness
|
unknown
|
||
|
https://t.me/fu4chmoc
|
unknown
|
||
|
https://www.google.com/chrome
|
unknown
|
||
|
https://www.tiktok.com/
|
unknown
|
||
|
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530856086&w=0&anoncknm=app_anon&NoResponseBody=true
|
20.50.201.195
|
||
|
https://assets.msn.com/statics/icons/favicon_newtabpage.png
|
23.209.72.7
|
||
|
https://b2een.xyz/M
|
unknown
|
||
|
https://www.msn.com/web-notification-icon-light.png
|
unknown
|
||
|
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
|
unknown
|
||
|
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
|
unknown
|
||
|
https://chromewebstore.google.com/
|
unknown
|
||
|
https://drive-preprod.corp.google.com/
|
unknown
|
||
|
https://srtb.msn.cn/
|
unknown
|
||
|
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
|
unknown
|
||
|
https://msn.comXIDv10
|
unknown
|
||
|
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
|
unknown
|
||
|
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
|
unknown
|
||
|
https://chrome.google.com/webstore/
|
unknown
|
||
|
https://y.music.163.com/m/
|
unknown
|
||
|
https://b2een.xyz/msvcp140.dll2
|
unknown
|
||
|
https://unitedstates2.ss.wd.microsoft.us/
|
unknown
|
||
|
https://bard.google.com/
|
unknown
|
||
|
https://assets.msn.cn/resolver/
|
unknown
|
||
|
https://b2een.xyz/nss3.dll2
|
unknown
|
||
|
https://browser.events.data.msn.com/
|
unknown
|
||
|
https://t.me/
|
unknown
|
||
|
https://web.whatsapp.com
|
unknown
|
||
|
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530856942&w=0&anoncknm=app_anon&NoResponseBody=true
|
20.50.201.195
|
||
|
https://web.telegram.org
|
unknown
|
||
|
https://m.kugou.com/
|
unknown
|
||
|
https://www.office.com
|
unknown
|
||
|
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530850445&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
|
20.50.201.195
|
||
|
https://outlook.live.com/mail/0/
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199802540894
|
|||
|
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
|
unknown
|
||
|
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx
|
172.217.19.225
|
||
|
https://ntp.msn.com/edge/ntp
|
unknown
|
||
|
https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.4a2a9ed8240d3004231b.js
|
23.209.72.7
|
||
|
https://assets.msn.com/resolver/
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199802540894r08etMozilla/5.0
|
unknown
|
||
|
https://powerpoint.new?from=EdgeM365Shoreline
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://b2een.xyztosh;
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
b2een.xyz
|
49.13.32.95
|
|
|
|
chrome.cloudflare-dns.com
|
162.159.61.3
|
||
|
plus.l.google.com
|
142.250.181.110
|
||
|
t.me
|
149.154.167.99
|
||
|
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
|
94.245.104.56
|
||
|
www.google.com
|
142.250.181.68
|
||
|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
||
|
googlehosted.l.googleusercontent.com
|
172.217.19.225
|
||
|
clients2.googleusercontent.com
|
unknown
|
||
|
bzib.nelreports.net
|
unknown
|
||
|
ntp.msn.com
|
unknown
|
||
|
apis.google.com
|
unknown
|
There are 2 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.5
|
unknown
|
unknown
|
|
|
|
49.13.32.95
|
b2een.xyz
|
Germany
|
|
|
|
13.107.246.63
|
s-part-0035.t-0009.t-msedge.net
|
United States
|
||
|
13.107.246.40
|
unknown
|
United States
|
||
|
23.96.180.189
|
unknown
|
United States
|
||
|
23.200.0.6
|
unknown
|
United States
|
||
|
20.50.201.195
|
unknown
|
United States
|
||
|
23.219.82.75
|
unknown
|
United States
|
||
|
172.217.19.225
|
googlehosted.l.googleusercontent.com
|
United States
|
||
|
149.154.167.99
|
t.me
|
United Kingdom
|
||
|
108.139.47.50
|
unknown
|
United States
|
||
|
162.159.61.3
|
chrome.cloudflare-dns.com
|
United States
|
||
|
142.250.181.68
|
www.google.com
|
United States
|
||
|
20.110.205.119
|
unknown
|
United States
|
||
|
204.79.197.219
|
unknown
|
United States
|
||
|
172.64.41.3
|
unknown
|
United States
|
||
|
204.79.197.237
|
unknown
|
United States
|
||
|
23.209.72.7
|
unknown
|
United States
|
||
|
94.245.104.56
|
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
|
United Kingdom
|
||
|
172.183.192.109
|
unknown
|
United States
|
||
|
23.44.201.8
|
unknown
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
23.44.201.4
|
unknown
|
United States
|
||
|
104.117.182.56
|
unknown
|
United States
|
||
|
23.44.201.35
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 16 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214EF-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
|
Left
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
|
Top
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
freseenversion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
freseen
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
|
is_dse_recommended
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
|
is_startup_page_recommended
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197704
|
WindowTabManagerFileMappingId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
dgiklkfkllikcanfonkcabmbdfmgleag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
fikbjbembnmfhppjfnmfkahdhfohhjmg
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ghbmnnjooekpmoecnnnilnnbdlolhkhi
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
iglcjdemknebjbklcgkfaebgojjphkec
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ihmafllikibpmigkcoadcmckbfhibefp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jdiccldimpdaibmpdkjnbmckianbfold
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ncbjelpjchkpbikbpkcchkhkblodoama
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
|
EdgeMUID
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
|
MUID
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ahfgeienlihckogmohjhadlkjgocpleb
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ahokoikenoafgppiblgpenaaaolecifn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
bhmhibnbialendcafinliemndanacfaj
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
bobbggphonhgdonfdibkfipfepfcildj
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ceaifoolopnigfpidlheoagpheiplgii
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
cjneempfhkonkkbcmnfdibgobmhbagaj
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
dabfebgaghanlbehmkmaflipiohdimmc
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
dcaajljecejllikfgbhjdgeognacjkkp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
dgiklkfkllikcanfonkcabmbdfmgleag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
dmbljphlfghcnbohaoffiedmodfmkmol
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ehlmnljdoejdahfjdfobmpfancoibmig
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
eijpepilkjkofamihbmjcnihgpbebafj
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
enkoeamdnimieoooocohgbdajhhkajko
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
fikbjbembnmfhppjfnmfkahdhfohhjmg
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
fjngpfnaikknjdhkckmncgicobbkcnle
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
gbihlnbpmfkodghomcinpblknjhneknc
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
gbmoeijgfngecijpcnbooedokgafmmji
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
gcinnojdebelpnodghnoicmcdmamjoch
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
gecfnmoodchdkebjjffmdcmeghkflpib
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
gekagaaiohabmaknhkbaofhhedhelemf
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ghbmnnjooekpmoecnnnilnnbdlolhkhi
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ghglcnachgghkhbafjogogiggghcpjig
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
hciemgmhplhpinoohcjpafmncmjapioh
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
hloomjjkinpbjldhobfkfdamkmikjmdo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
hmlhageoffiiefnmojcgoagebofoifpl
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
iglcjdemknebjbklcgkfaebgojjphkec
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ihmafllikibpmigkcoadcmckbfhibefp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jbleckejnaboogigodiafflhkajdmpcl
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jdiccldimpdaibmpdkjnbmckianbfold
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jgcbloklkllbkmkbfckchanipicejgah
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jlipacegilfgfpgkefbjcncbfcoeecgj
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jmjflgjpcpepeafmmgdpfkogkghcpiha
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
jpfjdekhebcolnfkpicpciaknbgcdcbm
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
kfihiegbjaloebkmglnjnljoljgkkchm
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
khffkadolmfbdgahbabbhipadklfmhgf
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
kjncpkplfnolibapodobnnjfgmjmiaba
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
kkobcodijbdelbnhbfkkfncbeildnpie
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
kmojgmpmopiiagdfbilgognmlegkonbk
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
mhjfbmdgcfjbbpaeojofohoefgiehjai
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ncbjelpjchkpbikbpkcchkhkblodoama
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
nkbndigcebkoaejohleckhekfmcecfja
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
nkeimhogjdpnpccoofpliimaahmaaome
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
nnpnekncnhiglbokoiffmejlimgmgoam
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ofefcgjbeghpigppfmkologfjadafddi
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ojmnomejplkgljjhjindfoilnmobmihe
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
olkdlefmaniacnmgofabnpmomgcpdaip
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
olmhchkiafniffcaiciiomfdplnmklak
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
pencekojiebcjhifbkfdncgmmooepclc
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
ppnnjfpaneghjbcepgedmlcgmfgkjhah
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.account_id
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.last_username
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.last_account_id
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
lastrun
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197704
|
WindowTabManagerFileMappingId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197704
|
WindowTabManagerFileMappingId
|
There are 95 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
641000
|
unkown
|
page readonly
|
|
|
|
641000
|
unkown
|
page readonly
|
|
|
|
6B8000
|
unkown
|
page read and write
|
|
|
|
21920000
|
trusted library allocation
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
34DA000
|
heap
|
page read and write
|
||
|
34D2000
|
heap
|
page read and write
|
||
|
3592000
|
heap
|
page read and write
|
||
|
348F000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
3609000
|
heap
|
page read and write
|
||
|
1C790000
|
remote allocation
|
page read and write
|
||
|
3741000
|
heap
|
page read and write
|
||
|
3F40000
|
heap
|
page read and write
|
||
|
A48A000
|
heap
|
page read and write
|
||
|
10BDE000
|
stack
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
351F000
|
heap
|
page read and write
|
||
|
3DD25000
|
heap
|
page read and write
|
||
|
35AF000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
248E000
|
stack
|
page read and write
|
||
|
31E4E000
|
heap
|
page read and write
|
||
|
33F3000
|
heap
|
page read and write
|
||
|
2BED3000
|
heap
|
page read and write
|
||
|
213E1000
|
heap
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
3461000
|
heap
|
page read and write
|
||
|
21740000
|
heap
|
page read and write
|
||
|
345C000
|
heap
|
page read and write
|
||
|
3666000
|
heap
|
page read and write
|
||
|
34BD000
|
heap
|
page read and write
|
||
|
35AF000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
34F6000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
17C6D000
|
stack
|
page read and write
|
||
|
6AF000
|
unkown
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
A360000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
3527000
|
heap
|
page read and write
|
||
|
49C03000
|
heap
|
page read and write
|
||
|
1C73E000
|
stack
|
page read and write
|
||
|
3467000
|
heap
|
page read and write
|
||
|
3484000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
33AE000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
3468000
|
heap
|
page read and write
|
||
|
3601000
|
heap
|
page read and write
|
||
|
3461000
|
heap
|
page read and write
|
||
|
1A1AD000
|
stack
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
351F000
|
heap
|
page read and write
|
||
|
34D2000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
35A2000
|
heap
|
page read and write
|
||
|
35ED000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
1DE000
|
stack
|
page read and write
|
||
|
351F000
|
heap
|
page read and write
|
||
|
365A000
|
heap
|
page read and write
|
||
|
A483000
|
heap
|
page read and write
|
||
|
34D6000
|
heap
|
page read and write
|
||
|
3467000
|
heap
|
page read and write
|
||
|
34F6000
|
heap
|
page read and write
|
||
|
64E000
|
unkown
|
page write copy
|
||
|
1ED20000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
7E5E000
|
unkown
|
page read and write
|
||
|
214E0000
|
direct allocation
|
page execute and read and write
|
||
|
3527000
|
heap
|
page read and write
|
||
|
34DA000
|
heap
|
page read and write
|
||
|
351F000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
2172F000
|
direct allocation
|
page readonly
|
||
|
3499000
|
heap
|
page read and write
|
||
|
34F6000
|
heap
|
page read and write
|
||
|
35D6000
|
heap
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
212F0000
|
trusted library allocation
|
page read and write
|
||
|
34B7000
|
heap
|
page read and write
|
||
|
346E000
|
heap
|
page read and write
|
||
|
3337000
|
heap
|
page read and write
|
||
|
345F000
|
heap
|
page read and write
|
||
|
3515000
|
heap
|
page read and write
|
||
|
3425000
|
heap
|
page read and write
|
||
|
1569F000
|
stack
|
page read and write
|
||
|
216ED000
|
direct allocation
|
page execute read
|
||
|
3471000
|
heap
|
page read and write
|
||
|
3538000
|
heap
|
page read and write
|
||
|
356D000
|
heap
|
page read and write
|
||
|
34F3000
|
heap
|
page read and write
|
||
|
23C32000
|
heap
|
page read and write
|
||
|
361F000
|
heap
|
page read and write
|
||
|
84DA000
|
heap
|
page read and write
|
||
|
2172D000
|
direct allocation
|
page readonly
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
349E000
|
heap
|
page read and write
|
||
|
350D000
|
heap
|
page read and write
|
||
|
3467000
|
heap
|
page read and write
|
||
|
213D0000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
34F6000
|
heap
|
page read and write
|
||
|
216F8000
|
direct allocation
|
page readonly
|
||
|
3559000
|
heap
|
page read and write
|
||
|
851000
|
unkown
|
page read and write
|
||
|
35C6000
|
heap
|
page read and write
|
||
|
23B6B000
|
heap
|
page read and write
|
||
|
610000
|
unkown
|
page readonly
|
||
|
3337000
|
heap
|
page read and write
|
||
|
3461000
|
heap
|
page read and write
|
||
|
6C53E000
|
unkown
|
page read and write
|
||
|
3515000
|
heap
|
page read and write
|
||
|
3649000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
674000
|
unkown
|
page read and write
|
||
|
3639000
|
heap
|
page read and write
|
||
|
349D000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
372C000
|
heap
|
page read and write
|
||
|
34A6000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
34D2000
|
heap
|
page read and write
|
||
|
3519000
|
heap
|
page read and write
|
||
|
34B9000
|
heap
|
page read and write
|
||
|
349A000
|
heap
|
page read and write
|
||
|
213E1000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
34B7000
|
heap
|
page read and write
|
||
|
1ED0F000
|
stack
|
page read and write
|
||
|
348C000
|
heap
|
page read and write
|
||
|
34D5000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
34DA000
|
heap
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
348C000
|
heap
|
page read and write
|
||
|
21826000
|
heap
|
page read and write
|
||
|
3461000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
5A55D000
|
stack
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
34AB000
|
heap
|
page read and write
|
||
|
34D4000
|
heap
|
page read and write
|
||
|
34BD000
|
heap
|
page read and write
|
||
|
34F6000
|
heap
|
page read and write
|
||
|
3559000
|
heap
|
page read and write
|
||
|
3497000
|
heap
|
page read and write
|
||
|
35F2000
|
heap
|
page read and write
|
||
|
520AF000
|
stack
|
page read and write
|
||
|
24CF000
|
stack
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
356D000
|
heap
|
page read and write
|
||
|
3683000
|
heap
|
page read and write
|
||
|
34F3000
|
heap
|
page read and write
|
||
|
6F860000
|
unkown
|
page readonly
|
||
|
350D000
|
heap
|
page read and write
|
||
|
7EA0000
|
trusted library allocation
|
page read and write
|
||
|
350D000
|
heap
|
page read and write
|
||
|
6C361000
|
unkown
|
page execute read
|
||
|
345E000
|
heap
|
page read and write
|
||
|
34C6000
|
heap
|
page read and write
|
||
|
21960000
|
trusted library allocation
|
page read and write
|
||
|
348E000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
348F000
|
heap
|
page read and write
|
||
|
21896000
|
heap
|
page read and write
|
||
|
346B000
|
heap
|
page read and write
|
||
|
3538000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
6F6000
|
unkown
|
page read and write
|
||
|
3492000
|
heap
|
page read and write
|
||
|
34F3000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
365F000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
349E000
|
heap
|
page read and write
|
||
|
11C000
|
stack
|
page read and write
|
||
|
3527000
|
heap
|
page read and write
|
||
|
34B7000
|
heap
|
page read and write
|
||
|
43C92000
|
heap
|
page read and write
|
||
|
346A000
|
heap
|
page read and write
|
||
|
3191000
|
stack
|
page read and write
|
||
|
34F3000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
17C2C000
|
stack
|
page read and write
|
||
|
3471000
|
heap
|
page read and write
|
||
|
21920000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
349E000
|
heap
|
page read and write
|
||
|
34D5000
|
heap
|
page read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
3626000
|
heap
|
page read and write
|
||
|
35F5000
|
heap
|
page read and write
|
||
|
34F3000
|
heap
|
page read and write
|
||
|
6F8DD000
|
unkown
|
page readonly
|
||
|
1C790000
|
remote allocation
|
page read and write
|
||
|
21920000
|
trusted library allocation
|
page read and write
|
||
|
213E1000
|
heap
|
page read and write
|
||
|
34B9000
|
heap
|
page read and write
|
||
|
341E000
|
heap
|
page read and write
|
||
|
7F40000
|
heap
|
page read and write
|
||
|
34A7000
|
heap
|
page read and write
|
||
|
362B000
|
heap
|
page read and write
|
||
|
3679000
|
heap
|
page read and write
|
||
|
34C6000
|
heap
|
page read and write
|
||
|
213E1000
|
heap
|
page read and write
|
||
|
349E000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
23A2B000
|
heap
|
page read and write
|
||
|
34F3000
|
heap
|
page read and write
|
||
|
3538000
|
heap
|
page read and write
|
||
|
216EF000
|
direct allocation
|
page readonly
|
||
|
3337000
|
heap
|
page read and write
|
||
|
6C4FF000
|
unkown
|
page readonly
|
||
|
36F0000
|
heap
|
page read and write
|
||
|
3538000
|
heap
|
page read and write
|
||
|
34AB000
|
heap
|
page read and write
|
||
|
43F000
|
stack
|
page read and write
|
||
|
6F861000
|
unkown
|
page execute read
|
||
|
7AA000
|
unkown
|
page read and write
|
||
|
610000
|
unkown
|
page readonly
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
34C6000
|
heap
|
page read and write
|
||
|
35E7000
|
heap
|
page read and write
|
||
|
7F41000
|
heap
|
page read and write
|
||
|
350D000
|
heap
|
page read and write
|
||
|
3515000
|
heap
|
page read and write
|
||
|
23B89000
|
heap
|
page read and write
|
||
|
348C000
|
heap
|
page read and write
|
||
|
1A1FD000
|
stack
|
page read and write
|
||
|
3527000
|
heap
|
page read and write
|
||
|
863000
|
unkown
|
page readonly
|
||
|
7F4A000
|
heap
|
page read and write
|
||
|
349A000
|
heap
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
3337000
|
heap
|
page read and write
|
||
|
349E000
|
heap
|
page read and write
|
||
|
3519000
|
heap
|
page read and write
|
||
|
1C790000
|
remote allocation
|
page read and write
|
||
|
7F40000
|
heap
|
page read and write
|
||
|
156EB000
|
stack
|
page read and write
|
||
|
3492000
|
heap
|
page read and write
|
||
|
23C30000
|
heap
|
page read and write
|
||
|
3730000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
21820000
|
heap
|
page read and write
|
||
|
346A000
|
heap
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
3672000
|
heap
|
page read and write
|
||
|
611000
|
unkown
|
page execute and write copy
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
34DA000
|
heap
|
page read and write
|
||
|
218A8000
|
heap
|
page read and write
|
||
|
3519000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
37DBA000
|
heap
|
page read and write
|
||
|
A480000
|
heap
|
page read and write
|
||
|
35E3000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
34DA000
|
heap
|
page read and write
|
||
|
2172A000
|
direct allocation
|
page readonly
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
318D000
|
stack
|
page read and write
|
||
|
3515000
|
heap
|
page read and write
|
||
|
34DA000
|
heap
|
page read and write
|
||
|
34C6000
|
heap
|
page read and write
|
||
|
214E8000
|
direct allocation
|
page execute read
|
||
|
3335000
|
heap
|
page read and write
|
||
|
35B6000
|
heap
|
page read and write
|
||
|
212BA000
|
stack
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
3652000
|
heap
|
page read and write
|
||
|
35AB000
|
heap
|
page read and write
|
||
|
35CE000
|
heap
|
page read and write
|
||
|
6C545000
|
unkown
|
page readonly
|
||
|
348D000
|
heap
|
page read and write
|
||
|
1ED7B000
|
stack
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
366E000
|
heap
|
page read and write
|
||
|
1C7CE000
|
stack
|
page read and write
|
||
|
3515000
|
heap
|
page read and write
|
||
|
35DD000
|
heap
|
page read and write
|
||
|
C5C000
|
stack
|
page read and write
|
||
|
346E000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
34DA000
|
heap
|
page read and write
|
||
|
34AB000
|
heap
|
page read and write
|
||
|
34A6000
|
heap
|
page read and write
|
||
|
349E000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
34F3000
|
heap
|
page read and write
|
||
|
69D000
|
unkown
|
page read and write
|
||
|
214E1000
|
direct allocation
|
page execute read
|
||
|
A41D000
|
stack
|
page read and write
|
||
|
3337000
|
heap
|
page read and write
|
||
|
213E1000
|
heap
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
3519000
|
heap
|
page read and write
|
||
|
34AA000
|
heap
|
page read and write
|
||
|
3680000
|
heap
|
page read and write
|
||
|
212FD000
|
heap
|
page read and write
|
||
|
7F38000
|
heap
|
page read and write
|
||
|
1311E000
|
stack
|
page read and write
|
||
|
362E000
|
heap
|
page read and write
|
||
|
1315E000
|
stack
|
page read and write
|
||
|
21646000
|
direct allocation
|
page execute read
|
||
|
7E9E000
|
unkown
|
page read and write
|
||
|
6F8F2000
|
unkown
|
page readonly
|
||
|
34AB000
|
heap
|
page read and write
|
||
|
34FD000
|
heap
|
page read and write
|
||
|
34A1000
|
heap
|
page read and write
|
||
|
23A24000
|
heap
|
page read and write
|
||
|
A45E000
|
stack
|
page read and write
|
||
|
35BE000
|
heap
|
page read and write
|
||
|
350D000
|
heap
|
page read and write
|
||
|
348C000
|
heap
|
page read and write
|
||
|
34A5000
|
heap
|
page read and write
|
||
|
6C540000
|
unkown
|
page read and write
|
||
|
361A000
|
heap
|
page read and write
|
||
|
34F3000
|
heap
|
page read and write
|
||
|
346E000
|
heap
|
page read and write
|
||
|
3559000
|
heap
|
page read and write
|
||
|
363F000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
34B7000
|
heap
|
page read and write
|
||
|
346E000
|
heap
|
page read and write
|
||
|
349E000
|
heap
|
page read and write
|
||
|
24F8000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
6F8EE000
|
unkown
|
page read and write
|
||
|
3519000
|
heap
|
page read and write
|
||
|
351F000
|
heap
|
page read and write
|
||
|
21899000
|
heap
|
page read and write
|
||
|
3632000
|
heap
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
E69F000
|
stack
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
2BECE000
|
stack
|
page read and write
|
||
|
34B9000
|
heap
|
page read and write
|
||
|
7F46000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
7F49000
|
heap
|
page read and write
|
||
|
6C53F000
|
unkown
|
page write copy
|
||
|
340F000
|
heap
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
3598000
|
heap
|
page read and write
|
||
|
6B2000
|
unkown
|
page read and write
|
||
|
64E000
|
unkown
|
page write copy
|
||
|
A3DE000
|
stack
|
page read and write
|
||
|
213E1000
|
heap
|
page read and write
|
||
|
3527000
|
heap
|
page read and write
|
||
|
7E1F000
|
stack
|
page read and write
|
||
|
6C360000
|
unkown
|
page readonly
|
||
|
3337000
|
heap
|
page read and write
|
||
|
356D000
|
heap
|
page read and write
|
||
|
3611000
|
heap
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
3425000
|
heap
|
page read and write
|
||
|
34A6000
|
heap
|
page read and write
|
||
|
35FB000
|
heap
|
page read and write
|
||
|
34ED000
|
heap
|
page read and write
|
||
|
611000
|
unkown
|
page execute and write copy
|
||
|
81EC000
|
stack
|
page read and write
|
||
|
3598000
|
heap
|
page read and write
|
||
|
348F000
|
heap
|
page read and write
|
||
|
35A9000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
356D000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
3538000
|
heap
|
page read and write
|
||
|
319D000
|
stack
|
page read and write
|
||
|
366B000
|
heap
|
page read and write
|
||
|
863000
|
unkown
|
page readonly
|
||
|
34B7000
|
heap
|
page read and write
|
||
|
21722000
|
direct allocation
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
3559000
|
heap
|
page read and write
|
||
|
3504000
|
heap
|
page read and write
|
||
|
213E0000
|
heap
|
page read and write
|
||
|
34A2000
|
heap
|
page read and write
|
There are 382 hidden memdumps, click here to show them.