Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

ESVoO7ywn5.exe

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

initial sample

C:\ProgramData\8q1ny\1ngvsr

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\8q1ny\8g4wln

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\8q1ny\8q1nyc

ASCII text, with very long lines (1769), with CRLF line terminators

dropped

C:\ProgramData\8q1ny\eu3w4o89z

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\8q1ny\kngv3e3wl

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\8q1ny\ukx47g

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7

dropped

C:\ProgramData\8q1ny\vkng4e

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\8q1ny\w4e3eu

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\8q1ny\wb1n79

SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0604fc86-c921-44ca-b8b9-5a8c9f63e902.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\22bfa780-7cca-4dda-b389-0297222b12f9.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4e5a0e39-5518-4901-809f-2576d0091ed4.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\63b78897-e67b-433c-9a3b-16950e7bb8dc.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6490604b-42ce-42b2-a43d-223f8fcd9ecb.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\85e5d554-9b65-439f-bb6c-d5b42e38edfa.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\86071c11-d6c6-40eb-a985-0a805b9fc479.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\871cacbd-14b3-46a7-9126-2cb44e1d4900.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8e4dfe6a-e872-4000-a43d-ca80024f75d1.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\92d99ddb-cec5-4ee0-8704-2caa6ca8ca3c.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9db23813-4598-4dab-9461-9e73f608de59.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\67dd2f1f-528d-4e1d-a657-f4b68a26bd09.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C6D7EC-1640.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C6D7EF-1DA8.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C6D7F7-FC4.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C6D7F9-1A5C.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C6D800-BD4.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C6D801-1C28.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C6D80A-17BC.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C6D80B-700.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\421ccfae-0f20-420b-a815-2be25455389b.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5bb78602-f6e2-45ff-b3ad-db4e0943141a.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7e116ba4-3d84-4eed-b700-4838ccdf7707.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8133ae5d-0b2a-407a-8d50-e64149585e55.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\84812db6-fd2f-47d1-ba65-3b495e0c6f86.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF39e06.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3cb02.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a59f13ae-604d-46da-b0e4-c602998db30e.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\abddaa46-7a5f-4c02-bd6f-96c1425b8d36.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f553dcb8-6acf-476a-b96d-0f5b5487435a.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3dd61.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13385558286248681

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\25b51b9f-c660-465e-8193-8831e698c71d.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\3e069f0f-ae39-43ff-9157-785ade67a4ff.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3cb11.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b4927176-045e-4ff7-9f62-9db9a0bbe345.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

ASCII text, with very long lines (3951), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e7102b8a-fbb3-43d5-ba18-d7f256b88392.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

SQLite Write-Ahead Log, version 3007000

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31ed4.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31f8f.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31fed.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31ffc.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34075.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34392.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF346be.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF346ce.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3642a.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36533.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36552.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36562.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38c24.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38cb1.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38df9.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b566.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ddbf.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

raw G3 (Group 3) FAX, byte-padded

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a79aeca5-e3ad-4175-b8ec-e29303a8b31d.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a902e6a1-bd39-4835-b503-186b26682547.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b78f768c-6013-45db-9a07-84e80f63eedd.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c8fcf8f3-6840-4ea0-ad79-f690f823043a.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d60a5fa6-604b-42c0-a3ad-8fe5b1d77571.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ddd869e2-8d3f-492e-9025-93f35b49926d.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f41164b3-371a-4cb7-959f-20769fd7b4f4.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\0657c23e-534d-4440-b2f0-2749a69c57e0.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\26bba2b0-4900-4615-be81-66110fc7b0d7.tmp

PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\2839609a-3e54-4935-a4c2-ded2c7ef35dd.tmp

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3

dropped

C:\Users\user\AppData\Local\Temp\8732a347-123a-4dca-8080-6d962d31383f.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\8a563954-84ed-4427-9b7f-7ddec4420f14.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\b388ca02-a73c-4f55-977b-c5405e4da73e.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\cv_debug.log

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_332931808\8a563954-84ed-4427-9b7f-7ddec4420f14.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_332931808\CRX_INSTALL\_metadata\verified_contents.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_332931808\CRX_INSTALL\content.js

Unicode text, UTF-8 text, with very long lines (8031), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_332931808\CRX_INSTALL\content_new.js

Unicode text, UTF-8 text, with very long lines (8604), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_332931808\CRX_INSTALL\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\af\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\am\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ar\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\az\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\be\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\bg\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\bn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ca\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\cs\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\cy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\da\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\de\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\el\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\en\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\en_CA\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\en_GB\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\en_US\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\es\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\es_419\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\et\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\eu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\fa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\fi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\fil\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\fr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\fr_CA\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\gl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\gu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\hi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\hr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\hu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\hy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\id\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\is\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\it\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\iw\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ja\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ka\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\kk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\km\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\kn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ko\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\lo\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\lt\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\lv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ml\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\mn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\mr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ms\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\my\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ne\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\nl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\no\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\pa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\pl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\pt_BR\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\pt_PT\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ro\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ru\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\si\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\sk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\sl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\sr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\sv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\sw\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ta\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\te\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\th\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\tr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\uk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\ur\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\vi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\zh_CN\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\zh_HK\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\zh_TW\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_locales\zu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\_metadata\verified_contents.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\dasherSettingSchema.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\offscreendocument.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\offscreendocument_main.js

ASCII text, with very long lines (4882)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\page_embed_script.js

ASCII text, with very long lines (337)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\CRX_INSTALL\service_worker_bin_prod.js

ASCII text, with very long lines (4884)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir1792_736537808\b388ca02-a73c-4f55-977b-c5405e4da73e.tmp

Google Chrome extension, version 3

dropped

Chrome Cache Entry: 281

ASCII text, with very long lines (2412)

downloaded

Chrome Cache Entry: 282

ASCII text, with very long lines (3210)

downloaded

Chrome Cache Entry: 283

ASCII text

downloaded

Chrome Cache Entry: 284

ASCII text, with very long lines (1437)

downloaded

Chrome Cache Entry: 285

ASCII text, with very long lines (65531)

downloaded

Chrome Cache Entry: 286

SVG Scalable Vector Graphics image

downloaded

Chrome Cache Entry: 287

ASCII text, with very long lines (5162), with no line terminators

downloaded

There are 266 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\ESVoO7ywn5.exe

"C:\Users\user\Desktop\ESVoO7ywn5.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2156,i,1131510046767708764,2246000416851658240,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=2412,i,9274776203736152754,605761456401538253,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2044,i,15981325911887861837,13651116499266714493,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=2460,i,1138376815955586151,5217051833138542039,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1224,i,17455348826925458802,6377544182770007866,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2484 --field-trial-handle=2332,i,2532517917331351372,14812221957189302912,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=2100,i,13483832867504272092,8759147376075008789,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2616 --field-trial-handle=2412,i,16560664075412926242,1091205746907078500,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2016,i,8861881736564387129,5534421032980024966,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6628 --field-trial-handle=2016,i,8861881736564387129,5534421032980024966,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6820 --field-trial-handle=2016,i,8861881736564387129,5534421032980024966,262144 /prefetch:8

There are 12 hidden processes, click here to show them.

URLs

Name

Malicious

https://duckduckgo.com/chrome_newtab

unknown

https://mail.google.com/mail/?usp=installed_webapp

unknown

https://duckduckgo.com/ac/?q=

unknown

https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing

unknown

https://permanently-removed.invalid/oauth2/v2/tokeninfo

unknown

https://ntp.msn.com/0

unknown

https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b

unknown

https://docs.google.com/document/J

unknown

https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone

unknown

https://ntp.msn.com/_default

unknown

http://anglebug.com/4633

unknown

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741084697772&w=0&anoncknm=app_anon&NoResponseBody=true

104.208.16.95

https://anglebug.com/7382

unknown

https://issuetracker.google.com/284462263

unknown

https://chrome.google.com/webstorekuOEgDdc=

unknown

https://deff.nelreports.net/api/report?cat=msn

unknown

https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly

unknown

https://chrome.google.com/webstore6p

unknown

https://publickeyservice.gcp.privacysandboxservices.com

unknown

http://polymer.github.io/AUTHORS.txt

unknown

https://docs.google.com/

unknown

https://docs.google.com/document/:

unknown

https://publickeyservice.pa.aws.privacysandboxservices.com

unknown

https://photos.google.com/settings?referrer=CHROME_NTP

unknown

https://anglebug.com/7714

unknown

http://anglebug.com/60484

unknown

http://unisolated.invalid/

unknown

https://photos.google.com?referrer=CHROME_NTP

unknown

https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531

204.79.197.203

https://www.google.com/chrome/tips/

unknown

http://anglebug.com/35864

unknown

https://drive.google.com/?lfhs=2

unknown

http://anglebug.com/6248

unknown

http://beego.me/docs/module/toolbox.md

unknown

https://ogs.google.com/widget/callout?eom=1

unknown

http://anglebug.com/6929

unknown

http://anglebug.com/3584il

unknown

http://anglebug.com/5281

unknown

https://d.mx.goldenloafuae.com/ource

unknown

https://www.youtube.com/?feature=ytca

unknown

https://issuetracker.google.com/255411748

unknown

https://docs.google.com/document/u/0/create?usp=chrome_actions

unknown

https://permanently-removed.invalid/oauth2/v4/token

unknown

https://anglebug.com/7246

unknown

http://anglebug.com/5881k

unknown

https://d.mx.goldenloafuae.com/J

unknown

https://anglebug.com/7369

unknown

https://anglebug.com/7489

unknown

https://duckduckgo.com/?q=

unknown

https://chrome.google.com/webstore

unknown

https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true

204.79.197.203

https://cdnjs.cloudflare.com/ajax/libs/mathjax/

unknown

https://drive-daily-2.corp.google.com/

unknown

https://c.msn.com/c.gif?rnd=1741084693414&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=90e161a33bb2496883b1403088975b1a&activityId=90e161a33bb2496883b1403088975b1a&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0

13.74.129.1

http://polymer.github.io/PATENTS.txt

unknown

https://payments.google.com/payments/v4/js/integrator.js

unknown

http://anglebug.com/8229e

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.ico

unknown

https://unitedstates1.ss.wd.microsoft.us/

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://issuetracker.google.com/161903006

unknown

https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true

204.79.197.203

https://www.ecosia.org/newtab/

unknown

https://drive-daily-1.corp.google.com/

unknown

https://drive-daily-5.corp.google.com/

unknown

https://duckduckgo.com/favicon.ico

unknown

104.208.16.95

https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions

unknown

https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy

unknown

https://plus.google.com

unknown

https://permanently-removed.invalid/chrome/blank.html

unknown

http://anglebug.com/3078

unknown

http://anglebug.com/7553

unknown

http://anglebug.com/5375

unknown

https://permanently-removed.invalid/v1/issuetoken

unknown

http://anglebug.com/5371

unknown

https://chrome.google.com/webstore?hl=en10

unknown

https://assets.msn.com/statics/icons/favicon_newtabpage.png

23.210.244.202

http://anglebug.com/4722

unknown

https://m.google.com/devicemanagement/data/api

unknown

https://permanently-removed.invalid/reauth/v1beta/users/

unknown

https://t.me/l793oy

149.154.167.99

https://steamcommunity.com/profiles/76561199829660832

https://docs.google.com/presentation/u/0/create?usp=chrome_actions

unknown

https://d.mx.goldenloafuae.com/#

unknown

https://permanently-removed.invalid/LogoutYxAB

unknown

http://anglebug.com/7556

unknown

https://chromewebstore.google.com/

unknown

https://assets.msn.com/bundles/v1/edgeChromium/latest/common.ccf37a049089f68490a9.js

23.210.244.202

104.208.16.95

https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg

unknown

http://anglebug.com/7406:

unknown

https://drive-preprod.corp.google.com/

unknown

https://chrome.google.com/webstore/

unknown

https://clients4.google.com/chrome-sync

unknown

https://publickeyservice.pa.gcp.privacysandboxservices.com

unknown

https://permanently-removed.invalid/RotateBoundCookies

unknown

http://anglebug.com/6692

unknown

https://issuetracker.google.com/258207403

unknown

http://anglebug.com/3502

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

d.mx.goldenloafuae.com

95.217.27.252

chrome.cloudflare-dns.com

172.64.41.3

plus.l.google.com

142.250.185.238

a416.dscd.akamai.net

2.22.242.105

t.me

149.154.167.99

a-0003.a-msedge.net

204.79.197.203

c-msn-pme.trafficmanager.net

13.74.129.1

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

94.245.104.56

ax-0001.ax-msedge.net

150.171.27.10

svc.ms-acdc-teams.office.com

52.123.243.88

play.google.com

142.250.181.238

sb.scorecardresearch.com

18.244.18.27

www.google.com

142.250.185.132

e28578.d.akamaiedge.net

23.210.244.202

googlehosted.l.googleusercontent.com

216.58.212.161

assets.msn.com

unknown

c.msn.com

unknown

ntp.msn.com

unknown

clients2.googleusercontent.com

unknown

bzib.nelreports.net

unknown

apis.google.com

unknown

api.msn.com

unknown

There are 12 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

192.168.2.7

unknown

95.217.27.252

d.mx.goldenloafuae.com

Germany

2.22.242.105

a416.dscd.akamai.net

European Union

23.200.0.29

unknown

United States

18.244.18.27

sb.scorecardresearch.com

United States

23.49.251.8

unknown

United States

149.154.167.99

t.me

United Kingdom

142.250.181.238

play.google.com

United States

162.159.61.3

unknown

United States

23.219.82.72

unknown

United States

13.74.129.1

c-msn-pme.trafficmanager.net

United States

20.110.205.119

unknown

United States

204.79.197.219

unknown

United States

172.64.41.3

chrome.cloudflare-dns.com

United States

104.208.16.95

unknown

United States

142.250.185.132

www.google.com

United States

142.250.185.238

plus.l.google.com

United States

23.210.244.202

e28578.d.akamaiedge.net

United States

18.238.49.124

unknown

United States

239.255.255.250

unknown

Reserved

216.58.212.161

googlehosted.l.googleusercontent.com

United States

127.0.0.1

unknown

204.79.197.203

a-0003.a-msedge.net

United States

There are 13 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB

Left

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB

Top

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

freseenversion

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

freseen

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults

is_dse_recommended

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults

is_startup_page_recommended

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459866

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dgiklkfkllikcanfonkcabmbdfmgleag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fikbjbembnmfhppjfnmfkahdhfohhjmg

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

iglcjdemknebjbklcgkfaebgojjphkec

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ihmafllikibpmigkcoadcmckbfhibefp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jdiccldimpdaibmpdkjnbmckianbfold

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ncbjelpjchkpbikbpkcchkhkblodoama

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds

EdgeMUID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default

MUID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.account_id

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.last_username

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.last_account_id

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

lastrun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459866

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459866

WindowTabManagerFileMappingId

There are 81 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

5C1C00218000

trusted library allocation

page read and write

A0E6000

direct allocation

page read and write

56EE000

heap

page read and write

19EB3B72000

trusted library allocation

page read and write

367002220000

trusted library allocation

page read and write

A334000

direct allocation

page read and write

15C0003C0000

trusted library allocation

page read and write

1E4F5FE000

unkown

page readonly

5C9000238000

trusted library allocation

page read and write

5C1C002D0000

trusted library allocation

page read and write

5E8800700000

trusted library allocation

page read and write

15C00041C000

trusted library allocation

page read and write

F34018CC000

trusted library allocation

page read and write

237B771F000

heap

page read and write

12C402490000

trusted library allocation

page read and write

F340032C000

trusted library allocation

page read and write

F3401950000

trusted library allocation

page read and write

5391000

heap

page read and write

12C4024A4000

trusted library allocation

page read and write

A4BE000

direct allocation

page read and write

5C1C0024C000

trusted library allocation

page read and write

A13C000

direct allocation

page read and write

12C4025B0000

trusted library allocation

page read and write

5BF000217000

direct allocation

page read and write

1EFD3A46000

heap

page read and write

67DC00374000

trusted library allocation

page read and write

12C402314000

trusted library allocation

page read and write

206800210000

direct allocation

page read and write

1EFD3A9E000

heap

page read and write

CE5B1FE000

unkown

page readonly

5801FFE000

stack

page read and write

5C9000408000

trusted library allocation

page read and write

673C002F0000

trusted library allocation

page read and write

F34017B4000

trusted library allocation

page read and write

12C402434000

trusted library allocation

page read and write

773000294000

trusted library allocation

page read and write

F3401CD4000

trusted library allocation

page read and write

F3400C90000

trusted library allocation

page read and write

F34018E0000

trusted library allocation

page read and write

F3400860000

trusted library allocation

page read and write

F3400950000

trusted library allocation

page read and write

62E0002A8000

trusted library allocation

page read and write

193C002B8000

trusted library allocation

page read and write

F34002BC000

trusted library allocation

page read and write

773000260000

trusted library allocation

page read and write

F3401908000

trusted library allocation

page read and write

19FC0026C000

direct allocation

page read and write

1C722AAA000

heap

page read and write

95E000

stack

page read and write

12C402450000

trusted library allocation

page read and write

12C401001000

trusted library allocation

page read and write

EC00020C000

trusted library allocation

page read and write

1C722B2F000

heap

page read and write

67F6000

heap

page read and write

773000278000

trusted library allocation

page read and write

1780000

heap

page read and write

1C722AA2000

heap

page read and write

193C00294000

trusted library allocation

page read and write

5E8800730000

trusted library allocation

page read and write

51F0000

heap

page read and write

F3401B3C000

trusted library allocation

page read and write

F3400364000

trusted library allocation

page read and write

AF3A9FE000

unkown

page readonly

773000230000

trusted library allocation

page read and write

F3400908000

trusted library allocation

page read and write

5C1C00024000

trusted library allocation

page read and write

5870FFE000

stack

page read and write

15C000390000

trusted library allocation

page read and write

F340118C000

trusted library allocation

page read and write

F3400590000

trusted library allocation

page read and write

F3400364000

trusted library allocation

page read and write

5C9000248000

trusted library allocation

page read and write

193C00274000

trusted library allocation

page read and write

15C0000CC000

trusted library allocation

page read and write

F3400ADE000

trusted library allocation

page read and write

19EB5950000

trusted library section

page read and write

36700243C000

trusted library allocation

page read and write

A0D4000

direct allocation

page read and write

AF3D9FE000

unkown

page readonly

F34016C4000

trusted library allocation

page read and write

4FD000

stack

page read and write

67DC00238000

trusted library allocation

page read and write

673C00418000

trusted library allocation

page read and write

15C000020000

trusted library allocation

page read and write

F3400344000

trusted library allocation

page read and write

5848000

heap

page read and write

F3401718000

trusted library allocation

page read and write

12C402290000

trusted library allocation

page read and write

367002230000

trusted library allocation

page read and write

944000

heap

page read and write

5090000

trusted library allocation

page read and write

F3400C58000

trusted library allocation

page read and write

F3401C01000

trusted library allocation

page read and write

237B5750000

heap

page read and write

F3401B28000

trusted library allocation

page read and write

67DC002B0000

trusted library allocation

page read and write

F340032C000

trusted library allocation

page read and write

5476000

heap

page read and write

A15D000

direct allocation

page read and write

F3401528000

trusted library allocation

page read and write

1C722AC8000

heap

page read and write

587A7FE000

unkown

page readonly

12C4023D0000

trusted library allocation

page read and write

F3400041000

trusted library allocation

page read and write

AF3F1FD000

stack

page read and write

F3401434000

trusted library allocation

page read and write

5C9000210000

trusted library allocation

page read and write

7730002B4000

trusted library allocation

page read and write

5C1C002FC000

trusted library allocation

page read and write

5E8800664000

trusted library allocation

page read and write

F340000C000

trusted library allocation

page read and write

AF209FE000

unkown

page readonly

F340020C000

trusted library allocation

page read and write

19EB6D60000

heap

page read and write

1EFD594F000

heap

page read and write

673C00350000

trusted library allocation

page read and write

F3400CF4000

trusted library allocation

page read and write

F3400A01000

trusted library allocation

page read and write

66CB000

heap

page read and write

F3401078000

trusted library allocation

page read and write

12C4024D4000

trusted library allocation

page read and write

206800284000

direct allocation

page read and write

AF391FE000

stack

page read and write

F34015E4000

trusted library allocation

page read and write

367002401000

trusted library allocation

page read and write

237B58E0000

heap

page read and write

5AB0000

heap

page read and write

12C402410000

trusted library allocation

page read and write

1E455FE000

unkown

page readonly

F3401518000

trusted library allocation

page read and write

5792000

heap

page read and write

CE5D1FE000

unkown

page readonly

237B585A000

heap

page read and write

1EFD3850000

heap

page read and write

EC0003A8000

trusted library allocation

page read and write

232E24EA000

heap

page read and write

A15D000

direct allocation

page read and write

53EB000

heap

page read and write

AF2D9FE000

unkown

page readonly

193C00230000

trusted library allocation

page read and write

F3401864000

trusted library allocation

page read and write

3670023DC000

trusted library allocation

page read and write

EC000238000

trusted library allocation

page read and write

5C90003AC000

trusted library allocation

page read and write

F34004BC000

trusted library allocation

page read and write

19EB1700000

heap

page read and write

5E88002FC000

trusted library allocation

page read and write

773000210000

trusted library allocation

page read and write

62E0002B4000

trusted library allocation

page read and write

67DC003A0000

trusted library allocation

page read and write

CE3A1FE000

unkown

page readonly

F34000E0000

trusted library allocation

page read and write

A17A000

direct allocation

page read and write

5C900031C000

trusted library allocation

page read and write

673C003BC000

trusted library allocation

page read and write

5E8800330000

trusted library allocation

page read and write

12C402494000

trusted library allocation

page read and write

206800318000

direct allocation

page read and write

237B58A1000

heap

page read and write

926BFFE000

stack

page read and write

7C0000

heap

page read and write

1EFD5992000

heap

page read and write

F34007B8000

trusted library allocation

page read and write

5850000

heap

page read and write

5E88006B8000

trusted library allocation

page read and write

EC000300000

trusted library allocation

page read and write

5E88006F0000

trusted library allocation

page read and write

526800308000

direct allocation

page read and write

F3400454000

trusted library allocation

page read and write

773000238000

trusted library allocation

page read and write

5873FFC000

stack

page read and write

F3401594000

trusted library allocation

page read and write

55CC002D8000

trusted library allocation

page read and write

70F800288000

trusted library allocation

page read and write

12C40245C000

trusted library allocation

page read and write

5E8800754000

trusted library allocation

page read and write

526800294000

direct allocation

page read and write

15C00017C000

trusted library allocation

page read and write

5B38000

heap

page read and write

F340104C000

trusted library allocation

page read and write

1E33DFD000

stack

page read and write

A036000

direct allocation

page read and write

19FC002DC000

direct allocation

page read and write

67DC00220000

trusted library allocation

page read and write

A18A000

direct allocation

page read and write

62E0002F0000

trusted library allocation

page read and write

F3401674000

trusted library allocation

page read and write

F34003A8000

trusted library allocation

page read and write

673C002D0000

trusted library allocation

page read and write

48400201000

direct allocation

page read and write

F3400C80000

trusted library allocation

page read and write

232E435D000

heap

page read and write

232E43A2000

heap

page read and write

19EAE610000

trusted library allocation

page read and write

EC000360000

trusted library allocation

page read and write

AF3C9FE000

unkown

page readonly

1E525FE000

unkown

page readonly

587AFFE000

stack

page read and write

20680024C000

direct allocation

page read and write

1C722A2B000

heap

page read and write

232E24EA000

heap

page read and write

A148000

direct allocation

page read and write

55CC002B4000

trusted library allocation

page read and write

58697FE000

unkown

page readonly

206800234000

direct allocation

page read and write

15C0004AE000

trusted library allocation

page read and write

19FC00217000

direct allocation

page read and write

237B5930000

heap

page read and write

CE3A9FE000

stack

page read and write

F340183C000

trusted library allocation

page read and write

EC00031C000

trusted library allocation

page read and write

15C000450000

trusted library allocation

page read and write

55CC002FC000

trusted library allocation

page read and write

F34016F4000

trusted library allocation

page read and write

A0AE000

direct allocation

page read and write

367002428000

trusted library allocation

page read and write

EC000358000

trusted library allocation

page read and write

F3400B28000

trusted library allocation

page read and write

19EB1C59000

heap

page read and write

12C400A01000

trusted library allocation

page read and write

F3400CA0000

trusted library allocation

page read and write

193C002B4000

trusted library allocation

page read and write

F3400E78000

trusted library allocation

page read and write

232E2502000

heap

page read and write

547F000

heap

page read and write

5C1C002A4000

trusted library allocation

page read and write

367002660000

trusted library allocation

page read and write

62E0002A8000

trusted library allocation

page read and write

232E24EA000

heap

page read and write

5C1C00401000

trusted library allocation

page read and write

5C1C002A8000

trusted library allocation

page read and write

1C7249A0000

heap

page read and write

484002D0000

direct allocation

page read and write

A190000

direct allocation

page read and write

1592000

unkown

page write copy

F340136A000

trusted library allocation

page read and write

53AC000

heap

page read and write

F3400298000

trusted library allocation

page read and write

232E23F0000

heap

page read and write

193C00250000

trusted library allocation

page read and write

19FC00230000

direct allocation

page read and write

F3401784000

trusted library allocation

page read and write

F34003A8000

trusted library allocation

page read and write

F340052F000

trusted library allocation

page read and write

206800328000

direct allocation

page read and write

237B5961000

heap

page read and write

5C9000418000

trusted library allocation

page read and write

F3401738000

trusted library allocation

page read and write

5E88007B4000

trusted library allocation

page read and write

12C402554000

trusted library allocation

page read and write

1C7247D0000

trusted library section

page readonly

F34004EC000

trusted library allocation

page read and write

56BB000

heap

page read and write

AF381FE000

stack

page read and write

A0D2000

direct allocation

page read and write

5C1C00190000

trusted library allocation

page read and write

1E4BDFE000

stack

page read and write

232E2525000

heap

page read and write

5BF000280000

direct allocation

page read and write

1C722AB6000

heap

page read and write

1EFD3A31000

heap

page read and write

F3401368000

trusted library allocation

page read and write

F3401754000

trusted library allocation

page read and write

F34000F0000

trusted library allocation

page read and write

F340152C000

trusted library allocation

page read and write

367002420000

trusted library allocation

page read and write

F34002FB000

trusted library allocation

page read and write

925F7FE000

unkown

page readonly

7730002E0000

trusted library allocation

page read and write

F340168C000

trusted library allocation

page read and write

19EB16C0000

heap

page read and write

F3400D14000

trusted library allocation

page read and write

5610000

heap

page read and write

AF489FE000

unkown

page readonly

232E435E000

heap

page read and write

5E8800288000

trusted library allocation

page read and write

1E3FDFC000

stack

page read and write

55CC002B4000

trusted library allocation

page read and write

760000

heap

page read and write

232E43B1000

heap

page read and write

232E43F4000

heap

page read and write

F3401B1C000

trusted library allocation

page read and write

5C1C00264000

trusted library allocation

page read and write

19EB641E000

trusted library section

page read and write

5E880078C000

trusted library allocation

page read and write

70F800250000

trusted library allocation

page read and write

586CFFE000

stack

page read and write

F3400FC8000

trusted library allocation

page read and write

12C402254000

trusted library allocation

page read and write

F3400214000

trusted library allocation

page read and write

20680026C000

direct allocation

page read and write

571A000

heap

page read and write

5C9000350000

trusted library allocation

page read and write

1613000

unkown

page readonly

EC000210000

trusted library allocation

page read and write

1EFD594E000

heap

page read and write

F3401B40000

trusted library allocation

page read and write

586AFFE000

stack

page read and write

673C00408000

trusted library allocation

page read and write

232E24EA000

heap

page read and write

5712000

heap

page read and write

48400244000

direct allocation

page read and write

F3400378000

trusted library allocation

page read and write

F34018E4000

trusted library allocation

page read and write

F3400350000

trusted library allocation

page read and write

EC0003BC000

trusted library allocation

page read and write

CE481FE000

unkown

page readonly

3670023E0000

trusted library allocation

page read and write

F340032C000

trusted library allocation

page read and write

4F91000

heap

page read and write

193C00294000

trusted library allocation

page read and write

1EFD3B2B000

heap

page read and write

A19A000

direct allocation

page read and write

526800270000

direct allocation

page read and write

F3400DE4000

trusted library allocation

page read and write

232E245D000

heap

page read and write

5E8800418000

trusted library allocation

page read and write

55CC002B4000

trusted library allocation

page read and write

20680031C000

direct allocation

page read and write

58097FE000

unkown

page readonly

5E8800220000

trusted library allocation

page read and write

70F800248000

trusted library allocation

page read and write

F3401BB0000

trusted library allocation

page read and write

F3400DA8000

trusted library allocation

page read and write

F3400F94000

trusted library allocation

page read and write

EC0003C0000

trusted library allocation

page read and write

5389000

heap

page read and write

5E880080C000

trusted library allocation

page read and write

999000

heap

page read and write

7730002B4000

trusted library allocation

page read and write

1C724984000

heap

page read and write

1C722A83000

heap

page read and write

15C00021C000

trusted library allocation

page read and write

19EB1C86000

heap

page read and write

F34001D0000

trusted library allocation

page read and write

5E8800368000

trusted library allocation

page read and write

F3401898000

trusted library allocation

page read and write

19EB16D0000

heap

page read and write

4840030A000

direct allocation

page read and write

F3401318000

trusted library allocation

page read and write

67DC0025C000

trusted library allocation

page read and write

EC00031C000

trusted library allocation

page read and write

67DC00284000

trusted library allocation

page read and write

206800270000

direct allocation

page read and write

62E0002B4000

trusted library allocation

page read and write

5C1C0026C000

trusted library allocation

page read and write

5439000

heap

page read and write

F34016E0000

trusted library allocation

page read and write

17B1000

direct allocation

page read and write

67DC00404000

trusted library allocation

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ESVoO7ywn5.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportESVoO7ywn5.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
ESVoO7ywn5.exe