IOC Report
q3na5Mc.exe

loading gif

Files

File Path
Type
Category
Malicious
q3na5Mc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\fctr1\4wbi5x
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\ProgramData\fctr1\7yuk6f
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\fctr1\cjeuk6xb1
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\fctr1\d26fua
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\fctr1\hlfctr
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\fctr1\jwt2dt
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\fctr1\kx4opzcbi
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\fctr1\ohvk68
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\fctr1\ozm7y5
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1cd1427e-1051-4180-93ac-2bc94b45434d.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\31c1072a-f3ee-41ac-9d2b-3246798da169.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\892cb65f-aa0f-4e14-9068-30c593998c97.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\92d538d9-79db-470e-b4f9-b3e100446a5f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\0dd1217c-da4f-4b18-bfde-aaf2838b8112.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C807F1-1A60.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C80802-1FF8.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C8080B-119C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C8080D-1584.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\27d8a463-71ad-43ed-a6ce-d234edec1cd6.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4659a545-1ec8-44d3-91d0-9b7810be4bb1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4ee7b8f7-e723-45f7-a9be-6c2f7c05be91.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\585685bf-d1f9-465e-ba32-6e69131fb939.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\781da12d-7e61-4573-be1e-d4b1a11f10f3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\78854b80-62e7-4ad1-ab9c-462a6dcdb030.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8b5df4f0-617b-4ad0-beac-67bef25c4ee8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\923d013e-f8a6-466c-8a9a-6cf1ffc2d919.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9cef06db-6e97-431c-81f4-509721059111.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9d65d432-33b1-41d5-b49b-de677f365c74.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old~RF5db73.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old~RF5a678.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old~RF5a84d.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old~RF5a85d.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\30c8fc0f-205c-453d-a416-45249d654348.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4cf74a5e-f7a2-458b-a580-2a1d536e0173.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\50aa2ff0-d7c4-4cea-91a4-82828f6fac50.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6462b5be-5ddb-41b4-a7fe-26665e38fc79.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6a423994-d8d5-4c80-950b-6fb0192d5c73.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\747bee6d-b501-401f-b8a7-3db33422e3af.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7bb80cb4-747f-46ca-8933-f3ea0c7b878d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF6cc7a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF57556.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF5cd88.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF5e007.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RF5cff9.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dbb82417-15c0-4b8a-a11c-49e82dbb89f5.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e54a493c-4652-43fe-9e13-91e12a7b48e8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF5cdd7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF60031.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF642c8.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF6b8a4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF610ea.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF63943.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\todelete_1f39852be7daf701 (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old~RF5a84d.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13385636083790487
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13385636111859796
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF5a669.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b3db08b7-c158-4107-9b02-b72bf3d02b0e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF5a669.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b42ebd3f-512b-4b87-8a23-ee74cc4db9b7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e2c7390e-112e-4a39-9b3f-8b86779ae1c2.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old~RF5a89b.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old~RF5a80f.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF536e6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF53724.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF53928.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF55fda.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF57da3.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF57e11.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF57e20.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5a4a4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5a540.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5a6b7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF5ce15.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF6130d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF6a078.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF6dcd6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a633ab7e-db72-41bf-bb25-d44fd72b032a.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a7c073d6-616c-44ba-b9e6-8b4b073fc7a3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\be5ed345-d886-49a7-aba9-d1e2207f27f6.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c456f8d3-6886-41cc-b537-5f62f186b51d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d29e3d2c-1564-4b1f-894d-b1f18b4caa6c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ebcbf384-827b-4738-bdec-312e28294b2f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ee2335a7-1b1e-4aa3-be5e-067d71d345aa.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ff50cb99-6d1f-49a9-af67-21d85af7249b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\022b57a4-a9b1-4d39-a70e-2e7acedd9252.tmp
PNG image data, 340 x 340, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\02804d24-6ede-4d0f-ae8d-b7ee22a24932.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\6118f233-38a8-481f-8f4f-02b1e8e1c309.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\63a18c39-b33f-4298-bc5c-424b2b302ae6.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\649611f1-80fe-41db-84a0-2c66ecc6bc15.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\7653c42d-eba3-4069-b581-0990fa99d41a.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\7bf239b1-6a9c-4dcf-8f4d-3cf7a2f93ed1.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\a37ef087-cfd9-44fd-a8a8-a26e0d078f36.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\a4146cc0-9993-4936-ad5f-ad8f6d715f29.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5508_129821265\02804d24-6ede-4d0f-ae8d-b7ee22a24932.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5508_129821265\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5508_48891769\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5508_48891769\a4146cc0-9993-4936-ad5f-ad8f6d715f29.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 07:14:28 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 07:14:28 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 07:14:28 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 07:14:28 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Mar 5 07:14:28 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 481
ASCII text, with very long lines (842)
downloaded
Chrome Cache Entry: 482
ASCII text
downloaded
Chrome Cache Entry: 483
ASCII text, with very long lines (1437)
downloaded
Chrome Cache Entry: 484
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 485
ASCII text, with very long lines (2412)
downloaded
Chrome Cache Entry: 486
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 487
ASCII text, with very long lines (5162), with no line terminators
downloaded
There are 206 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\q3na5Mc.exe
"C:\Users\user\Desktop\q3na5Mc.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2128,i,10062375995080605630,17335473394292795222,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2168,i,979304615989707383,5940876946649329924,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1992,i,14075413496128955347,14211455807137193995,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6952 --field-trial-handle=1992,i,14075413496128955347,14211455807137193995,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7112 --field-trial-handle=1992,i,14075413496128955347,14211455807137193995,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1528,i,5577874075167477756,16733753555390949207,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2584 --field-trial-handle=2260,i,14492942354235819292,11724797676707326256,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1772,i,9291681872558238668,16876093037937104852,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5340 --field-trial-handle=1772,i,9291681872558238668,16876093037937104852,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5492 --field-trial-handle=1772,i,9291681872558238668,16876093037937104852,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6200 --field-trial-handle=1772,i,9291681872558238668,16876093037937104852,262144 /prefetch:8
malicious
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
unknown
http://anglebug.com/4633
unknown
https://anglebug.com/7382
unknown
https://pr-bh.ybp.yahoo.com/sync/msn?gdpr=0&gdpr_consent=
54.90.196.87
https://deff.nelreports.net/api/report?cat=msn
23.219.161.152
https://ntp.msn.cn/edge/ntp
unknown
http://polymer.github.io/AUTHORS.txt
unknown
https://docs.google.com/
unknown
https://docs.google.com/presentation/u/0/create?usp=chrome_actionsRun
unknown
http://unisolated.invalid/
unknown
https://photos.google.com?referrer=CHROME_NTP
unknown
https://chrome.google.com/webstore?hl=en3%
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
204.79.197.203
https://drive.google.com/?lfhs=2ation.Result
unknown
https://ogs.google.com/widget/callout?eom=1
unknown
http://anglebug.com/6929
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741162488225&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true
20.42.73.26
https://docs.googl0
unknown
https://eb2.3lift.com/mapuid?suid=21FF05F070C66AE911FE105671C16B7A&sid=16&gdpr=0&gdpr_consent=
52.223.22.214
https://anglebug.com/7246
unknown
https://anglebug.com/7369
unknown
https://anglebug.com/7489
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true
204.79.197.203
https://drive-daily-2.corp.google.com/
unknown
http://polymer.github.io/PATENTS.txt
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://issuetracker.google.com/161903006
unknown
https://www.ecosia.org/newtab/
unknown
https://drive-daily-5.corp.google.com/
unknown
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
unknown
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
95.101.54.115
https://permanently-removed.invalid/v1/issuetoken
unknown
https://cm.mgid.com/m?cdsp=516415&c=21FF05F070C66AE911FE105671C16B7A&mode=inverse&msn_src=ntp&&gdpr=0&gdpr_consent=
104.17.201.65
https://assets.msn.com/bundles/v1/edgeChromium/latest/common.b7874e20c4dce549f270.js
95.101.182.131
https://assets.msn.com/statics/icons/favicon_newtabpage.png
95.101.182.131
http://anglebug.com/4722
unknown
https://m.google.com/devicemanagement/data/api
unknown
https://permanently-removed.invalid/reauth/v1beta/users/
unknown
https://docs.google.com/presentation/u/0/create?usp=chrome_actions
unknown
https://permanently-removed.invalid/LogoutYxAB
unknown
https://drive-daily-4.c
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
https://srtb.msn.cn/
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://assets.msn.cn/resolver/
unknown
https://browser.events.data.msn.com/
unknown
https://permanently-removed.invalid/RotateBoundCookies
unknown
https://docs.google.com/document/dogl
unknown
http://anglebug.com/3502
unknown
http://anglebug.com/3623
unknown
http://anglebug.com/3625
unknown
http://anglebug.com/3624
unknown
http://anglebug.com/58814
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
http://anglebug.com/3862
unknown
https://ntp.msn.com/edge/ntp
unknown
https://chrome.google.com/webstoreLDDiscover
unknown
http://anglebug.com/4836
unknown
https://issuetracker.google.com/issues/166475273
unknown
https://ch.search.yahoo.com/favicon.ico
unknown
https://ntp.msn.com
unknown
https://m.adnxs.com/seg?add=5159620&redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D483%26code%3D21FF05F070C66AE911FE105671C16B7A%26gdpr%3D0%26gdpr_consent%3D
68.67.181.103
https://sb.scorecardresearch.com/b2?rn=1741162488227&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1C1B0EDD8CD26F20084B1B7B8DB06EB2&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
108.139.47.92
https://code.yengo.com/sync?ssp=msn&id=21FF05F070C66AE911FE105671C16B7A&gdpr=0&gdpr_consent=
172.241.51.68
http://anglebug.com/3970
unknown
https://apis.google.com
unknown
https://support.mozilla.org/products/firefoxgro.all
unknown
http://polymer.github.io/CONTRIBUTORS.txt
unknown
https://labs.google.com/search?source=ntp
unknown
https://google-ohttp-relay-query.fastly-edge.com/2P
unknown
https://steamcommunity.com/profiles/76561199829660832ir7amMozilla/5.0
unknown
https://mail.google.com/mail/?tab
unknown
https://drive-daily-5.corp.go
unknown
http://anglebug.com/5901
unknown
http://anglebug.com/3965
unknown
https://anglebug.com/7161
unknown
https://anglebug.com/7162
unknown
https://docs.google.com/spreadsheets/pH
unknown
https://srtb.msn.com/notify/served?rid=5891a8e8ceb946fc96950bf1fc6cc169&r=infopane&i=15&p=edgechrntp&l=en-us&d=bing&b=Edg&a=5a9340ee-5b1e-4d1e-9730-8bdaa5ab3e5d&ii=1&c=10866167850402640464&bid=47f0b698-0158-4175-bfdd-70edaca2b7aa&tid=edgechrntp-infopane-15&ptid=edgechrntp-peekinfopane-3&t=type.msft-content-card&dec=1-1
204.79.197.203
http://anglebug.com/5430Y
unknown
http://anglebug.com/5906
unknown
http://anglebug.com/2517
unknown
https://permanently-removed.invalid/MergeSession
unknown
http://anglebug.com/4937
unknown
https://issuetracker.google.com/166809097
unknown
https://lens.google.com/v3/upload
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.184.228
http://anglebug.com/3832
unknown
https://www.google.comAccess-Control-Allow-Credentials:
unknown
https://drive-daily-0.corp.google.com/
unknown
https://permanently-removed.invalid/Logout
unknown
https://docs.google.com/presentation/ogl:
unknown
https://lens.google.com/upload
unknown
https://docs.google.com/document/?usp=installed_webapp
unknown
https://anglebug.com/7320o
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes
unknown
http://anglebug.com/6651
unknown
https://c.msn.com/
unknown
https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918=
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
su.t.goldenloafuae.com
95.217.27.252
 malicious
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
142.250.186.46
a416.dscd.akamai.net
95.101.54.115
t.me
149.154.167.99
a-0003.a-msedge.net
204.79.197.203
c-msn-pme.trafficmanager.net
13.74.129.1
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
ax-0001.ax-msedge.net
150.171.28.10
bg.microsoft.map.fastly.net
199.232.210.172
play.google.com
142.250.185.78
sb.scorecardresearch.com
18.244.18.27
www.google.com
142.250.184.228
onedscolprdwus23.westus.cloudapp.azure.com
20.189.173.24
e28578.d.akamaiedge.net
95.101.182.131
googlehosted.l.googleusercontent.com
216.58.212.129
assets.msn.com
unknown
c.msn.com
unknown
srtb.msn.com
unknown
ntp.msn.com
unknown
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
apis.google.com
unknown
api.msn.com
unknown
browser.events.data.msn.com
unknown
There are 15 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.5
unknown
unknown
malicious
95.217.27.252
su.t.goldenloafuae.com
Germany
malicious
95.101.182.131
e28578.d.akamaiedge.net
European Union
23.199.48.23
unknown
United States
104.126.116.98
unknown
United States
23.219.161.132
unknown
United States
162.159.61.3
chrome.cloudflare-dns.com
United States
108.139.47.92
unknown
United States
68.67.161.182
unknown
United States
104.17.201.65
unknown
United States
142.250.184.228
www.google.com
United States
54.90.196.87
unknown
United States
95.101.54.115
a416.dscd.akamai.net
European Union
35.213.89.133
unknown
United States
18.244.18.38
unknown
United States
13.107.42.14
unknown
United States
23.43.85.34
unknown
United States
20.33.104.140
unknown
United States
239.255.255.250
unknown
Reserved
104.117.182.59
unknown
United States
127.0.0.1
unknown
unknown
142.250.186.46
plus.l.google.com
United States
2.22.242.105
unknown
European Union
68.67.181.103
unknown
United States
23.219.161.152
unknown
United States
18.244.18.27
sb.scorecardresearch.com
United States
216.58.212.129
googlehosted.l.googleusercontent.com
United States
149.154.167.99
t.me
United Kingdom
142.251.40.225
unknown
United States
20.189.173.17
unknown
United States
35.212.18.61
unknown
United States
13.74.129.1
c-msn-pme.trafficmanager.net
United States
20.42.73.26
unknown
United States
204.79.197.219
unknown
United States
35.208.249.213
unknown
United States
172.64.41.3
unknown
United States
23.44.201.42
unknown
United States
95.101.182.41
unknown
European Union
52.231.230.148
unknown
United States
64.202.112.127
unknown
United States
20.189.173.24
onedscolprdwus23.westus.cloudapp.azure.com
United States
52.223.22.214
unknown
United States
151.101.129.44
unknown
United States
23.43.85.16
unknown
United States
172.241.51.68
unknown
Netherlands
204.79.197.203
a-0003.a-msedge.net
United States
There are 36 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197736
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197736
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197736
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\1507876
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\1507876
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\1507876
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
There are 113 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
A62000
heap
page read and write
 malicious
A62000
heap
page read and write
 malicious
A62000
heap
page read and write
 malicious
1A7400250000
direct allocation
page read and write
3AB000154000
trusted library allocation
page read and write
4341000
heap
page read and write
1FE8AAF5000
heap
page read and write
59D0000
heap
page read and write
5C8B000
heap
page read and write
18D400960000
trusted library allocation
page read and write
568E1FE000
unkown
page readonly
BE0000
trusted library allocation
page read and write
3AB000228000
trusted library allocation
page read and write
1D9400425000
trusted library allocation
page read and write
174379B0000
heap
page read and write
217EC1A0000
heap
page read and write
20629FE000
unkown
page readonly
1FE8AA65000
heap
page read and write
59D0000
heap
page read and write
24FC0024C000
trusted library allocation
page read and write
217EC313000
heap
page read and write
217EC360000
heap
page read and write
174343B0000
trusted library allocation
page read and write
3AB000390000
trusted library allocation
page read and write
3AB0004C4000
trusted library allocation
page read and write
20621FE000
stack
page read and write
18FC002B4000
trusted library allocation
page read and write
1D94001CC000
trusted library allocation
page read and write
34C400418000
trusted library allocation
page read and write
18D4006E0000
trusted library allocation
page read and write
3AB000BA0000
trusted library allocation
page read and write
6CB000
unkown
page execute and read and write
5983000
heap
page read and write
56949FD000
stack
page read and write
331400358000
trusted library allocation
page read and write
1D9400044000
trusted library allocation
page read and write
1A7400284000
direct allocation
page read and write
3AB000194000
trusted library allocation
page read and write
19D000
stack
page read and write
4A10000
direct allocation
page execute and read and write
5C93000
heap
page read and write
34C4002D0000
trusted library allocation
page read and write
5C5E000
heap
page read and write
1060002B8000
trusted library allocation
page read and write
1060002B4000
trusted library allocation
page read and write
3AB00043C000
trusted library allocation
page read and write
1FE8AA5A000
heap
page read and write
6604002B4000
trusted library allocation
page read and write
3AB000D34000
trusted library allocation
page read and write
A40002E4000
direct allocation
page read and write
20651FE000
stack
page read and write
17437F6A000
heap
page read and write
6604003D8000
trusted library allocation
page read and write
66040005C000
trusted library allocation
page read and write
1E98CB0E000
heap
page read and write
66040015C000
trusted library allocation
page read and write
5D51000
heap
page read and write
3AB000D4C000
trusted library allocation
page read and write
3A7E000
stack
page read and write
1D940037C000
trusted library allocation
page read and write
1D940021C000
trusted library allocation
page read and write
3AB00112C000
trusted library allocation
page read and write
24FC00248000
trusted library allocation
page read and write
38FF000
stack
page read and write
3AB00033C000
trusted library allocation
page read and write
174379BA000
heap
page read and write
18D400964000
trusted library allocation
page read and write
56891FE000
unkown
page readonly
660400270000
trusted library allocation
page read and write
24FC00220000
trusted library allocation
page read and write
1D940029C000
trusted library allocation
page read and write
59B4000
heap
page read and write
A40002EC000
direct allocation
page read and write
3AB000F9C000
trusted library allocation
page read and write
73AFBFE000
stack
page read and write
1FE8AAF5000
heap
page read and write
34C400358000
trusted library allocation
page read and write
47D0000
direct allocation
page read and write
1FE8C992000
heap
page read and write
59C7000
heap
page read and write
26000220000
trusted library allocation
page read and write
204A1FE000
stack
page read and write
3AB0011D8000
trusted library allocation
page read and write
5F5C002B4000
trusted library allocation
page read and write
3AB001174000
trusted library allocation
page read and write
5D45000
heap
page read and write
1E98ACD5000
heap
page read and write
792E5FE000
unkown
page readonly
1FE8C93C000
heap
page read and write
59FE000
heap
page read and write
3AB00155C000
trusted library allocation
page read and write
59BC000
heap
page read and write
3AB000304000
trusted library allocation
page read and write
515400230000
trusted library allocation
page read and write
34C400404000
trusted library allocation
page read and write
17437E80000
trusted library section
page read and write
18D40087C000
trusted library allocation
page read and write
3AB0012A8000
trusted library allocation
page read and write
3AB001034000
trusted library allocation
page read and write
660400298000
trusted library allocation
page read and write
5D7F000
heap
page read and write
3AB000F48000
trusted library allocation
page read and write
3AB0014C5000
trusted library allocation
page read and write
331400418000
trusted library allocation
page read and write
5A4F000
heap
page read and write
59F1000
heap
page read and write
3AB000598000
trusted library allocation
page read and write
3AB000E0C000
trusted library allocation
page read and write
738F3F7000
stack
page read and write
5D9A000
heap
page read and write
59F2000
heap
page read and write
24FC001D4000
trusted library allocation
page read and write
40CE000
stack
page read and write
1D940026C000
trusted library allocation
page read and write
738B3FE000
stack
page read and write
59C7000
heap
page read and write
7925DFE000
stack
page read and write
1FE8C96C000
heap
page read and write
3AB000C01000
trusted library allocation
page read and write
3AB000EF8000
trusted library allocation
page read and write
18D400408000
trusted library allocation
page read and write
3AB001450000
trusted library allocation
page read and write
4341000
heap
page read and write
3AB000E20000
trusted library allocation
page read and write
1FE8AB02000
heap
page read and write
59FE000
heap
page read and write
3AB0001DC000
trusted library allocation
page read and write
660400391000
trusted library allocation
page read and write
1D9400220000
trusted library allocation
page read and write
24FC00254000
trusted library allocation
page read and write
3B7F000
stack
page read and write
3AB00176C000
trusted library allocation
page read and write
5D0F000
heap
page read and write
A4E000
heap
page read and write
3314003C4000
trusted library allocation
page read and write
20521FE000
stack
page read and write
3AB000FDC000
trusted library allocation
page read and write
3AB0006EC000
trusted library allocation
page read and write
24FC00218000
trusted library allocation
page read and write
5C7D000
heap
page read and write
3AB001691000
trusted library allocation
page read and write
1D9400324000
trusted library allocation
page read and write
59E0000
heap
page read and write
17437998000
heap
page read and write
4341000
heap
page read and write
59E7000
heap
page read and write
5F5C00278000
trusted library allocation
page read and write
1743C0A3000
trusted library section
page read and write
569C1FE000
unkown
page readonly
BCB000
heap
page read and write
1E98CB12000
heap
page read and write
1A7400215000
direct allocation
page read and write
3AB000EE8000
trusted library allocation
page read and write
59C7000
heap
page read and write
32A800308000
direct allocation
page read and write
17437F03000
heap
page read and write
6BC4000
heap
page read and write
66040034C000
trusted library allocation
page read and write
3314002D8000
trusted library allocation
page read and write
3AB000F68000
trusted library allocation
page read and write
739D3FE000
stack
page read and write
17438150000
trusted library section
page read and write
204E9FE000
unkown
page readonly
3AB000310000
trusted library allocation
page read and write
79305FE000
unkown
page readonly
5D6C000
heap
page read and write
7932DFD000
stack
page read and write
59B4000
heap
page read and write
59D8000
heap
page read and write
1E98AD02000
heap
page read and write
24FC001B8000
trusted library allocation
page read and write
5D9A000
heap
page read and write
3AB000E20000
trusted library allocation
page read and write
59D8000
heap
page read and write
6D8000
unkown
page execute and read and write
6604003B4000
trusted library allocation
page read and write
17437F66000
heap
page read and write
59B5000
heap
page read and write
49C0000
direct allocation
page execute and read and write
4341000
heap
page read and write
59FE000
heap
page read and write
79385FE000
unkown
page readonly
3BBE000
stack
page read and write
5F5C002A8000
trusted library allocation
page read and write
56941FE000
unkown
page readonly
17437FD0000
trusted library section
page read and write
5154002D0000
trusted library allocation
page read and write
3AB00069C000
trusted library allocation
page read and write
3AB000490000
trusted library allocation
page read and write
5D7F000
heap
page read and write
5A30000
heap
page read and write
59E6000
heap
page read and write
73B1BFA000
stack
page read and write
5F5C00264000
trusted library allocation
page read and write
1D9400214000
trusted library allocation
page read and write
5CEC000
heap
page read and write
20581FE000
stack
page read and write
56A21FE000
unkown
page readonly
331400250000
trusted library allocation
page read and write
59F6000
heap
page read and write
6604002A8000
trusted library allocation
page read and write
660400210000
trusted library allocation
page read and write
3AB000E6D000
trusted library allocation
page read and write
3AB0010E4000
trusted library allocation
page read and write
174379AE000
heap
page read and write
217EC2BD000
heap
page read and write
32A8002AC000
direct allocation
page read and write
3AB000FB8000
trusted library allocation
page read and write
24FC00250000
trusted library allocation
page read and write
2DFE000
stack
page read and write
59E0000
heap
page read and write
73903FB000
stack
page read and write
66040024C000
trusted library allocation
page read and write
515400374000
trusted library allocation
page read and write
3AB0014C0000
trusted library allocation
page read and write
56921FE000
unkown
page readonly
5D07000
heap
page read and write
73973FE000
stack
page read and write
BCB000
heap
page read and write
5D06000
heap
page read and write
79255FE000
unkown
page readonly
3AB000B10000
trusted library allocation
page read and write
401000
unkown
page execute and write copy
5A00000
heap
page read and write
18FC00201000
trusted library allocation
page read and write
59C7000
heap
page read and write
1D9400268000
trusted library allocation
page read and write
4341000
heap
page read and write
24FC002CC000
trusted library allocation
page read and write
59F1000
heap
page read and write
24FC00030000
trusted library allocation
page read and write
591E000
heap
page read and write
59D8000
heap
page read and write
4341000
heap
page read and write
1E98AAF0000
heap
page read and write
59BB000
heap
page read and write
106000235000
trusted library allocation
page read and write
2A8400303000
direct allocation
page read and write
534F000
heap
page read and write
3AB000CE8000
trusted library allocation
page read and write
3AB000CC8000
trusted library allocation
page read and write
642C000
heap
page read and write
5A9B000
heap
page read and write
1D9400354000
trusted library allocation
page read and write
5D07000
heap
page read and write
174343F8000
heap
page read and write
3A3F000
stack
page read and write
34C40027C000
trusted library allocation
page read and write
2A8400260000
direct allocation
page read and write
4960000
direct allocation
page execute and read and write
4341000
heap
page read and write
3AB00010C000
trusted library allocation
page read and write
24FC002E4000
trusted library allocation
page read and write
3AB000154000
trusted library allocation
page read and write
3AB00158E000
trusted library allocation
page read and write
217EC2BA000
heap
page read and write
3AB0017CC000
trusted library allocation
page read and write
5C66000
heap
page read and write
204F1FE000
stack
page read and write
1E98CB1B000
heap
page read and write
24FC001AC000
trusted library allocation
page read and write
1D9400310000
trusted library allocation
page read and write
34C40025C000
trusted library allocation
page read and write
17437F45000
heap
page read and write
6604003D8000
trusted library allocation
page read and write
59F0000
heap
page read and write
56911FE000
unkown
page readonly
3AB000F90000
trusted library allocation
page read and write
1FE8A8B0000
heap
page read and write
4330000
direct allocation
page read and write
515400284000
trusted library allocation
page read and write
1E98ACDE000
heap
page read and write
3AB000AFC000
trusted library allocation
page read and write
6B7A000
heap
page read and write
4960000
direct allocation
page execute and read and write
17437F45000
heap
page read and write
4341000
heap
page read and write
3AB001718000
trusted library allocation
page read and write
1E98ACD9000
heap
page read and write
1743799D000
heap
page read and write
3AB0017A8000
trusted library allocation
page read and write
1FE8AABB000
heap
page read and write
59BB000
heap
page read and write
59F6000
heap
page read and write
1060002FC000
trusted library allocation
page read and write
24FC00268000
trusted library allocation
page read and write
3AB00033C000
trusted library allocation
page read and write
2600020C000
trusted library allocation
page read and write
1D9400068000
trusted library allocation
page read and write
3AB00100C000
trusted library allocation
page read and write
217EDFE0000
trusted library allocation
page read and write
1FE8C96C000
heap
page read and write
3AB000920000
trusted library allocation
page read and write
3AB000E20000
trusted library allocation
page read and write
B97000
heap
page read and write
5CF0000
heap
page read and write
515400344000
trusted library allocation
page read and write
4DBE000
stack
page read and write
5B02000
heap
page read and write
2A8400290000
direct allocation
page read and write
24FC003D4000
trusted library allocation
page read and write
1FE8C923000
heap
page read and write
17437ED0000
heap
page read and write
1E98ACA2000
heap
page read and write
18FC002D8000
trusted library allocation
page read and write
3AB000D40000
trusted library allocation
page read and write
4341000
heap
page read and write
18D40079C000
trusted library allocation
page read and write
17437F0E000
heap
page read and write
18D40095C000
trusted library allocation
page read and write
3AB0003A4000
trusted library allocation
page read and write
792DDFE000
stack
page read and write
3AB0003D1000
trusted library allocation
page read and write
1743B820000
trusted library section
page read and write
B20000
heap
page read and write
56829FE000
unkown
page read and write
217EC1D0000
heap
page readonly
59E9000
heap
page read and write
331400390000
trusted library allocation
page read and write
18D4008E8000
trusted library allocation
page read and write
1E98AC7C000
heap
page read and write
5C31000
heap
page read and write
32A800201000
direct allocation
page read and write
6604000C0000
trusted library allocation
page read and write
3AB000C78000
trusted library allocation
page read and write
1D940020C000
trusted library allocation
page read and write
174343E0000
trusted library section
page readonly
3AB000EE4000
trusted library allocation
page read and write
59C7000
heap
page read and write
1A7400230000
direct allocation
page read and write
6604003CC000
trusted library allocation
page read and write
3AB000BD0000
trusted library allocation
page read and write
3AB0002A4000
trusted library allocation
page read and write
7390BFE000
unkown
page readonly
1E98AD2B000
heap
page read and write
3AB0002A4000
trusted library allocation
page read and write
5C7E000
heap
page read and write
5D0F000
heap
page read and write
1D9400120000
trusted library allocation
page read and write
3AB000390000
trusted library allocation
page read and write
59FA000
heap
page read and write
24FC002A0000
trusted library allocation
page read and write
3AB0014B0000
trusted library allocation
page read and write
1D940004B000
trusted library allocation
page read and write
6604002D0000
trusted library allocation
page read and write
5EA9000
heap
page read and write
3AB0004DC000
trusted library allocation
page read and write
3AB000801000
trusted library allocation
page read and write
1E98ACF8000
heap
page read and write
32A800311000
direct allocation
page read and write
34C400374000
trusted library allocation
page read and write
206A9FE000
unkown
page readonly
59E0000
heap
page read and write
331400300000
trusted library allocation
page read and write
5AB7000
heap
page read and write
3AB000DE0000
trusted library allocation
page read and write
491F000
stack
page read and write
515400201000
trusted library allocation
page read and write
6AFA000
heap
page read and write
1E98AC00000
heap
page read and write
59C7000
heap
page read and write
59D0000
heap
page read and write
5CCF000
heap
page read and write
6361000
heap
page read and write
34C40020C000
trusted library allocation
page read and write
24FC00334000
trusted library allocation
page read and write
5CF0000
heap
page read and write
34C400201000
trusted library allocation
page read and write
3AB000EF4000
trusted library allocation
page read and write
174379AA000
heap
page read and write
3AB000C78000
trusted library allocation
page read and write
24FC001A0000
trusted library allocation
page read and write
1D94002D8000
trusted library allocation
page read and write
106000294000
trusted library allocation
page read and write
1E98AD2B000
heap
page read and write
568E9FC000
stack
page read and write
A6F000
heap
page read and write
1E98ACD9000
heap
page read and write
18FC002B4000
trusted library allocation
page read and write
106000278000
trusted library allocation
page read and write
20561FC000
stack
page read and write
1D94000AE000
trusted library allocation
page read and write
18FC00294000
trusted library allocation
page read and write
4341000
heap
page read and write
1E98AC1D000
heap
page read and write
24FC00310000
trusted library allocation
page read and write
3AB000EA0000
trusted library allocation
page read and write
3AB000328000
trusted library allocation
page read and write
18D400424000
trusted library allocation
page read and write
6604003CC000
trusted library allocation
page read and write
1D94003D0000
trusted library allocation
page read and write