IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 05:47:00 2023, atime=Wed Sep 27 08:36:54 2023, length=3242272, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 5 21:41:46 2021, mtime=Thu Oct 5 05:22:28 2023, atime=Fri Sep 29 11:17:35 2023, length=4210216, window=hide
modified
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_20ba122efad236846d4c413774a7a1f2fc62c0d7_e7590d7b_d2b28f33-6a11-46e0-88a9-6d33ea73f961\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA598.tmp.dmp
Mini DuMP crash report, 16 streams, Fri Apr 26 11:23:56 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA962.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA3D.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\Public\Desktop\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 05:47:14 2023, atime=Wed Sep 27 08:36:54 2023, length=3242272, window=hide
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0e42a359-64e3-40e4-8403-402bb6a88236.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\16042be9-a070-4c29-a0ec-f7036ccc8c9b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\182ef216-a4a4-4730-bf38-a0f511f2a9e0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6da7231a-36c3-4e43-9631-100c49ee9c9d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7e313ee1-fc2c-40a2-8119-6039d447d0e2.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\f3eab18c-54ab-47a9-b61c-fe3aa9b56b97.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-662B8ECC-1DC8.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2d7c7afd-06bd-4838-9ec9-733653d2b60a.tmp
Unicode text, UTF-8 text, with very long lines (17286), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2db71c27-dc0e-4959-9fca-4112da5c3342.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4f5c142e-05d4-427e-be95-a5b5dd4dc3ba.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\691f23ff-15af-4425-a790-fa5348ab7565.tmp
Unicode text, UTF-8 text, with very long lines (17718), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7b4efb7e-9180-4bac-8789-e855190f6977.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\99c98155-48de-4014-ae7d-ad740e4e9bdc.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\oaikgohmhipcpliahjfhdhcddajbgkok\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\oaikgohmhipcpliahjfhdhcddajbgkok\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\oaikgohmhipcpliahjfhdhcddajbgkok\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\oaikgohmhipcpliahjfhdhcddajbgkok\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\oaikgohmhipcpliahjfhdhcddajbgkok\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0e3bf03b-0191-4f0c-bbfe-d355cb42b0ac.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\44ab347b-3deb-4b2e-923a-0e35762f36e7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8fccc5ae-f213-4946-bd66-fcabfc9c9025.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF46ed3.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3707e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF37bb9.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a0d62271-ad2c-4553-bc98-bf3ae6fa23e3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dc7e1e78-8a62-45c2-b3b8-ed69a2e1dc74.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e6f87fa0-7817-4414-a5ab-2da7dfcd2313.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF39636.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c303.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ee59.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41dc5.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF454a4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF398e6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3d3ac.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF3ea90.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358604239614009
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\2bb13014-6e2c-42be-a247-b3f593e61931.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\35360a6e-e0e9-4144-aecc-ea8947502271.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\72bcb8ae-14fc-4814-acfd-b1f79ed3e118.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ae808ddb-95ee-47d0-b664-4b7956f3d752.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c4b8aea8-3b5b-4d09-a014-e5d87d913aa3.tmp
Unicode text, UTF-8 text, with very long lines (17057), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c561c10d-17c6-40c5-ba30-c4ddf59dfeca.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e026c0f9-10b8-43b6-8e26-e7cda098a2ce.tmp
Unicode text, UTF-8 text, with very long lines (17553), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e2148c06-0f55-437f-972c-1dd7be2cc8b3.tmp
Unicode text, UTF-8 text, with very long lines (17718), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f33b87b0-c314-4229-8e64-6189a39aed5b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3415f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3417f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF343c1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36a92.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39636.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45485.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b69a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c49b924d-a62c-4a0c-bb12-7675ec06cbe6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c81cff70-4178-461a-8b52-2703e579591f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e0001d86-db9a-4782-b4cd-bf5fa71ea080.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Temp\113cce18-6117-40cd-8e41-ba64d5aa35b7.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
dropped
C:\Users\user\AppData\Local\Temp\29fd2ef3-da64-45b1-8113-35b3bbfbc738.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\Extension\background.js
C source, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Extension\js\content.js
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Extension\js\injected-script.js
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Extension\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\ac5ecbd9-e2fa-4aa8-88ce-7f7e63d90d45.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\bbcf824d-f70e-4c55-a414-77d9523616a1.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\c78bf835-a787-4ac9-81b3-dbac5bad614b.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\d0028b64-42fe-4404-8a08-82b018c40ac9.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\eb7c11a2-19d2-45c4-a55c-369c8e964247.tmp
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_1485552689\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_1485552689\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_1485552689\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_1485552689\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_1485552689\ac5ecbd9-e2fa-4aa8-88ce-7f7e63d90d45.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\29fd2ef3-da64-45b1-8113-35b3bbfbc738.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (4369)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\page_embed_script.js
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir7624_660449518\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (4369)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 05:19:59 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Aug 5 21:41:46 2021, mtime=Thu Oct 5 05:18:10 2023, atime=Fri Sep 29 11:17:35 2023, length=4210216, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Tue Oct 3 09:48:42 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 428
ASCII text, with very long lines (750)
downloaded
There are 272 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=2160,i,9232826367822327522,17242602780210440328,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,18383752783521714824,4327834432602392128,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6300 --field-trial-handle=1980,i,18383752783521714824,4327834432602392128,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6300 --field-trial-handle=1980,i,18383752783521714824,4327834432602392128,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7620 --field-trial-handle=1980,i,18383752783521714824,4327834432602392128,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7776 --field-trial-handle=1980,i,18383752783521714824,4327834432602392128,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7732 --field-trial-handle=1980,i,18383752783521714824,4327834432602392128,262144 /prefetch:8
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --load-extension="C:\Users\user\AppData\Local\Temp\Extension"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 --field-trial-handle=2028,i,13976611699194476982,14356866975595787732,262144 /prefetch:8
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5728 -s 1656
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://duckduckgo.com/chrome_newtab
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/mobile-app-upsell.b15413e73bafe92e0855.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/cs-core-desktop_card-components_dist_card-banner_index_js-cs-core-desktop_card-components_dis-cef191.888669d9cc0659b01a27.js
23.223.211.49
https://duckduckgo.com/ac/?q=
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/welcomeGreetingLight.f65ba8f8730c537c97bd.js
23.223.211.49
https://ntp.msn.com/_default
unknown
https://ntp.msn.com/1
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1714130677425&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.143.214
https://deff.nelreports.net/api/report?cat=msn
unknown
https://aefd.nelreports.net/api/report?cat=bingcsp
unknown
https://deff.nelreports.net/api/report
unknown
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/OneDrive_24x.svg
23.223.211.49
https://docs.google.com/
unknown
https://www.youtube.com
unknown
https://deff.nelreports.net/api/report?cat=msnw
unknown
https://www.instagram.com
unknown
https://assets.msn.com/service/segments/recoitems/weather?apikey=UhJ4G66OjyLbn9mXARgajXLiLw6V75sHnfpU60aJBB&activityId=688EE368-8EF7-4C0D-B7E6-EFF988C3344C&ocid=weather-peregrine&cm=en-us&it=app&user=m-2D323F4839E46D8C1C862B2538746C78&scn=APP_ANON&units=F&appId=4de6fc9f-3262-47bf-9c99-e189a8234fa2&wrapodata=false&includemapsmetadata=true&cuthour=true&filterRule=card&distanceinkm=0&regionDataCount=20&orderby=distance&days=5&pageOcid=anaheim-dhp-peregrine&source=undefined_csr&hours=13&fdhead=prg-1sw-wxmptreplace%2Cprg-1sw-wxcfinst&contentcount=3&region=us&market=en-us&locale=en-us&lat=25.59610366821289&lon=-80.35950469970703
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/superBreakingNews.b103d390df46602376d8.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/common-segments.c2cfa3181306dd51fb17.js
23.223.211.49
https://assets.msn.com/service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=688EE368-8EF7-4C0D-B7E6-EFF988C3344C&ocid=pdp-peregrine&cm=en-us&it=app&user=m-2D323F4839E46D8C1C862B2538746C78&scn=APP_ANON
23.223.211.49
https://thridparty.nservices.org/api/browser/GetScript?id=$
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/cs-core-desktop_responsive-card_dist_index_js-libs_feed-layout_dist_Utils_js-libs_views-helpe-3fb136.96ef975b2a2c68f125de.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/feedback.3220005356a33ce0ca94.js
23.223.211.49
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1714130677429&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.143.214
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/waterfall-view-feed.fee4705c613eacc2d102.js
23.223.211.49
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://assets.msn.com/staticsb/statics/latest/common/icons/ZoomWhite.svg
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/RewardsCoachmarkData.c462c3980af18bc60b9d.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/codex-bing-chat.d4705abeab944b647de2.js
23.223.211.49
https://web.telegram.org/
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/taskbar_v10/Condition_Card/SunnyDayV3.svg
23.223.211.49
https://assets.msn.com/service/news/feed/pages/weblayout
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/weather-card-wc.e04438636ada807c9cd8.js
23.223.211.49
https://drive-daily-2.corp.google.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/nurturing-placement-manager.5ea7db000698f8928d23.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/conditionalBannerWC.6d8019b2ba4ee047b8c5.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/channel-store.f9d771c394cc026db8e1.js
23.223.211.49
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://drive-daily-5.corp.google.com/
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/ocvFeedback.2a930d83a1ebb2ea4b2d.js
23.223.211.49
https://bzib.nelreports.net/api/report?cat=bingbusiness
unknown
https://assets.msn.com/staticsb/statics/latest/icons/office-icons/OneNote_24x.svg
23.223.211.49
https://assets.msn.com/staticsb/statics/latest/marketmismatch/bannerDisplayString/en-gb.json
23.223.211.49
https://chromewebstore.google.com/
unknown
https://drive-preprod.corp.google.com/
unknown
https://chrome.google.com/webstore/
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/nas-highlight-v3v4.5873ec4aa566b5d8efc3.js
23.223.211.49
https://bard.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1714130685294&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.143.214
https://assets.msn.com/service/News/Users/me/Rewards?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=688EE368-8EF7-4C0D-B7E6-EFF988C3344C&ocid=rewards-peregrine&cm=en-us&it=app&user=m-2D323F4839E46D8C1C862B2538746C78&scn=APP_ANON&version=2
23.223.211.49
http://www.gzip.org/zlib/rfc-gzip.html
unknown
https://assets.msn.com/service/graph/actions?%24top=20&%24filter=actionType+eq+%27Follow%27+and+%28targetType+eq+%27Location%27%29&apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=688EE368-8EF7-4C0D-B7E6-EFF988C3344C&ocid=pdp-peregrine&cm=en-us&it=app&user=m-2D323F4839E46D8C1C862B2538746C78&scn=APP_ANON
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/toast-wc.6cd4b923cfe7c0d8b058.js
23.223.211.49
https://www.office.com
unknown
https://outlook.live.com/mail/0/
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGM2drrEGIjCdA8oBvLI_S0w4PuM0ZhnBnCrUHPr5Jc23MWKF6F2bqb9Kv221D-U0CKCuK9i3gdQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.217.196
https://ntp.msn.com/edge/ntp
unknown
https://sb.scorecardresearch.com/b2?rn=1714130652737&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2D323F4839E46D8C1C862B2538746C78&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.166.78
https://assets.msn.com/bundles/v1/edgeChromium/latest/card-actions-wc.481b8b612eb2752f2a47.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/pill-wc.319e694f4af755a29b48.js
23.223.211.49
https://tidal.com/
unknown
https://ntp.msn.com
unknown
https://gaana.com/
unknown
https://outlook.live.com/mail/compose?isExtension=true
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/node_modules_sortablejs_modular_sortable_esm_js.6985524dca6d732452d7.js
23.223.211.49
https://latest.web.skype.com/?browsername=edge_canary_shoreline
unknown
https://word.new?from=EdgeM365Shoreline
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/MarketMismatchCoachMark.e6fcf9edbaadfb663ccb.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/weather-card-data-connector.365f71c98d5946039ac2.js
23.223.211.49
https://assets.msn.com/bundles/v1/edgeChromium/latest/libs_channel-page-utils_dist_UrlUtilities_js-libs_feed-layout_dist_Utils_js-libs_river-data-t-f9dc83.9f0adc3e62dbdda80988.js
23.223.211.49
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/channel-data-connector.02a4c4f575b24365379f.js
23.223.211.49
https://mail.google.com/mail/mu/mp/266/#tl/Inbox
unknown
https://drive-autopush.corp.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1714130684505&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.143.214
https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
unknown
https://open.spotify.com
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/scrollPerfMetricTrackers.9abeb397be7183994289.js
23.223.211.49
https://twitter.com/
unknown
https://sb.scorecardresearch.com/b?rn=1714130652737&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2D323F4839E46D8C1C862B2538746C78&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.166.42
https://m.vk.com/
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/feedDependencies.814370cbb4b6b44b4411.js
23.223.211.49
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.217.196
https://xot.traxa41.net/ext/analytic?do=init&from=Chrome4
23.106.238.238
https://drive-daily-6.corp.google.com/
unknown
https://drive-daily-0.corp.google.com/
unknown
https://www.iheart.com/podcast/
unknown
https://music.yandex.com
unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/super-coach-mark-wc.5ad8de935d24e6052658.js
23.223.211.49
https://xot.traxa41.net
unknown
https://clients2.googleusercontent.com
unknown
https://assets.msn.com/staticsb/statics/latest/common/icons/EditImageWhite.svg
23.223.211.49
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bzib.nelreports.net
unknown
 malicious
xot.traxa41.net
unknown
 malicious
chrome.cloudflare-dns.com
172.64.41.3
addons.i7con.net
23.106.238.238
sb.scorecardresearch.com
18.173.166.42
www.google.com
142.250.217.196
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
api.msn.com
unknown

IPs

IP
Domain
Country
Malicious
23.96.180.189
unknown
United States
152.195.19.97
unknown
United States
52.182.143.214
unknown
United States
192.168.2.6
unknown
unknown
162.159.61.3
unknown
United States
18.173.166.78
unknown
United States
23.223.211.49
unknown
United States
13.107.213.41
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
142.250.64.225
unknown
United States
23.106.238.238
addons.i7con.net
United Kingdom
142.250.217.196
www.google.com
United States
239.255.255.250
unknown
Reserved
23.50.112.28
unknown
United States
18.173.166.42
sb.scorecardresearch.com
United States
184.28.75.168
unknown
United States
184.28.75.203
unknown
United States
There are 8 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
ProgramId
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
FileId
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
LowerCaseLongPath
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
LongPathHash
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Name
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
OriginalFileName
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Publisher
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Version
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
BinFileVersion
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
BinaryType
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
ProductName
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
ProductVersion
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
LinkDate
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
BinProductVersion
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
AppxPackageFullName
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
AppxPackageRelativeId
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Size
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Language
\REGISTRY\A\{b2e7e52d-5086-9583-280b-a556faf8e0d0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\66706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
oaikgohmhipcpliahjfhdhcddajbgkok
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
oaikgohmhipcpliahjfhdhcddajbgkok
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
oaikgohmhipcpliahjfhdhcddajbgkok
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\66706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\66706
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\66706
WindowTabManagerFileMappingId
There are 163 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1BA88983000
heap
page read and write
7FF48D280000
trusted library allocation
page execute and read and write
7FFD34A29000
trusted library allocation
page read and write
7FFD34BE9000
trusted library allocation
page read and write
1BA8A6C5000
trusted library allocation
page read and write
7FFD34AD0000
trusted library allocation
page read and write
2AB7DF7000
stack
page read and write
7FFD3478D000
trusted library allocation
page execute and read and write
2AB61FE000
stack
page read and write
7FFD34A18000
trusted library allocation
page read and write
2AB5DFE000
stack
page read and write
1BA888E5000
heap
page read and write
1BA88BD0000
trusted library allocation
page read and write
7FFD34B10000
trusted library allocation
page read and write
1BA88880000
heap
page read and write
1BA8A708000
trusted library allocation
page read and write
1BA8A6F4000
trusted library allocation
page read and write
2AB65FF000
stack
page read and write
1BA88B50000
heap
page read and write
1BA8A3BF000
heap
page read and write
1BA88B03000
trusted library allocation
page read and write
1BAA2D0A000
heap
page read and write
2AB81FD000
stack
page read and write
7FFD34784000
trusted library allocation
page read and write
1BA88860000
heap
page read and write
7FFD34A60000
trusted library allocation
page read and write
7FFD34790000
trusted library allocation
page read and write
7FFD34AA8000
trusted library allocation
page read and write
7FFD34B90000
trusted library allocation
page read and write
7FFD34C70000
trusted library allocation
page read and write
1BA88910000
heap
page read and write
7FFD3483C000
trusted library allocation
page execute and read and write
1BA88900000
trusted library allocation
page read and write
7FFD34A0D000
trusted library allocation
page read and write
7FFD348A0000
trusted library allocation
page execute and read and write
1BA9A531000
trusted library allocation
page read and write
1BA88AF0000
trusted library allocation
page read and write
7FFD34B20000
trusted library allocation
page read and write
1BA88B10000
direct allocation
page execute and read and write
1BA888E0000
heap
page read and write
1BAA3730000
heap
page read and write
1BA8A520000
heap
page execute and read and write
1BA88B40000
trusted library allocation
page read and write
7FFD34932000
trusted library allocation
page read and write
7FFD34A34000
trusted library allocation
page read and write
1BA888A0000
heap
page read and write
2AB79FF000
stack
page read and write
7FFD34A2D000
trusted library allocation
page read and write
1BA8A6F0000
trusted library allocation
page read and write
2AB75FF000
stack
page read and write
7FFD34840000
trusted library allocation
page execute and read and write
7FFD34AA6000
trusted library allocation
page read and write
1BA8A926000
trusted library allocation
page read and write
7FFD34A54000
trusted library allocation
page read and write
7FFD34A70000
trusted library allocation
page read and write
7FFD34AE0000
trusted library allocation
page read and write
7FFD34B00000
trusted library allocation
page read and write
7FFD34C80000
trusted library allocation
page read and write
7FFD34A07000
trusted library allocation
page read and write
2AB6DFB000
stack
page read and write
1BAA2D52000
heap
page read and write
7FFD34A46000
trusted library allocation
page read and write
7FFD34B14000
trusted library allocation
page read and write
7FFD34920000
trusted library allocation
page read and write
7FFD34B93000
trusted library allocation
page read and write
7FFD349F2000
trusted library allocation
page read and write
1BAA2CF0000
heap
page execute and read and write
7FFD34A50000
trusted library allocation
page read and write
7FFD34BD0000
trusted library allocation
page read and write
7FFD34792000
trusted library allocation
page read and write
7FFD34830000
trusted library allocation
page read and write
7FFD34BC0000
trusted library allocation
page read and write
7FFD34B60000
trusted library allocation
page read and write
1BA88C00000
heap
page read and write
1BA8A71E000
trusted library allocation
page read and write
1BA8897C000
heap
page read and write
1BA8A6A9000
trusted library allocation
page read and write
1BAA3740000
heap
page read and write
1BA88B00000
trusted library allocation
page read and write
7FFD34836000
trusted library allocation
page read and write
1BA88850000
heap
page read and write
7FFD34B40000
trusted library allocation
page read and write
1BA8A531000
trusted library allocation
page read and write
1BA88950000
heap
page read and write
7FF48D270000
trusted library allocation
page execute and read and write
7FFD34BE0000
trusted library allocation
page read and write
7FFD34A52000
trusted library allocation
page read and write
7FFD34A38000
trusted library allocation
page read and write
7FFD34A80000
trusted library allocation
page execute and read and write
7FFD34B30000
trusted library allocation
page read and write
7FFD34BA0000
trusted library allocation
page read and write
1BAA2D00000
heap
page read and write
7FFD34934000
trusted library allocation
page execute and read and write
7FFD34AAB000
trusted library allocation
page read and write
7FFD34A40000
trusted library allocation
page read and write
1BA9A539000
trusted library allocation
page read and write
1BAA2D84000
heap
page read and write
7FFD34922000
trusted library allocation
page read and write
7FFD34AA1000
trusted library allocation
page read and write
7FFD34C90000
trusted library allocation
page read and write
7FFD34AC0000
trusted library allocation
page read and write
7FFD34AA3000
trusted library allocation
page read and write
2AB85FE000
stack
page read and write
1BA8A70A000
trusted library allocation
page read and write
7FFD34A95000
trusted library allocation
page read and write
1BA8893B000
heap
page read and write
7FFD34B70000
trusted library allocation
page read and write
1BA8A98F000
trusted library allocation
page read and write
1BA8A4D0000
unkown
page readonly
7FFD349F4000
trusted library allocation
page read and write
7FFD34930000
trusted library allocation
page read and write
7FFD34BCB000
trusted library allocation
page read and write
1BA8A6BA000
trusted library allocation
page read and write
2AB71FE000
stack
page read and write
7FFD34A90000
trusted library allocation
page read and write
1BA8A6DC000
trusted library allocation
page read and write
1BA8A6D9000
trusted library allocation
page read and write
1BAA2D89000
heap
page read and write
2AB91FB000
stack
page read and write
1BA887B0000
unkown
page readonly
7FFD34940000
trusted library allocation
page read and write
7FFD34A3A000
trusted library allocation
page read and write
2AB69FE000
stack
page read and write
1BA88C05000
heap
page read and write
1BA889BA000
heap
page read and write
1BA887B2000
unkown
page readonly
7FFD34B80000
trusted library allocation
page read and write
1BA889E9000
heap
page read and write
7FFD34ABB000
trusted library allocation
page read and write
7FFD34936000
trusted library allocation
page execute and read and write
2AB59F3000
stack
page read and write
1BAA2560000
trusted library allocation
page read and write
1BA8A641000
trusted library allocation
page read and write
1BA8A63D000
trusted library allocation
page read and write
7FFD3492D000
trusted library allocation
page execute and read and write
7FFD34AAF000
trusted library allocation
page read and write
7FFD349E0000
trusted library allocation
page read and write
7FFD34A9B000
trusted library allocation
page read and write
7FFD34783000
trusted library allocation
page execute and read and write
2AB530D000
stack
page read and write
1BA88916000
heap
page read and write
1BA88952000
heap
page read and write
1BA8A63F000
trusted library allocation
page read and write
7FFD34A75000
trusted library allocation
page read and write
7FFD34866000
trusted library allocation
page execute and read and write
7FFD34A98000
trusted library allocation
page read and write
7FFD34AF0000
trusted library allocation
page read and write
7FFD34782000
trusted library allocation
page read and write
7FF48D290000
trusted library allocation
page execute and read and write
7FFD34B50000
trusted library allocation
page read and write
1BA8A56C000
trusted library allocation
page read and write
There are 141 hidden memdumps, click here to show them.