Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

file.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\DocumentsJEBKKEGDBF.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\BAAFCAFCBKFHJJJKKFHI

ASCII text, with very long lines (1717), with CRLF line terminators

dropped

C:\ProgramData\BKEBFHIJECFIDGDGCGHC

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\FCGCGDHJ

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10

dropped

C:\ProgramData\GDGHJEHJJDAAAKEBGCFCAAAAEH

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\GIIEGHID

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\IIEHJEHDBGHIDGDGHCBG

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\JEGDGIIJJECFIDHJJKKFCAECFH

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\freebl3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\mozglue.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\msvcp140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\ProgramData\nss3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\softokn3.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\ProgramData\vcruntime140.dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2305a08f-ae32-439f-bc7e-766ec52986c5.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\445200ff-7ab7-4056-aae6-fcc9b4767ea4.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6a636b6d-b1ac-4f3c-9d6b-0b0bdaf9c1bf.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\e4e6dbef-20fe-443f-b6e5-522f2edac5ac.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67451939-1E34.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1ef023f0-df38-42b7-b95a-37a69fa01dda.tmp

Unicode text, UTF-8 text, with very long lines (16490), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2a80fca4-4602-4986-ac0c-a0e00ce61a20.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\576b0d02-cbaa-4208-8565-ef959626ccf6.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5e533088-b1b2-48af-9888-85e7083ea70b.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7c393d9d-d50e-4b95-830f-bf53eb413cc6.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7c6da5f6-fa79-4e04-a305-9913507f5c3a.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\85475d01-582f-40da-bda6-6b0df19bbba8.tmp

Unicode text, UTF-8 text, with very long lines (17433), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\88116f4b-39be-4339-b0f4-862293dee55a.tmp

Unicode text, UTF-8 text, with very long lines (17433), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\967e91f9-ebc1-4137-a70c-0a53427fbb2d.tmp

Unicode text, UTF-8 text, with very long lines (17268), with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

ASCII text, with very long lines (1597), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1f3b6390-9ee7-4f35-abb8-ec52d32e133c.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6cabc58f-f8f4-467a-a030-3e172255fc27.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\799c5d0b-e5bf-413c-95b0-60f9aa24d0db.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\994ce47e-5b82-444d-adf5-75cc29e21265.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4ca03.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3bae5.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ce7c.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bff45595-cbc9-4a30-ab8c-460fac740265.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fcc3eef2-2035-4a0e-af19-324f2955877b.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3fa01.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4294e.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF460c9.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b6d9.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3f59c.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF43b50.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF444a6.TMP (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377055292047558

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1ac2a566-5474-4fbe-a390-5a32bdfe3640.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\52a9cc4a-0417-401d-8f13-bcfcd76e9eee.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\72bcf044-09c0-4a24-8de2-c92a7e6aa874.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3ce8c.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\bfc34b28-d461-4112-b879-fe5bb5581ffb.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a6c4843c-69ae-4f1c-aa90-a1fc4dcf0b15.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

ASCII text, with very long lines (3951), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f8135fb2-1b39-4286-98dd-493e1a7c0b17.tmp

ASCII text, with very long lines (1597), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

SQLite Write-Ahead Log, version 3007000

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a3d2.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a401.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a634.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3cc88.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF417f9.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b6aa.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5141c.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

raw G3 (Group 3) FAX, byte-padded

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a44cab7d-2f38-40a2-b8b7-b61a988e0db9.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c7147c8c-882a-404b-973c-3c0830e0c56f.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ca355e99-422a-492a-b697-8c5db69fdf5b.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dc2665ed-7edb-45ac-bd96-9937f012239f.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f99a479d-61d2-4d87-9b0c-d102b96d7701.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\06bfb930-b185-4e57-9ddd-3a919d69a66f.tmp

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3

dropped

C:\Users\user\AppData\Local\Temp\1009152001\aa08c11115.exe

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\2d990d95-7229-4d62-b941-615cc17937b6.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\4e525942-4b40-42ea-86d2-21e64ff569c0.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\563d26d9-ce5c-45c1-b136-7c303b89d603.tmp

gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924

dropped

C:\Users\user\AppData\Local\Temp\75376b6a-adbd-40f5-93d5-c3470be47ea3.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\7b844508-3b93-4358-9586-c921708b863f.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\9efde6c1-7570-4bb3-9566-ade64a07ce4b.tmp

JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3

dropped

C:\Users\user\AppData\Local\Temp\cv_debug.log

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_1061089770\4e525942-4b40-42ea-86d2-21e64ff569c0.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_1061089770\CRX_INSTALL\_metadata\verified_contents.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_1061089770\CRX_INSTALL\content.js

Unicode text, UTF-8 text, with very long lines (8031), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_1061089770\CRX_INSTALL\content_new.js

Unicode text, UTF-8 text, with very long lines (8604), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_1061089770\CRX_INSTALL\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\2d990d95-7229-4d62-b941-615cc17937b6.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\af\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\am\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ar\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\az\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\be\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\bg\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\bn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ca\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\cs\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\cy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\da\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\de\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\el\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\en\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\en_CA\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\en_GB\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\en_US\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\es\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\es_419\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\et\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\eu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\fa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\fi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\fil\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\fr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\fr_CA\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\gl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\gu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\hi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\hr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\hu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\hy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\id\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\is\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\it\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\iw\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ja\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ka\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\kk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\km\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\kn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ko\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\lo\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\lt\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\lv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ml\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\mn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\mr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ms\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\my\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ne\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\nl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\no\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\pa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\pl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\pt_BR\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\pt_PT\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ro\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ru\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\si\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\sk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\sl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\sr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\sv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\sw\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ta\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\te\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\th\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\tr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\uk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\ur\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\vi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\zh_CN\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\zh_HK\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\zh_TW\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_locales\zu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\_metadata\verified_contents.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\dasherSettingSchema.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\offscreendocument.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\offscreendocument_main.js

ASCII text, with very long lines (3777)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\page_embed_script.js

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir7732_2127480048\CRX_INSTALL\service_worker_bin_prod.js

ASCII text, with very long lines (3782)

dropped

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

data

dropped

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

data

dropped

C:\Windows\Tasks\skotes.job

data

dropped

Chrome Cache Entry: 385

ASCII text, with very long lines (755)

downloaded

Chrome Cache Entry: 386

ASCII text, with very long lines (2586)

downloaded

Chrome Cache Entry: 387

ASCII text

downloaded

Chrome Cache Entry: 388

ASCII text, with very long lines (65531)

downloaded

Chrome Cache Entry: 389

ASCII text, with very long lines (5162), with no line terminators

downloaded

Chrome Cache Entry: 390

SVG Scalable Vector Graphics image

downloaded

There are 280 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2180,i,6193051421280990808,11917923522611111916,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2456,i,17039394704386658941,8402415813546333380,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2016,i,17214769744475622277,13098018921734231120,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6092 --field-trial-handle=2016,i,17214769744475622277,13098018921734231120,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7012 --field-trial-handle=2016,i,17214769744475622277,13098018921734231120,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5368 --field-trial-handle=2016,i,17214769744475622277,13098018921734231120,262144 /prefetch:8

C:\Users\user\DocumentsJEBKKEGDBF.exe

"C:\Users\user\DocumentsJEBKKEGDBF.exe"

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=5400 --field-trial-handle=2016,i,17214769744475622277,13098018921734231120,262144 /prefetch:8

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJEBKKEGDBF.exe"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

There are 8 hidden processes, click here to show them.

URLs

Name

Malicious

http://185.215.113.206/68b591d6548ec281/softokn3.dll

185.215.113.206

https://duckduckgo.com/chrome_newtab

unknown

http://185.215.113.206/c4becf79229cb002.php~U

unknown

http://185.215.113.2060

unknown

https://duckduckgo.com/ac/?q=

unknown

http://185.215.113.206/

185.215.113.206

https://c.msn.com/c.gif?rnd=1732581705995&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=e28f39e28eb142bdaa5545b112f458fa&activityId=e28f39e28eb142bdaa5545b112f458fa&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=2A6B96A97C4E4072A602F53B40E2433F&MUID=3553E294F9366CAE0604F7D7F89E6D7D

20.110.205.119

http://www.broofa.com

unknown

http://31.41.244.11/files/random.exeer

unknown

https://tse1.mm.bing.net/th?id=OADD2.10239351692182_1I6V30R2J66NF61KL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

150.171.27.10

https://ntp.msn.com/0

unknown

https://ntp.msn.com/_default

unknown

http://185.215.113.16/mine/random.exe9b

unknown

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732581712790&w=0&anoncknm=app_anon&NoResponseBody=true

52.168.117.168

https://deff.nelreports.net/api/report?cat=msn

23.57.90.78

http://31.41.244.11/files/random.exe8

unknown

https://deff.nelreports.net/api/report

unknown

http://31.41.244.11/files/random.exe3

unknown

https://tse1.mm.bing.net/th?id=OADD2.10239400772016_15QVOA8CAZLQ6LFE4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

150.171.27.10

https://docs.google.com/

unknown

http://31.41.244.11/files/random.exe0623847g

unknown

http://31.41.244.11/

unknown

http://31.41.244.11/files/random.exeem32

unknown

http://185.215.113.43/Zu7JuNko/index.php

185.215.113.43

http://185.215.113.206/68b591d6548ec281/mozglue.dll-

unknown

https://deff.nelreports.net/api/report?cat=msnw

unknown

http://31.41.244.11/files/random.exe5062384ed?pE

unknown

http://185.215.113.206/68b591d6548ec281/freebl3.dll

185.215.113.206

https://drive.google.com/

unknown

https://tse1.mm.bing.net/th?id=OADD2.10239400770824_1KWY1ODV8FNLB48KP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

150.171.27.10

http://185.215.113.206/68b591d6548ec281/nss3.dll

185.215.113.206

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

142.250.181.100

https://unitedstates4.ss.wd.microsoft.us/

unknown

http://www.mozilla.com/en-US/blocklist/

unknown

https://mozilla.org0/

unknown

https://drive-daily-2.corp.google.com/

unknown

https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi

unknown

https://drive-daily-4.corp.google.com/

unknown

https://unitedstates1.ss.wd.microsoft.us/

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://assets.msn.com

unknown

https://www.ecosia.org/newtab/

unknown

https://drive-daily-1.corp.google.com/

unknown

https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br

unknown

http://185.215.113.206/68b591d6548ec281/freebl3.dllu

unknown

http://185.215.113.206ngineer

unknown

https://drive-daily-5.corp.google.com/

unknown

http://31.41.244.11/files/random.exeJSE;.

unknown

52.168.117.168

http://31.41.244.11//Zu7JuNko/index.php

unknown

https://tse1.mm.bing.net/th?id=OADD2.10239389015249_1YG5WL97CZWWEQABD&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

150.171.27.10

http://185.215.113.206/c4becf79229cb002.php9

unknown

https://play.google.com/log?format=json&hasfast=true

unknown

https://bzib.nelreports.net/api/report?cat=bingbusiness

23.57.90.78

http://31.41.244.11/215.113.43/Zu7JuNko/index.php

unknown

https://www.google.com/chrome

unknown

https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt

unknown

https://chromewebstore.google.com/

unknown

https://drive-preprod.corp.google.com/

unknown

https://msn.comXIDv10

unknown

http://31.41.244.11/files/random.exe

unknown

https://chrome.google.com/webstore/

unknown

https://unitedstates2.ss.wd.microsoft.us/

unknown

https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta

unknown

http://185.215.113.206/68b591d6548ec281/vcruntime140.dll

185.215.113.206

https://sb.scorecardresearch.com/b2?rn=1732581705996&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3553E294F9366CAE0604F7D7F89E6D7D&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null

13.226.94.67

52.168.117.168

https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx

172.217.19.225

http://185.215.113.16/mine/random.exe

185.215.113.16

https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://185.215.113.206/68b591d6548ec281/sqlite3.dll

185.215.113.206

https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg

unknown

https://ntp.msn.com

unknown

52.168.117.168

https://drive-staging.corp.google.com/

unknown

http://185.215.113.206/68b591d6548ec281/nss3.dllSagl

unknown

https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search

unknown

http://185.215.113.206/68b591d6548ec281/mozglue.dll

185.215.113.206

https://apis.google.com

unknown

https://ntp.msn.com/

unknown

http://185.215.113.206/c4becf79229cb002.phpKEGDBF.exeata;

unknown

http://www.sqlite.org/copyright.html.

unknown

https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start

unknown

https://ntp.msn.com/ntp.msn.com_default

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.

unknown

http://185.215.113.206/68b591d6548ec281/msvcp140.dll

185.215.113.206

https://drive-autopush.corp.google.com/

unknown

https://sb.scorecardresearch.com/b?rn=1732581705996&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3553E294F9366CAE0604F7D7F89E6D7D&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null

13.226.94.67

http://185.215.113.206/c4becf79229cb002.php

185.215.113.206

https://www.google.com/async/newtab_promos

142.250.181.100

https://ntp.msn.comService-Worker-Allowed:

unknown

https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

unknown

http://31.41.244.11/files/random.exephp-p3

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://www.google.com/async/ddljson?async=ntp:2

142.250.181.100

http://31.41.244.11/files/random.exe1009152001

unknown

52.168.117.168

https://tse1.mm.bing.net/th?id=OADD2.10239351692183_1GSWAYG616F8PFDNZ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

150.171.27.10

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

chrome.cloudflare-dns.com

162.159.61.3

bg.microsoft.map.fastly.net

199.232.214.172

plus.l.google.com

172.217.17.78

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

94.245.104.56

sb.scorecardresearch.com

18.165.220.57

www.google.com

142.250.181.100

s-part-0035.t-0009.t-msedge.net

13.107.246.63

googlehosted.l.googleusercontent.com

172.217.19.225

clients2.googleusercontent.com

unknown

bzib.nelreports.net

unknown

assets.msn.com

unknown

c.msn.com

unknown

deff.nelreports.net

unknown

ntp.msn.com

unknown

apis.google.com

unknown

api.msn.com

unknown

There are 6 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

185.215.113.43

unknown

Portugal

192.168.2.6

unknown

185.215.113.16

unknown

Portugal

185.215.113.206

unknown

Portugal

13.107.246.40

unknown

United States

23.57.90.133

unknown

United States

172.217.19.225

googlehosted.l.googleusercontent.com

United States

162.159.61.3

chrome.cloudflare-dns.com

United States

20.110.205.119

unknown

United States

172.217.17.78

plus.l.google.com

United States

18.165.220.57

sb.scorecardresearch.com

United States

239.255.255.250

unknown

Reserved

104.117.182.56

unknown

United States

23.57.90.70

unknown

United States

20.75.60.91

unknown

United States

52.168.117.168

unknown

United States

127.0.0.1

unknown

23.57.90.78

unknown

United States

13.107.246.63

s-part-0035.t-0009.t-msedge.net

United States

23.57.90.156

unknown

United States

13.226.94.67

unknown

United States

204.79.197.219

unknown

United States

172.64.41.3

unknown

United States

31.41.244.11

unknown

Russian Federation

23.209.72.8

unknown

United States

94.245.104.56

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

United Kingdom

142.250.181.100

www.google.com

United States

23.44.201.13

unknown

United States

There are 18 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB

Left

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB

Top

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

freseenversion

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

freseen

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults

is_dse_recommended

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults

is_startup_page_recommended

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197704

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dgiklkfkllikcanfonkcabmbdfmgleag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fikbjbembnmfhppjfnmfkahdhfohhjmg

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

iglcjdemknebjbklcgkfaebgojjphkec

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ihmafllikibpmigkcoadcmckbfhibefp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jdiccldimpdaibmpdkjnbmckianbfold

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ncbjelpjchkpbikbpkcchkhkblodoama

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds

EdgeMUID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default

MUID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahokoikenoafgppiblgpenaaaolecifn

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bhmhibnbialendcafinliemndanacfaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bobbggphonhgdonfdibkfipfepfcildj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ceaifoolopnigfpidlheoagpheiplgii

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

cjneempfhkonkkbcmnfdibgobmhbagaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dabfebgaghanlbehmkmaflipiohdimmc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dcaajljecejllikfgbhjdgeognacjkkp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dgiklkfkllikcanfonkcabmbdfmgleag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dmbljphlfghcnbohaoffiedmodfmkmol

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ehlmnljdoejdahfjdfobmpfancoibmig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

eijpepilkjkofamihbmjcnihgpbebafj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

enkoeamdnimieoooocohgbdajhhkajko

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fikbjbembnmfhppjfnmfkahdhfohhjmg

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fjngpfnaikknjdhkckmncgicobbkcnle

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbihlnbpmfkodghomcinpblknjhneknc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbmoeijgfngecijpcnbooedokgafmmji

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gcinnojdebelpnodghnoicmcdmamjoch

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gecfnmoodchdkebjjffmdcmeghkflpib

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gekagaaiohabmaknhkbaofhhedhelemf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghglcnachgghkhbafjogogiggghcpjig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hciemgmhplhpinoohcjpafmncmjapioh

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hloomjjkinpbjldhobfkfdamkmikjmdo

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hmlhageoffiiefnmojcgoagebofoifpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

iglcjdemknebjbklcgkfaebgojjphkec

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ihmafllikibpmigkcoadcmckbfhibefp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jbleckejnaboogigodiafflhkajdmpcl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jdiccldimpdaibmpdkjnbmckianbfold

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jgcbloklkllbkmkbfckchanipicejgah

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jlipacegilfgfpgkefbjcncbfcoeecgj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jpfjdekhebcolnfkpicpciaknbgcdcbm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kfihiegbjaloebkmglnjnljoljgkkchm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

khffkadolmfbdgahbabbhipadklfmhgf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kjncpkplfnolibapodobnnjfgmjmiaba

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kkobcodijbdelbnhbfkkfncbeildnpie

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kmojgmpmopiiagdfbilgognmlegkonbk

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ncbjelpjchkpbikbpkcchkhkblodoama

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkbndigcebkoaejohleckhekfmcecfja

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nnpnekncnhiglbokoiffmejlimgmgoam

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ofefcgjbeghpigppfmkologfjadafddi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ojmnomejplkgljjhjindfoilnmobmihe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olkdlefmaniacnmgofabnpmomgcpdaip

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olmhchkiafniffcaiciiomfdplnmklak

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

pencekojiebcjhifbkfdncgmmooepclc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ppnnjfpaneghjbcepgedmlcgmfgkjhah

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahokoikenoafgppiblgpenaaaolecifn

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bhmhibnbialendcafinliemndanacfaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bobbggphonhgdonfdibkfipfepfcildj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ceaifoolopnigfpidlheoagpheiplgii

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

cjneempfhkonkkbcmnfdibgobmhbagaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dabfebgaghanlbehmkmaflipiohdimmc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dcaajljecejllikfgbhjdgeognacjkkp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dgiklkfkllikcanfonkcabmbdfmgleag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dmbljphlfghcnbohaoffiedmodfmkmol

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ehlmnljdoejdahfjdfobmpfancoibmig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

eijpepilkjkofamihbmjcnihgpbebafj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

enkoeamdnimieoooocohgbdajhhkajko

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fikbjbembnmfhppjfnmfkahdhfohhjmg

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fjngpfnaikknjdhkckmncgicobbkcnle

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbihlnbpmfkodghomcinpblknjhneknc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbmoeijgfngecijpcnbooedokgafmmji

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gcinnojdebelpnodghnoicmcdmamjoch

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gecfnmoodchdkebjjffmdcmeghkflpib

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gekagaaiohabmaknhkbaofhhedhelemf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghglcnachgghkhbafjogogiggghcpjig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hciemgmhplhpinoohcjpafmncmjapioh

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hloomjjkinpbjldhobfkfdamkmikjmdo

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hmlhageoffiiefnmojcgoagebofoifpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

iglcjdemknebjbklcgkfaebgojjphkec

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ihmafllikibpmigkcoadcmckbfhibefp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jbleckejnaboogigodiafflhkajdmpcl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jdiccldimpdaibmpdkjnbmckianbfold

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jgcbloklkllbkmkbfckchanipicejgah

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jlipacegilfgfpgkefbjcncbfcoeecgj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jmjflgjpcpepeafmmgdpfkogkghcpiha

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jpfjdekhebcolnfkpicpciaknbgcdcbm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kfihiegbjaloebkmglnjnljoljgkkchm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

khffkadolmfbdgahbabbhipadklfmhgf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kjncpkplfnolibapodobnnjfgmjmiaba

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kkobcodijbdelbnhbfkkfncbeildnpie

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kmojgmpmopiiagdfbilgognmlegkonbk

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ncbjelpjchkpbikbpkcchkhkblodoama

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkbndigcebkoaejohleckhekfmcecfja

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nnpnekncnhiglbokoiffmejlimgmgoam

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ofefcgjbeghpigppfmkologfjadafddi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ojmnomejplkgljjhjindfoilnmobmihe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olkdlefmaniacnmgofabnpmomgcpdaip

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olmhchkiafniffcaiciiomfdplnmklak

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

pencekojiebcjhifbkfdncgmmooepclc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ppnnjfpaneghjbcepgedmlcgmfgkjhah

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.account_id

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.last_username

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.last_account_id

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

lastrun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property

0018000DDABBE6B3

HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}

DeviceTicket

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197704

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197704

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197704

WindowTabManagerFileMappingId

There are 145 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

48F0000

direct allocation

page read and write

4FE0000

direct allocation

page read and write

4BB0000

direct allocation

page read and write

261000

unkown

page execute and read and write

4B00000

direct allocation

page read and write

E1000

unkown

page execute and read and write

FD1000

unkown

page execute and read and write

261000

unkown

page execute and read and write

4EF0000

direct allocation

page read and write

84E000

heap

page read and write

261000

unkown

page execute and read and write

538000

unkown

page execute and read and write

4C11000

direct allocation

page read and write

2A15B000

stack

page read and write

9A0000

heap

page read and write

2C9000

unkown

page write copy

329F000

stack

page read and write

365E000

stack

page read and write

D58000

heap

page read and write

4731000

heap

page read and write

43AE000

stack

page read and write

4740000

heap

page read and write

ED0000

direct allocation

page read and write

1D13D000

heap

page read and write

4680000

heap

page read and write

A34000

heap

page read and write

F3B000

stack

page read and write

4731000

heap

page read and write

41BE000

stack

page read and write

4731000

heap

page read and write

3A1F000

stack

page read and write

3A9D000

stack

page read and write

61ECC000

direct allocation

page read and write

4731000

heap

page read and write

4731000

heap

page read and write

4D10000

direct allocation

page execute and read and write

4681000

heap

page read and write

4731000

heap

page read and write

4731000

heap

page read and write

2C9000

unkown

page write copy

1D145000

heap

page read and write

5F9E000

stack

page read and write

4AC0000

direct allocation

page execute and read and write

261000

unkown

page execute and write copy

382F000

stack

page read and write

9C4000

heap

page read and write

4B10000

direct allocation

page execute and read and write

3EAE000

stack

page read and write

12B0000

direct allocation

page read and write

820000

direct allocation

page read and write

4461000

heap

page read and write

A34000

heap

page read and write

232E0000

trusted library allocation

page read and write

4731000

heap

page read and write

431F000

stack

page read and write

A34000

heap

page read and write

3F0000

unkown

page execute and read and write

5110000

direct allocation

page execute and read and write

A34000

heap

page read and write

1D142000

heap

page read and write

9F0000

direct allocation

page read and write

674000

heap

page read and write

5100000

direct allocation

page execute and read and write

2362C000

heap

page read and write

4F8000

stack

page read and write

4731000

heap

page read and write

6367000

heap

page read and write

327F000

stack

page read and write

121A000

unkown

page write copy

A34000

heap

page read and write

405F000

stack

page read and write

9C4000

heap

page read and write

A34000

heap

page read and write

110E000

stack

page read and write

9C4000

heap

page read and write

3C2E000

stack

page read and write

E0000

unkown

page readonly

1CE2B000

stack

page read and write

674000

heap

page read and write

674000

heap

page read and write

2840000

direct allocation

page read and write

28FF000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

12C0000

heap

page read and write

1D160000

heap

page read and write

3CBE000

stack

page read and write

232E0000

trusted library allocation

page read and write

1D145000

heap

page read and write

1284000

heap

page read and write

9C4000

heap

page read and write

D1B000

heap

page read and write

41DF000

stack

page read and write

389F000

stack

page read and write

1250000

direct allocation

page read and write

9F0000

direct allocation

page read and write

4461000

heap

page read and write

6351000

heap

page read and write

1D13D000

heap

page read and write

4EF0000

direct allocation

page read and write

4A61000

heap

page read and write

C90000

heap

page read and write

50D0000

direct allocation

page execute and read and write

450000

unkown

page execute and read and write

A34000

heap

page read and write

4CB4000

heap

page read and write

9C4000

heap

page read and write

EFB000

heap

page read and write

4461000

heap

page read and write

A34000

heap

page read and write

5041000

direct allocation

page read and write

34AE000

stack

page read and write

435E000

stack

page read and write

4731000

heap

page read and write

4461000

heap

page read and write

4D70000

direct allocation

page execute and read and write

4731000

heap

page read and write

51AE000

stack

page read and write

F1E000

stack

page read and write

2BEE000

stack

page read and write

4830000

trusted library allocation

page read and write

90C000

stack

page read and write

3DDE000

stack

page read and write

1CA5F000

stack

page read and write

5170000

direct allocation

page execute and read and write

674000

heap

page read and write

80E000

stack

page read and write

4461000

heap

page read and write

1D121000

heap

page read and write

9C4000

heap

page read and write

233C6000

heap

page read and write

305F000

stack

page read and write

10A0000

unkown

page execute and read and write

A34000

heap

page read and write

4731000

heap

page read and write

419F000

stack

page read and write

4461000

heap

page read and write

379F000

stack

page read and write

4AC0000

trusted library allocation

page read and write

1284000

heap

page read and write

A34000

heap

page read and write

674000

heap

page read and write

1D145000

heap

page read and write

820000

direct allocation

page read and write

42DE000

stack

page read and write

12B0000

direct allocation

page read and write

8A1000

heap

page read and write

4731000

heap

page read and write

1D152000

heap

page read and write

57F000

unkown

page execute and write copy

4690000

heap

page read and write

9C4000

heap

page read and write

4731000

heap

page read and write

4D10000

direct allocation

page execute and read and write

1D160000

heap

page read and write

A34000

heap

page read and write

303E000

stack

page read and write

9C4000

heap

page read and write

4731000

heap

page read and write

2840000

direct allocation

page read and write

419D000

stack

page read and write

726000

unkown

page execute and read and write

4731000

heap

page read and write

4A70000

direct allocation

page execute and read and write

1250000

direct allocation

page read and write

2CDE000

stack

page read and write

2A25C000

stack

page read and write

3AEE000

stack

page read and write

57E000

unkown

page execute and read and write

1D13F000

heap

page read and write

57E000

unkown

page execute and write copy

5160000

direct allocation

page execute and read and write

2361E000

heap

page read and write

820000

direct allocation

page read and write

A34000

heap

page read and write

3DDF000

stack

page read and write

9C4000

heap

page read and write

9C4000

heap

page read and write

A34000

heap

page read and write

674000

heap

page read and write

2E8E000

stack

page read and write

A34000

heap

page read and write

674000

heap

page read and write

1D11F000

heap

page read and write

2CD7000

heap

page read and write

5F5F000

stack

page read and write

F7E000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

391F000

stack

page read and write

C3F000

stack

page read and write

4681000

heap

page read and write

12B0000

direct allocation

page read and write

2840000

direct allocation

page read and write

372E000

stack

page read and write

2E2F000

stack

page read and write

9C4000

heap

page read and write

23300000

heap

page read and write

674000

heap

page read and write

9F0000

direct allocation

page read and write

2F1E000

stack

page read and write

232DD000

stack

page read and write

38BF000

stack

page read and write

1D12D000

heap

page read and write

A34000

heap

page read and write

4D50000

direct allocation

page execute and read and write

A34000

heap

page read and write

3BEF000

stack

page read and write

1D160000

heap

page read and write

4A40000

direct allocation

page execute and read and write

570000

unkown

page execute and read and write

A34000

heap

page read and write

23383000

heap

page read and write

375F000

stack

page read and write

455F000

stack

page read and write

893000

heap

page read and write

556E000

stack

page read and write

2CA0000

heap

page read and write

4A1F000

stack

page read and write

674000

heap

page read and write

1D160000

heap

page read and write

2C9000

unkown

page write copy

2CB000

unkown

page execute and read and write

9C4000

heap

page read and write

377F000

stack

page read and write

4731000

heap

page read and write

674000

heap

page read and write

C00000

heap

page read and write

4731000

heap

page read and write

1D13E000

heap

page read and write

4681000

heap

page read and write

23363000

heap

page read and write

4681000

heap

page read and write

2CD0000

heap

page read and write

4731000

heap

page read and write

A34000

heap

page read and write

1D160000

heap

page read and write

A35000

heap

page read and write

C9C000

heap

page read and write

51B0000

direct allocation

page execute and read and write

A34000

heap

page read and write

A34000

heap

page read and write

1330000

heap

page read and write

2960000

heap

page read and write

A34000

heap

page read and write

D2C000

stack

page read and write

ECF000

stack

page read and write

5F0000

heap

page read and write

65D000

stack

page read and write

840000

heap

page read and write

4731000

heap

page read and write

6C950000

unkown

page readonly

3F5E000

stack

page read and write

42FE000

stack

page read and write

35EE000

stack

page read and write

2E1E000

stack

page read and write

2DBE000

stack

page read and write

2C2000

unkown

page execute and read and write

6CBD0000

unkown

page read and write

C89000

heap

page read and write

367E000

stack

page read and write

A34000

heap

page read and write

4461000

heap

page read and write

1D160000

heap

page read and write

9E0000

heap

page read and write

319E000

stack

page read and write

A34000

heap

page read and write

C2A000

heap

page read and write

A34000

heap

page read and write

61EB7000

direct allocation

page readonly

5070000

direct allocation

page execute and read and write

48F0000

direct allocation

page read and write

9C4000

heap

page read and write

FB0000

heap

page read and write

233E0000

trusted library allocation

page read and write

9C4000

heap

page read and write

4731000

heap

page read and write

1D145000

heap

page read and write

A34000

heap

page read and write

23398000

heap

page read and write

23321000

heap

page read and write

2D7F000

stack

page read and write

4CB0000

heap

page read and write

46E4000

heap

page read and write

6CBCE000

unkown

page read and write

A34000

heap

page read and write

609F000

stack

page read and write

906000

heap

page read and write

4681000

heap

page read and write

9C4000

heap

page read and write

C9F000

heap

page read and write

4731000

heap

page read and write

1250000

direct allocation

page read and write

492E000

stack

page read and write

86B000

stack

page read and write

13AA000

unkown

page execute and read and write

4461000

heap

page read and write

50C0000

direct allocation

page execute and read and write

1CF6D000

stack

page read and write

2CC0000

heap

page read and write

5A6000

unkown

page execute and read and write

A34000

heap

page read and write

4C40000

heap

page read and write

4681000

heap

page read and write

9C4000

heap

page read and write

A34000

heap

page read and write

1270000

direct allocation

page read and write

4A70000

direct allocation

page execute and read and write

9F0000

direct allocation

page read and write

57E000

unkown

page execute and read and write

1D12B000

heap

page read and write

4B61000

heap

page read and write

674000

heap

page read and write

3CDE000

stack

page read and write

2B7F000

stack

page read and write

674000

heap

page read and write

DCE000

stack

page read and write

FD0000

unkown

page read and write

27FE000

stack

page read and write

6368000

heap

page read and write

30EE000

stack

page read and write

4470000

heap

page read and write

1D145000

heap

page read and write

52EE000

stack

page read and write

2840000

direct allocation

page read and write

674000

heap

page read and write

465F000

stack

page read and write

909000

heap

page read and write

C73000

heap

page read and write

260000

unkown

page readonly

2840000

direct allocation

page read and write

4681000

heap

page read and write

A34000

heap

page read and write

2361B000

heap

page read and write

1280000

heap

page read and write

61E01000

direct allocation

page execute read

A34000

heap

page read and write

2857000

heap

page read and write

33DF000

stack

page read and write

4D60000

direct allocation

page execute and read and write

3BDE000

stack

page read and write

9C4000

heap

page read and write

23626000

heap

page read and write

4A70000

direct allocation

page execute and read and write

4461000

heap

page read and write

970000

heap

page read and write

4731000

heap

page read and write

9F0000

direct allocation

page read and write

125E000

stack

page read and write

1D145000

heap

page read and write

2C9000

unkown

page write copy

317E000

stack

page read and write

3FEE000

stack

page read and write

A34000

heap

page read and write

353E000

stack

page read and write

A34000

heap

page read and write

231DE000

stack

page read and write

A34000

heap

page read and write

4731000

heap

page read and write

9C0000

heap

page read and write

1D152000

heap

page read and write

60DE000

stack

page read and write

4731000

heap

page read and write

2EBF000

stack

page read and write

674000

heap

page read and write

4461000

heap

page read and write

1250000

direct allocation

page read and write

23346000

heap

page read and write

4731000

heap

page read and write

1D139000

heap

page read and write

D79000

heap

page read and write

5E5E000

stack

page read and write

2C9F000

stack

page read and write

401F000

stack

page read and write

1D148000

heap

page read and write

3B8000

unkown

page execute and read and write

4A61000

heap

page read and write

A34000

heap

page read and write

9C4000

heap

page read and write

4681000

heap

page read and write

3F5F000

stack

page read and write

3A1E000

stack

page read and write

3FF000

unkown

page execute and write copy

A34000

heap

page read and write

9C4000

heap

page read and write

1D145000

heap

page read and write

315F000

stack

page read and write

1D142000

heap

page read and write

5070000

direct allocation

page execute and read and write

2840000

direct allocation

page read and write

4C70000

direct allocation

page execute and read and write

A34000

heap

page read and write

39AE000

stack

page read and write

3FE000

unkown

page execute and write copy

EFE000

heap

page read and write

674000

heap

page read and write

121C000

unkown

page execute and read and write

674000

heap

page read and write

3E7000

unkown

page execute and read and write

566C000

stack

page read and write

1D137000

heap

page read and write

2F1F000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

1250000

direct allocation

page read and write

A34000

heap

page read and write

361F000

stack

page read and write

2940000

direct allocation

page read and write

BD0000

heap

page read and write

1250000

direct allocation

page read and write

40DE000

stack

page read and write

A34000

heap

page read and write

409F000

stack

page read and write

A34000

heap

page read and write

9C4000

heap

page read and write

2C9000

unkown

page write copy

674000

heap

page read and write

43DF000

stack

page read and write

674000

heap

page read and write

4681000

heap

page read and write

1D110000

heap

page read and write

395E000

stack

page read and write

CFD000

stack

page read and write

12B0000

direct allocation

page read and write

4731000

heap

page read and write

403F000

stack

page read and write

C6F000

heap

page read and write

4C80000

direct allocation

page execute and read and write

2BAF000

stack

page read and write

12AE000

stack

page read and write

37DE000

stack

page read and write

61EB4000

direct allocation

page read and write

A34000

heap

page read and write

1250000

direct allocation

page read and write

A34000

heap

page read and write

674000

heap

page read and write

5080000

direct allocation

page execute and read and write

2D2E000

stack

page read and write

1D141000

heap

page read and write

4681000

heap

page read and write

2E6E000

stack

page read and write

6C9CD000

unkown

page readonly

C86000

heap

page read and write

674000

heap

page read and write

4B3B000

stack

page read and write

C9D000

heap

page read and write

C86000

heap

page read and write

4D20000

direct allocation

page execute and read and write

913000

heap

page read and write

355E000

stack

page read and write

C2F000

heap

page read and write

1CE6D000

stack

page read and write

2C5F000

stack

page read and write

4461000

heap

page read and write

538000

unkown

page execute and read and write

43FF000

stack

page read and write

4461000

heap

page read and write

10C0000

heap

page read and write

674000

heap

page read and write

149000

unkown

page write copy

4731000

heap

page read and write

674000

heap

page read and write

61ECD000

direct allocation

page readonly

4681000

heap

page read and write

4AA0000

direct allocation

page execute and read and write

4731000

heap

page read and write

2840000

direct allocation

page read and write

38FE000

stack

page read and write

4731000

heap

page read and write

23357000

heap

page read and write

A34000

heap

page read and write

9C4000

heap

page read and write

4731000

heap

page read and write

1284000

heap

page read and write

1D145000

heap

page read and write

495E000

stack

page read and write

309F000

stack

page read and write

36EF000

stack

page read and write

FC0000

direct allocation

page execute and read and write

820000

direct allocation

page read and write

34DF000

stack

page read and write

4681000

heap

page read and write

570000

unkown

page execute and read and write

9C4000

heap

page read and write

9C4000

heap

page read and write

4731000

heap

page read and write

1D145000

heap

page read and write

4B60000

trusted library allocation

page read and write

9C4000

heap

page read and write

436F000

stack

page read and write

4731000

heap

page read and write

9C4000

heap

page read and write

1D159000

heap

page read and write

1D160000

heap

page read and write

462E000

stack

page read and write

35AF000

stack

page read and write

3D9F000

stack

page read and write

2967000

heap

page read and write

23342000

heap

page read and write

9F0000

direct allocation

page read and write

50F0000

direct allocation

page execute and read and write

345E000

stack

page read and write

48F0000

direct allocation

page read and write

3DBF000

stack

page read and write

E1000

unkown

page execute and write copy

2840000

direct allocation

page read and write

1D145000

heap

page read and write

260000

unkown

page readonly

260000

unkown

page read and write

2CB000

unkown

page execute and read and write

A34000

heap

page read and write

10FD000

stack

page read and write

451F000

stack

page read and write

CB1000

heap

page read and write

674000

heap

page read and write

4D10000

direct allocation

page execute and read and write

552E000

stack

page read and write

4CEF000

stack

page read and write

6C9F1000

unkown

page execute read

6C951000

unkown

page execute read

728000

unkown

page execute and write copy

5090000

direct allocation

page execute and read and write

50B0000

direct allocation

page execute and read and write

C73000

heap

page read and write

3F1F000

stack

page read and write

2B9E000

stack

page read and write

1D12B000

heap

page read and write

261000

unkown

page execute and write copy

9C4000

heap

page read and write

3B1F000

stack

page read and write

4731000

heap

page read and write

4F3000

stack

page read and write

445E000

stack

page read and write

A34000

heap

page read and write

510000

heap

page read and write

2E0E000

stack

page read and write

5070000

direct allocation

page execute and read and write

A34000

heap

page read and write

93C000

heap

page read and write

FBE000

stack

page read and write

4A61000

heap

page read and write

162F000

stack

page read and write

426E000

stack

page read and write

D3F000

heap

page read and write

674000

heap

page read and write

1D158000

heap

page read and write

D4A000

heap

page read and write

624B000

stack

page read and write

9F0000

direct allocation

page read and write

1284000

heap

page read and write

4731000

heap

page read and write

A34000

heap

page read and write

1284000

heap

page read and write

40EF000

stack

page read and write

EF7000

heap

page read and write

32DF000

stack

page read and write

32DE000

stack

page read and write

37DF000

stack

page read and write

9C4000

heap

page read and write

1250000

direct allocation

page read and write

D90000

heap

page read and write

5150000

direct allocation

page execute and read and write

4681000

heap

page read and write

9C4000

heap

page read and write

1D152000

heap

page read and write

1D15D000

heap

page read and write

C86000

heap

page read and write

ED0000

direct allocation

page read and write

A34000

heap

page read and write

14B000

unkown

page execute and read and write

409E000

stack

page read and write

A34000

heap

page read and write

4731000

heap

page read and write

1D151000

heap

page read and write

51D0000

direct allocation

page execute and read and write

4681000

heap

page read and write

D8B000

heap

page read and write

415F000

stack

page read and write

A34000

heap

page read and write

1284000

heap

page read and write

3A5E000

stack

page read and write

42DF000

stack

page read and write

233A3000

heap

page read and write

674000

heap

page read and write

4C95000

heap

page read and write

3D6E000

stack

page read and write

4731000

heap

page read and write

C87000

heap

page read and write

A34000

heap

page read and write

5120000

direct allocation

page execute and read and write

A34000

heap

page read and write

4731000

heap

page read and write

2C7F000

stack

page read and write

A34000

heap

page read and write

3E6F000

stack

page read and write

441F000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

6350000

heap

page read and write

1D15A000

heap

page read and write

47DF000

stack

page read and write

A35000

heap

page read and write

9C4000

heap

page read and write

381E000

stack

page read and write

A34000

heap

page read and write

2A6F000

stack

page read and write

14CA000

unkown

page execute and write copy

674000

heap

page read and write

1D0DF000

stack

page read and write

8BB000

heap

page read and write

32BE000

stack

page read and write

472F000

stack

page read and write

6830000

heap

page read and write

4730000

heap

page read and write

3EFF000

stack

page read and write

1D12B000

heap

page read and write

450000

unkown

page execute and read and write

4FB000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

4C3F000

stack

page read and write

2840000

direct allocation

page read and write

A34000

heap

page read and write

1D23A000

heap

page read and write

9E0000

heap

page read and write

820000

direct allocation

page read and write

2C2000

unkown

page execute and read and write

4731000

heap

page read and write

4731000

heap

page read and write

7BC0000

heap

page read and write

3EDF000

stack

page read and write

1284000

heap

page read and write

ED0000

direct allocation

page read and write

61ED3000

direct allocation

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

36DE000

stack

page read and write

1310000

direct allocation

page execute and read and write

A34000

heap

page read and write

726000

unkown

page execute and read and write

12CB000

heap

page read and write

4EEB000

stack

page read and write

12B0000

direct allocation

page read and write

33BF000

stack

page read and write

4C50000

direct allocation

page execute and read and write

1D152000

heap

page read and write

820000

direct allocation

page read and write

C4F000

heap

page read and write

4A61000

heap

page read and write

4F51000

direct allocation

page read and write

4C96000

heap

page read and write

4681000

heap

page read and write

2B5F000

stack

page read and write

9C4000

heap

page read and write

3D2F000

stack

page read and write

726000

unkown

page execute and read and write

1D12B000

heap

page read and write

4731000

heap

page read and write

9C4000

heap

page read and write

9F0000

direct allocation

page read and write

4B5F000

stack

page read and write

567000

unkown

page execute and read and write

C8F000

heap

page read and write

50E0000

direct allocation

page execute and read and write

A34000

heap

page read and write

2940000

direct allocation

page read and write

120E000

stack

page read and write

149000

unkown

page write copy

810000

heap

page read and write

1AC000

stack

page read and write

305E000

stack

page read and write

233B3000

heap

page read and write

61ED0000

direct allocation

page read and write

1488000

unkown

page execute and read and write

407E000

stack

page read and write

4681000

heap

page read and write

479F000

stack

page read and write

1D145000

heap

page read and write

1250000

direct allocation

page read and write

469F000

stack

page read and write

4731000

heap

page read and write

4681000

heap

page read and write

4731000

heap

page read and write

820000

direct allocation

page read and write

57E000

unkown

page execute and write copy

379E000

stack

page read and write

820000

direct allocation

page read and write

A34000

heap

page read and write

9F0000

direct allocation

page read and write

A34000

heap

page read and write

57CF000

stack

page read and write

2347E000

stack

page read and write

3B9E000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

FD1000

unkown

page execute and write copy

309E000

stack

page read and write

6200000

heap

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

3B9F000

stack

page read and write

44AF000

stack

page read and write

133E000

heap

page read and write

674000

heap

page read and write

4C90000

heap

page read and write

84A000

heap

page read and write

459E000

stack

page read and write

A34000

heap

page read and write

9C4000

heap

page read and write

A34000

heap

page read and write

39FF000

stack

page read and write

A34000

heap

page read and write

282E000

stack

page read and write

4C60000

trusted library allocation

page read and write

728000

unkown

page execute and write copy

14C9000

unkown

page execute and read and write

3E1F000

stack

page read and write

14BC000

unkown

page execute and read and write

12B0000

direct allocation

page read and write

9F0000

direct allocation

page read and write

4681000

heap

page read and write

46A0000

heap

page read and write

B8E000

stack

page read and write

A34000

heap

page read and write

1270000

direct allocation

page read and write

2CEF000

stack

page read and write

4A60000

heap

page read and write

4731000

heap

page read and write

39DF000

stack

page read and write

1D160000

heap

page read and write

3B5E000

stack

page read and write

467F000

stack

page read and write

1CB9F000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

1D145000

heap

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

14C9000

unkown

page execute and write copy

1D152000

heap

page read and write

A34000

heap

page read and write

391E000

stack

page read and write

7E3E000

stack

page read and write

96A000

stack

page read and write

2DDF000

stack

page read and write

1D13C000

heap

page read and write

A34000

heap

page read and write

E0000

unkown

page read and write

A34000

heap

page read and write

1CBDE000

stack

page read and write

1250000

direct allocation

page read and write

A34000

heap

page read and write

4B61000

heap

page read and write

4C60000

direct allocation

page execute and read and write

4731000

heap

page read and write

341F000

stack

page read and write

1CD2C000

stack

page read and write

9C4000

heap

page read and write

51C0000

direct allocation

page execute and read and write

9C4000

heap

page read and write

A34000

heap

page read and write

359E000

stack

page read and write

A34000

heap

page read and write

57F000

unkown

page execute and write copy

1284000

heap

page read and write

A34000

heap

page read and write

1D152000

heap

page read and write

4461000

heap

page read and write

A34000

heap

page read and write

9F0000

direct allocation

page read and write

4731000

heap

page read and write

4731000

heap

page read and write

A34000

heap

page read and write

4D30000

direct allocation

page execute and read and write

4731000

heap

page read and write

A34000

heap

page read and write

2D0000

unkown

page execute and read and write

7BE000

stack

page read and write

3A3E000

stack

page read and write

3FE000

unkown

page execute and read and write

DA0000

heap

page read and write

4A80000

direct allocation

page execute and read and write

4731000

heap

page read and write

A34000

heap

page read and write

4731000

heap

page read and write

1D145000

heap

page read and write

4461000

heap

page read and write

77E000

stack

page read and write

4731000

heap

page read and write

A34000

heap

page read and write

4731000

heap

page read and write

10B0000

heap

page read and write

A35000

heap

page read and write

9C4000

heap

page read and write

CB3000

heap

page read and write

2F6F000

stack

page read and write

4A60000

direct allocation

page execute and read and write

12B0000

direct allocation

page read and write

1C95E000

stack

page read and write

5140000

direct allocation

page execute and read and write

3AAF000

stack

page read and write

4461000

heap

page read and write

295F000

stack

page read and write

369E000

stack

page read and write

4681000

heap

page read and write

6C9F0000

unkown

page readonly

12B0000

direct allocation

page read and write

5050000

direct allocation

page execute and read and write

4461000

heap

page read and write

1D13C000

heap

page read and write

152F000

stack

page read and write

4731000

heap

page read and write

47DE000

stack

page read and write

E5C000

stack

page read and write

3A5F000

stack

page read and write

D6D000

heap

page read and write

4B36000

direct allocation

page read and write

4681000

heap

page read and write

2840000

direct allocation

page read and write

42BF000

stack

page read and write

9C4000

heap

page read and write

4F2E000

stack

page read and write

674000

heap

page read and write

4EF0000

direct allocation

page read and write

431E000

stack

page read and write

51A0000

direct allocation

page execute and read and write

441E000

stack

page read and write

12B0000

direct allocation

page read and write

101E000

stack

page read and write

351F000

stack

page read and write

1085000

unkown

page execute and read and write

1D13C000

heap

page read and write

166D000

unkown

page execute and write copy

C15000

heap

page read and write

682E000

heap

page read and write

674000

heap

page read and write

1D142000

heap

page read and write

2840000

direct allocation

page read and write

2CB000

unkown

page execute and read and write

674000

heap

page read and write

A35000

heap

page read and write

A34000

heap

page read and write

386E000

stack

page read and write

4681000

heap

page read and write

4478000

heap

page read and write

1D141000

heap

page read and write

12B0000

direct allocation

page read and write

567000

unkown

page execute and read and write

9C4000

heap

page read and write

820000

direct allocation

page read and write

A35000

heap

page read and write

1284000

heap

page read and write

2EDF000

stack

page read and write

4681000

heap

page read and write

450000

unkown

page execute and read and write

5190000

direct allocation

page execute and read and write

4C60000

direct allocation

page execute and read and write

4461000

heap

page read and write

4731000

heap

page read and write

A34000

heap

page read and write

339F000

stack

page read and write

296D000

heap

page read and write

5040000

direct allocation

page execute and read and write

A34000

heap

page read and write

4B61000

heap

page read and write

9F0000

direct allocation

page read and write

820000

direct allocation

page read and write

3C9E000

stack

page read and write

260000

unkown

page read and write

4681000

heap

page read and write

4681000

heap

page read and write

4AF0000

direct allocation

page execute and read and write

3CDF000

stack

page read and write

363F000

stack

page read and write

2FAE000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

351E000

stack

page read and write

4D10000

direct allocation

page execute and read and write

412E000

stack

page read and write

567000

unkown

page execute and read and write

674000

heap

page read and write

34FF000

stack

page read and write

A34000

heap

page read and write

4461000

heap

page read and write

12B0000

direct allocation

page read and write

820000

direct allocation

page read and write

674000

heap

page read and write

820000

direct allocation

page read and write

A34000

heap

page read and write

91A000

heap

page read and write

355F000

stack

page read and write

37BE000

stack

page read and write

2DDF000

stack

page read and write

469E000

stack

page read and write

233CD000

heap

page read and write

A34000

heap

page read and write

4750000

heap

page read and write

5130000

direct allocation

page execute and read and write

A34000

heap

page read and write

1D13C000

heap

page read and write

B4E000

stack

page read and write

A34000

heap

page read and write

4560000

trusted library allocation

page read and write

A34000

heap

page read and write

33DE000

stack

page read and write

12B0000

direct allocation

page read and write

5130000

direct allocation

page execute and read and write

9F0000

direct allocation

page read and write

570000

unkown

page execute and read and write

542D000

stack

page read and write

3C9F000

stack

page read and write

4FE000

stack

page read and write

232E0000

heap

page read and write

9C4000

heap

page read and write

4731000

heap

page read and write

1D13A000

heap

page read and write

1CCDF000

stack

page read and write

319F000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

9C4000

heap

page read and write

6CBD5000

unkown

page readonly

445F000

stack

page read and write

1D12B000

heap

page read and write

1D122000

heap

page read and write

4A70000

direct allocation

page execute and read and write

2840000

direct allocation

page read and write

1D1BF000

heap

page read and write

674000

heap

page read and write

6821000

heap

page read and write

4DA0000

direct allocation

page execute and read and write

4681000

heap

page read and write

5070000

direct allocation

page execute and read and write

3F3E000

stack

page read and write

1D152000

heap

page read and write

331E000

stack

page read and write

A34000

heap

page read and write

405E000

stack

page read and write

4731000

heap

page read and write

6820000

heap

page read and write

1D13C000

heap

page read and write

3FAF000

stack

page read and write

1CA9E000

stack

page read and write

1D129000

heap

page read and write

1D145000

heap

page read and write

A30000

heap

page read and write

4461000

heap

page read and write

A34000

heap

page read and write

BDE000

heap

page read and write

2FFF000

stack

page read and write

4731000

heap

page read and write

369F000

stack

page read and write

2840000

direct allocation

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

674000

heap

page read and write

120F000

stack

page read and write

4D40000

direct allocation

page execute and read and write

4681000

heap

page read and write

A34000

heap

page read and write

4731000

heap

page read and write

9C4000

heap

page read and write

313F000

stack

page read and write

2A261000

heap

page read and write

422F000

stack

page read and write

674000

heap

page read and write

4461000

heap

page read and write

1D160000

heap

page read and write

33FE000

stack

page read and write

A34000

heap

page read and write

634C000

stack

page read and write

9C4000

heap

page read and write

2C9E000

stack

page read and write

C50000

heap

page read and write

506E000

stack

page read and write

57F000

unkown

page execute and write copy

3E1E000

stack

page read and write

4A5F000

stack

page read and write

319F000

stack

page read and write

12B0000

direct allocation

page read and write

2335A000

heap

page read and write

674000

heap

page read and write

1D15A000

heap

page read and write

2E97000

heap

page read and write

2E90000

heap

page read and write

1D121000

heap

page read and write

4681000

heap

page read and write

4731000

heap

page read and write

1D13E000

heap

page read and write

4A5E000

stack

page read and write

4731000

heap

page read and write

674000

heap

page read and write

4951000

direct allocation

page read and write

4A70000

direct allocation

page execute and read and write

4681000

heap

page read and write

9C4000

heap

page read and write

12CE000

stack

page read and write

C2E000

heap

page read and write

6830000

heap

page read and write

4A50000

direct allocation

page execute and read and write

C88000

heap

page read and write

4731000

heap

page read and write

2E4E000

stack

page read and write

2F5E000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

23580000

trusted library allocation

page read and write

EF0000

heap

page read and write

4681000

heap

page read and write

346F000

stack

page read and write

4731000

heap

page read and write

502F000

stack

page read and write

2A260000

heap

page read and write

1137000

unkown

page execute and read and write

A34000

heap

page read and write

2AAC000

stack

page read and write

4731000

heap

page read and write

2C2000

unkown

page execute and read and write

9C4000

heap

page read and write

1D11D000

heap

page read and write

A34000

heap

page read and write

2357F000

stack

page read and write

A34000

heap

page read and write

A34000

heap

page read and write

455E000

stack

page read and write

1D160000

heap

page read and write

261000

unkown

page execute and write copy

6CB8F000

unkown

page readonly

1D145000

heap

page read and write

4681000

heap

page read and write

C9F000

heap

page read and write

38DE000

stack

page read and write

C9E000

heap

page read and write

4681000

heap

page read and write

1054000

unkown

page execute and read and write

2850000

heap

page read and write

5130000

direct allocation

page execute and read and write

4AD0000

direct allocation

page execute and read and write

121A000

unkown

page read and write

5A8000

unkown

page execute and write copy

1D144000

heap

page read and write

4A90000

direct allocation

page execute and read and write

421E000

stack

page read and write

4A70000

direct allocation

page execute and read and write

7BC3000

heap

page read and write

1D122000

heap

page read and write

674000

heap

page read and write

A34000

heap

page read and write

1284000

heap

page read and write

4A61000

heap

page read and write

57E000

unkown

page execute and write copy

3B3F000

stack

page read and write

1D122000

heap

page read and write

14B3000

unkown

page execute and read and write

4731000

heap

page read and write

1D152000

heap

page read and write

9C4000

heap

page read and write

1D160000

heap

page read and write

511F000

stack

page read and write

675000

heap

page read and write

41DE000

stack

page read and write

1D137000

heap

page read and write

7F60000

heap

page read and write

1284000

heap

page read and write

A34000

heap

page read and write

7CFC000

stack

page read and write

48DF000

stack

page read and write

BDA000

heap

page read and write

4B70000

heap

page read and write

453F000

stack

page read and write

31DE000

stack

page read and write

1284000

heap

page read and write

4731000

heap

page read and write

5130000

direct allocation

page execute and read and write

A34000

heap

page read and write

1D13D000

heap

page read and write

4731000

heap

page read and write

322E000

stack

page read and write

4731000

heap

page read and write

6C9DE000

unkown

page read and write

920000

heap

page read and write

3D1E000

stack

page read and write

4681000

heap

page read and write

4731000

heap

page read and write

23348000

heap

page read and write

1D152000

heap

page read and write

A34000

heap

page read and write

2830000

heap

page read and write

728000

unkown

page execute and write copy

4AE0000

direct allocation

page execute and read and write

4C40000

direct allocation

page execute and read and write

4731000

heap

page read and write

674000

heap

page read and write

336E000

stack

page read and write

1D145000

heap

page read and write

A34000

heap

page read and write

674000

heap

page read and write

A34000

heap

page read and write

27AB000

stack

page read and write

A34000

heap

page read and write

7F3F000

stack

page read and write

1250000

direct allocation

page read and write

6CBCF000

unkown

page write copy

ECE000

stack

page read and write

396F000

stack

page read and write

1D13C000

heap

page read and write

538000

unkown

page execute and read and write

56CE000

stack

page read and write

4D90000

direct allocation

page execute and read and write

4681000

heap

page read and write

C73000

heap

page read and write

6C9E2000

unkown

page readonly

46DE000

stack

page read and write

31EF000

stack

page read and write

50A0000

direct allocation

page execute and read and write

A34000

heap

page read and write

1284000

heap

page read and write

3DFE000

stack

page read and write

3F9E000

stack

page read and write

4731000

heap

page read and write

A34000

heap

page read and write

4731000

heap

page read and write

61DF000

stack

page read and write

7DFC000

stack

page read and write

4731000

heap

page read and write

457E000

stack

page read and write

C86000

heap

page read and write

A34000

heap

page read and write

502F000

stack

page read and write

A34000

heap

page read and write

2A0F0000

heap

page read and write

5070000

direct allocation

page execute and read and write

3C5F000

stack

page read and write

1D145000

heap

page read and write

10C5000

heap

page read and write

3B7E000

stack

page read and write

9C4000

heap

page read and write

1D144000

heap

page read and write

DF0000

heap

page read and write

4B60000

heap

page read and write

9C4000

heap

page read and write

4461000

heap

page read and write

4731000

heap

page read and write

C21000

heap

page read and write

2C9000

unkown

page write copy

443E000

stack

page read and write

501E000

stack

page read and write

4A61000

heap

page read and write

4731000

heap

page read and write

4F2E000

stack

page read and write

820000

direct allocation

page read and write

1250000

direct allocation

page read and write

1D145000

heap

page read and write

1D230000

trusted library allocation

page read and write

61E00000

direct allocation

page execute and read and write

5180000

direct allocation

page execute and read and write

332F000

stack

page read and write

A34000

heap

page read and write

674000

heap

page read and write

233E0000

trusted library allocation

page read and write

44EE000

stack

page read and write

481E000

stack

page read and write

A34000

heap

page read and write

4A2F000

stack

page read and write

23344000

heap

page read and write

A34000

heap

page read and write

4681000

heap

page read and write

124E000

stack

page read and write

1208000

unkown

page execute and read and write

30AF000

stack

page read and write

4681000

heap

page read and write

3B5F000

stack

page read and write

1D13A000

heap

page read and write

A34000

heap

page read and write

4732000

heap

page read and write

1D13D000

heap

page read and write

166C000

unkown

page execute and read and write

260000

unkown

page read and write

9F0000

direct allocation

page read and write

45EF000

stack

page read and write

A35000

heap

page read and write

4460000

heap

page read and write

90E000

heap

page read and write

4731000

heap

page read and write

A34000

heap

page read and write

4681000

heap

page read and write

3C7F000

stack

page read and write

2A5F000

stack

page read and write

1D129000

heap

page read and write

4681000

heap

page read and write

329F000

stack

page read and write

260000

unkown

page readonly

57E000

unkown

page execute and read and write

4B00000

direct allocation

page execute and read and write

4461000

heap

page read and write

D10000

heap

page read and write

9D0000

heap

page read and write

1320000

direct allocation

page execute and read and write

61ED4000

direct allocation

page readonly

A34000

heap

page read and write

12B0000

direct allocation

page read and write

233CD000

heap

page read and write

4731000

heap

page read and write

491F000

stack

page read and write

2F9F000

stack

page read and write

1D13D000

heap

page read and write

341E000

stack

page read and write

4681000

heap

page read and write

1284000

heap

page read and write

4B61000

heap

page read and write

1250000

direct allocation

page read and write

23360000

heap

page read and write

A34000

heap

page read and write

4731000

heap

page read and write

1284000

heap

page read and write

52AF000

stack

page read and write

1007000

unkown

page execute and read and write

491E000

stack

page read and write

276F000

stack

page read and write

38DF000

stack

page read and write

27EE000

stack

page read and write

5130000

direct allocation

page execute and read and write

4D10000

direct allocation

page execute and read and write

429F000

stack

page read and write

670000

heap

page read and write

1D160000

heap

page read and write

A34000

heap

page read and write

5130000

direct allocation

page execute and read and write

2EFE000

stack

page read and write

301F000

stack

page read and write

A34000

heap

page read and write

CB2000

heap

page read and write

4AB0000

direct allocation

page execute and read and write

4461000

heap

page read and write

4461000

heap

page read and write

A34000

heap

page read and write

1D13C000

heap

page read and write

4D00000

direct allocation

page execute and read and write

3E5E000

stack

page read and write

4DEC000

stack

page read and write

1D141000

heap

page read and write

1D13F000

heap

page read and write

4461000

heap

page read and write

A34000

heap

page read and write

1D12B000

heap

page read and write

5060000

direct allocation

page execute and read and write

F5D000

stack

page read and write

4681000

heap

page read and write

BCE000

stack

page read and write

4461000

heap

page read and write

1CFDE000

stack

page read and write

C2F000

heap

page read and write

4D10000

direct allocation

page execute and read and write

4A61000

heap

page read and write

417F000

stack

page read and write

4CF0000

direct allocation

page execute and read and write

1D137000

heap

page read and write

130E000

stack

page read and write

1D112000

heap

page read and write

2840000

direct allocation

page read and write

2334E000

heap

page read and write

1D142000

heap

page read and write

1D152000

heap

page read and write

53EF000

stack

page read and write

A34000

heap

page read and write

C5C000

heap

page read and write

A34000

heap

page read and write

FD0000

unkown

page readonly

1250000

direct allocation

page read and write

516F000

stack

page read and write

5070000

direct allocation

page execute and read and write

9C4000

heap

page read and write

3F1E000

stack

page read and write

4D80000

direct allocation

page execute and read and write

4731000

heap

page read and write

2950000

direct allocation

page execute and read and write

4681000

heap

page read and write

A34000

heap

page read and write

133A000

heap

page read and write

4BEC000

stack

page read and write

A34000

heap

page read and write

9C4000

heap

page read and write

293E000

stack

page read and write

365F000

stack

page read and write

674000

heap

page read and write

820000

direct allocation

page read and write

C73000

heap

page read and write

A34000

heap

page read and write

1D13C000

heap

page read and write

674000

heap

page read and write

23623000

heap

page read and write

142000

unkown

page execute and read and write

There are 1283 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
file.exe