IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_cf523d28dc351ffd98f29ee515c1ecafe2b03749_96b02dad_d18ad6dd-32f4-4572-809b-9d980adcf318\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF266.tmp.dmp
Mini DuMP crash report, 15 streams, Fri Mar 7 19:09:30 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF332.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF391.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\ymg4o\2n79hd
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\ymg4o\37gd2d
SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\ymg4o\47gdjwt00
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\ymg4o\gv3w4e37y
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\ymg4o\jm7qq1
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\ymg4o\my58gd
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\ymg4o\x4wbi5
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\ymg4o\xl6pp8
ASCII text, with very long lines (1808), with CRLF line terminators
dropped
C:\ProgramData\ymg4o\zm7gdb
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0e1cba60-a89e-4947-9585-09a7926a93ea.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\238f4f07-e188-4506-8f98-b065a2b084b2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3119a51e-a2ee-43dc-b065-70f9f04cb620.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74fca146-fdf9-4197-92e0-072d80cc9b07.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\0659e346-9a4b-4d5c-bbb9-de16f3a08c23.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CB4499-1F00.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CB4499-1FF8.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\095ef807-14c9-4ee3-8b68-969f0836e1cd.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\235e0c32-d0e5-4e48-a1f0-9e1241ac9c7a.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32d2aa38-8c0f-4353-a368-f1b96898f312.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\33bbe23d-6b16-4242-9819-814f54b4872d.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5110b274-16fd-48d6-882b-9dd8144874ec.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5b389317-cdce-41b3-b49b-09e0e23fa6ef.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\98d935c0-7eed-443b-a20a-dae5e4ce3283.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
OpenPGP Secret Key Version 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2747ec84-c725-4784-a45b-52e453a64703.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\369ea150-2020-4aa6-882e-46a018cfb6f0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7a415bbe-c3e0-40dd-81ba-89500103cbd3.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7ce1878b-f6fc-4b2e-8d86-2ce4baf6ddba.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\91686b1d-aae3-41f6-9f9b-be1c6688b02f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\933d2154-12a9-4684-b42e-076786f63a64.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF37e2a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF27286.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF289f6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f0e17e8b-cc8d-4fa5-964d-9e8822c0e5ce.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2bc32.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2ec4a.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF36dde.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2abe6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
DIY-Thermocam raw data (Lepton 2.x), scale 256-28160, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2955004608512.000000, slope 87351827168571162624.000000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF317af.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13385848220536192
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\30a87269-4604-42c8-a0f1-ea68a8936ac2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\45300311-fd1a-4da9-9171-c0fc9fef0ab2.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6a758a7d-295e-4999-9ebd-65a8734bd78e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF28a06.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ad49acfd-34af-4df0-9fde-4e9900d22d30.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d7e39c84-6505-4a03-8058-c46395591cfb.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dd6547de-bf3d-4cfb-8866-bf327c785e91.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25b74.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25cbc.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2838e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ab78.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ec69.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36dbf.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b6e2d9c1-ba62-4f5a-861b-d1868cb8c77b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\db16df0e-bffc-4e9b-8131-0f90e3d7b543.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e08be776-ee72-42bc-90fc-ab0a4aaa81e7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\4fb27ee0-a29d-48a8-a74e-07c7f719ff4b.tmp
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\8d892071-119b-48bc-b60d-aaaf5afa0330.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\9000842a-875e-4e3b-ba7d-2e761205d0a4.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\99adb395-cafd-4722-ad6f-fae64dbae21a.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\a9f1c016-dfdb-49be-b434-733d09d0a1bc.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\dbec1076-1d6d-464d-9f95-e7f10eab1831.tmp
Google Chrome extension, version 3
modified
C:\Users\user\AppData\Local\Temp\ed0f50e7-0e7e-46e4-a656-46bc14a4bced.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\dbec1076-1d6d-464d-9f95-e7f10eab1831.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (4882)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\page_embed_script.js
ASCII text, with very long lines (337)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (4884)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\ed0f50e7-0e7e-46e4-a656-46bc14a4bced.tmp
Google Chrome extension, version 3
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 426
ASCII text
downloaded
Chrome Cache Entry: 427
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 428
ASCII text, with very long lines (906)
downloaded
There are 263 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2420,i,1879571237387738867,10453943320962855917,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2548 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2312,i,271099577594506018,1403885451667962874,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6852 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceuserer --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6776 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 800
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\ymg4o" & exit
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\timeout.exe
timeout /t 11
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://go.f.goldenloafuae.com/
95.217.27.252
 malicious
https://mail.google.com/mail/?usp=installed_webapp
unknown
https://duckduckgo.com/ac/?q=
unknown
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
unknown
https://permanently-removed.invalid/oauth2/v2/tokeninfo
unknown
https://support.google.com/chrome/answer/6098869
unknown
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
unknown
https://docs.google.com/document/J
unknown
https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
unknown
http://anglebug.com/4633
unknown
https://anglebug.com/7382
unknown
https://issuetracker.google.com/284462263
unknown
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
unknown
https://support.google.com/chrome?p=desktop_tab_groups
unknown
http://dns-tunnel-check.googlezip.net/connect
unknown
https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
unknown
https://docs.google.com/document/:
unknown
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionst
unknown
https://mail.google.com/chat/
unknown
https://go.f.goldenloafuae.com
unknown
https://anglebug.com/7714
unknown
https://www.instagram.com
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
unknown
http://unisolated.invalid/
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
204.79.197.203
https://www.google.com/chrome/tips/
unknown
https://drive.google.com/?lfhs=2
unknown
http://anglebug.com/6248
unknown
https://ogs.google.com/widget/callout?eom=1
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
http://anglebug.com/6929
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
unknown
http://anglebug.com/5281
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://www.youtube.com/?feature=ytca
unknown
https://www.google.com/chrome/browser-tools/
unknown
https://issuetracker.google.com/255411748
unknown
https://docs.google.com/document/u/0/create?usp=chrome_actions
unknown
https://web.telegram.org/
unknown
https://permanently-removed.invalid/oauth2/v4/token
unknown
https://anglebug.com/7246
unknown
https://anglebug.com/7369
unknown
https://anglebug.com/7489
unknown
https://docs.google.com/presentation/
unknown
https://chrome.google.com/webstore
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true
204.79.197.203
https://drive.google.com/drive/installwebapp?usp=chrome_defaultrdler
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://issuetracker.google.com/161903006
unknown
https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true
204.79.197.203
https://excel.new?from=EdgeM365Shoreline
unknown
https://www.youtube.com/
unknown
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
unknown
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
unknown
https://docs.google.com/spreadsheets/
unknown
https://permanently-removed.invalid/chrome/blank.html
unknown
http://anglebug.com/3078
unknown
http://anglebug.com/7553
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
2.22.242.105
http://anglebug.com/5375
unknown
https://permanently-removed.invalid/v1/issuetoken
unknown
https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.867cdfd625d830718faf.js
204.79.197.203
http://anglebug.com/5371
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
92.123.12.148
http://anglebug.com/4722
unknown
https://m.google.com/devicemanagement/data/api
unknown
https://permanently-removed.invalid/reauth/v1beta/users/
unknown
https://t.me/l793oy
149.154.167.99
https://steamcommunity.com/profiles/76561199829660832
https://docs.google.com/presentation/u/0/create?usp=chrome_actions
unknown
https://permanently-removed.invalid/LogoutYxAB
unknown
http://anglebug.com/7556
unknown
https://chromewebstore.google.com/
unknown
https://clients4.google.com/chrome-sync
unknown
https://gemini.google.com/app?q=
unknown
https://permanently-removed.invalid/RotateBoundCookies
unknown
http://anglebug.com/6692
unknown
https://issuetracker.google.com/258207403
unknown
http://anglebug.com/3502
unknown
http://anglebug.com/3623
unknown
https://www.office.com
unknown
http://anglebug.com/3625
unknown
https://outlook.live.com/mail/0/
unknown
http://anglebug.com/3624
unknown
https://docs.google.com/presentation/J
unknown
https://www.youtube.com/s/notifications/manifest/cr_install.htmlr
unknown
http://www.unicode.org/copyright.html
unknown
http://anglebug.com/5007
unknown
https://drive.google.com/drive/installwebapp?usp=chrome_default
unknown
http://anglebug.com/3862
unknown
https://chrome.google.com/webstoreLDDiscover
unknown
http://anglebug.com/4836
unknown
https://issuetracker.google.com/issues/166475273
unknown
https://tidal.com/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
go.f.goldenloafuae.com
95.217.27.252
 malicious
s-part-0012.t-0009.t-msedge.net
13.107.246.40
chrome.cloudflare-dns.com
172.64.41.3
a416.dscd.akamai.net
2.22.242.105
t.me
149.154.167.99
a-0003.a-msedge.net
204.79.197.203
c-msn-pme.trafficmanager.net
13.74.129.1
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
ax-0001.ax-msedge.net
150.171.28.10
sb.scorecardresearch.com
18.244.18.38
www.google.com
172.217.16.196
googlehosted.l.googleusercontent.com
172.217.18.97
e28578.d.akamaiedge.net
92.123.12.148
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
api.msn.com
unknown
There are 9 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
95.217.27.252
go.f.goldenloafuae.com
Germany
malicious
192.168.2.10
unknown
unknown
malicious
23.44.201.19
unknown
United States
2.22.242.105
a416.dscd.akamai.net
European Union
92.123.12.148
e28578.d.akamaiedge.net
European Union
149.154.167.99
t.me
United Kingdom
40.79.150.121
unknown
United States
162.159.61.3
unknown
United States
13.74.129.1
c-msn-pme.trafficmanager.net
United States
172.217.18.97
googlehosted.l.googleusercontent.com
United States
20.110.205.119
unknown
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
23.209.72.8
unknown
United States
23.57.90.166
unknown
United States
18.173.132.94
unknown
United States
18.244.18.38
sb.scorecardresearch.com
United States
104.117.182.33
unknown
United States
239.255.255.250
unknown
Reserved
172.217.16.196
www.google.com
United States
127.0.0.1
unknown
unknown
204.79.197.203
a-0003.a-msedge.net
United States
23.57.90.78
unknown
United States
There are 13 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
ProgramId
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
FileId
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
LowerCaseLongPath
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
LongPathHash
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
Name
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
OriginalFileName
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
Publisher
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
Version
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
BinFileVersion
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
BinaryType
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
ProductName
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
ProductVersion
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
LinkDate
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
BinProductVersion
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
AppxPackageFullName
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
AppxPackageRelativeId
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
Size
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
Language
 malicious
\REGISTRY\A\{04652d6c-f2c3-4701-5dd9-dbbdd475fb52}\Root\InventoryApplicationFile\file.exe|1e0d0082804ed91a
Usn
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
dr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263134
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263134
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263134
WindowTabManagerFileMappingId
There are 114 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
28000098000
direct allocation
page read and write
2128FAD0000
heap
page read and write
28401CB8000
direct allocation
page read and write
795C00288000
trusted library allocation
page read and write
28401E70000
direct allocation
page read and write
2128E327000
unclassified section
page read and write
99A000
heap
page read and write
212909D0000
unclassified section
page read and write
280005E0000
direct allocation
page read and write
2128F9FA000
heap
page read and write
284020E0000
direct allocation
page read and write
2128BBCD000
heap
page read and write
461C00318000
trusted library allocation
page read and write
2128E310000
unclassified section
page read and write
795C00260000
trusted library allocation
page read and write
28000248000
direct allocation
page read and write
795C00250000
trusted library allocation
page read and write
6D5C00244000
direct allocation
page read and write
43F1000
heap
page read and write
5B2000210000
trusted library allocation
page read and write
2128FA16000
heap
page read and write
427000
remote allocation
page execute and read and write
461C0021C000
trusted library allocation
page read and write
2128FA3C000
heap
page read and write
99E000
heap
page read and write
212884D0000
heap
page read and write
21291C6E000
heap
page read and write
795C00210000
trusted library allocation
page read and write
28401A18000
direct allocation
page read and write
A10000D4000
direct allocation
page read and write
2128C225000
heap
page read and write
28400D00000
direct allocation
page read and write
28401E1C000
direct allocation
page read and write
2128E280000
unclassified section
page read and write
280006D0000
direct allocation
page read and write
2128F9D4000
heap
page read and write
2128FF70000
heap
page read and write
122F000
heap
page read and write
2840177C000
direct allocation
page read and write
2D1C000
stack
page read and write
28000720000
direct allocation
page read and write
42BD000
heap
page read and write
2840189C000
direct allocation
page read and write
28402004000
direct allocation
page read and write
21291C62000
heap
page read and write
6D5C0030A000
direct allocation
page read and write
20C73572000
heap
page read and write
2128FAB3000
heap
page read and write
795C00220000
trusted library allocation
page read and write
2128FAB3000
heap
page read and write
28000208000
direct allocation
page read and write
FA0000
heap
page read and write
28400C7C000
direct allocation
page read and write
28000190000
direct allocation
page read and write
A1000068000
direct allocation
page read and write
2128FAD1000
heap
page read and write
5BD39FE000
unkown
page readonly
28401048000
direct allocation
page read and write
28401DE4000
direct allocation
page read and write
28400CE9000
direct allocation
page read and write
2128FA7A000
heap
page read and write
461C0032C000
trusted library allocation
page read and write
28400088000
direct allocation
page read and write
284020D8000
direct allocation
page read and write
CD88FFE000
unkown
page readonly
20C71675000
heap
page read and write
284004F8000
direct allocation
page read and write
28400164000
direct allocation
page read and write
4170000
heap
page read and write
28401288000
direct allocation
page read and write
284018F8000
direct allocation
page read and write
21291C9C000
heap
page read and write
46E000018000
direct allocation
page read and write
418E000
heap
page read and write
2128F9A2000
heap
page read and write
28000604000
direct allocation
page read and write
42ED000
heap
page read and write
28400520000
direct allocation
page read and write
28000004000
direct allocation
page read and write
20C00BD0000
unkown
page read and write
284001C4000
direct allocation
page read and write
212903D7000
unclassified section
page read and write
280007A4000
direct allocation
page read and write
2128C1B7000
heap
page read and write
A100007C000
direct allocation
page read and write
212885E0000
trusted library allocation
page read and write
28402038000
direct allocation
page read and write
2128FB0C000
heap
page read and write
20C71702000
heap
page read and write
28400288000
direct allocation
page read and write
461C000E8000
trusted library allocation
page read and write
461C00020000
trusted library allocation
page read and write
3FCE000
stack
page read and write
280004A4000
direct allocation
page read and write
21290510000
unclassified section
page read and write
28401F24000
direct allocation
page read and write
CDED5FB000
stack
page read and write
5B2000284000
trusted library allocation
page read and write
28000658000
direct allocation
page read and write
461C00254000
trusted library allocation
page read and write
4275000
heap
page read and write
46E000098000
direct allocation
page read and write
28401498000
direct allocation
page read and write
284019AC000
direct allocation
page read and write
28401B48000
direct allocation
page read and write
4105000
heap
page read and write
A1000028000
direct allocation
page read and write
5575000
heap
page read and write
2128FA50000
heap
page read and write
3D75000
heap
page read and write
2128B0B0000
heap
page read and write
28400840000
direct allocation
page read and write
212905B1000
unclassified section
page read and write
937000
trusted library allocation
page execute and read and write
28401E94000
direct allocation
page read and write
5B2000398000
trusted library allocation
page read and write
CD927FC000
stack
page read and write
2128FB10000
heap
page read and write
28402230000
direct allocation
page read and write
20C71560000
heap
page readonly
CDFDDFE000
unkown
page readonly
461C00074000
trusted library allocation
page read and write
4454000
heap
page read and write
4210000
heap
page read and write
2840003C000
direct allocation
page read and write
4B46000
trusted library allocation
page read and write
CD8BFFE000
unkown
page readonly
28000634000
direct allocation
page read and write
28401F10000
direct allocation
page read and write
284008B8000
direct allocation
page read and write
2128FA7A000
heap
page read and write
28401E14000
direct allocation
page read and write
A1000048000
direct allocation
page read and write
28401698000
direct allocation
page read and write
6D5C00217000
direct allocation
page read and write
53D5000
heap
page read and write
21291C21000
heap
page read and write
2128FA6F000
heap
page read and write
284015C8000
direct allocation
page read and write
CDF6DFE000
unkown
page readonly
CD8CFFE000
unkown
page readonly
CDEFDFE000
unkown
page readonly
40A5000
heap
page read and write
28400544000
direct allocation
page read and write
461C00230000
trusted library allocation
page read and write
2128FAD0000
heap
page read and write
20C7169D000
heap
page read and write
28400D30000
direct allocation
page read and write
21288513000
heap
page read and write
2840176C000
direct allocation
page read and write
CDF65FE000
stack
page read and write
477A000
heap
page read and write
28400C8C000
direct allocation
page read and write
28400280000
direct allocation
page read and write
212903F7000
unclassified section
page read and write
2840168C000
direct allocation
page read and write
478C000
heap
page read and write
2800003C000
direct allocation
page read and write
5B2000201000
trusted library allocation
page read and write
2128FA3C000
heap
page read and write
319F000
stack
page read and write
6D5C00274000
direct allocation
page read and write
CC0000
heap
page execute and read and write
28400270000
direct allocation
page read and write
28400F98000
direct allocation
page read and write
28400878000
direct allocation
page read and write
21291C76000
heap
page read and write
CDFE5FB000
stack
page read and write
28000698000
direct allocation
page read and write
5BEE9FE000
unkown
page readonly
795C002B8000
trusted library allocation
page read and write
2128ABB0000
unkown
page read and write
212904A0000
unclassified section
page read and write
2128BBC0000
heap
page read and write
20C73556000
heap
page read and write
429A000
heap
page read and write
20C73413000
heap
page read and write
2128BB90000
heap
page read and write
28400EB8000
direct allocation
page read and write
28401AD8000
direct allocation
page read and write
5BDA1FC000
stack
page read and write
280000C7000
direct allocation
page read and write
795C002A8000
trusted library allocation
page read and write
284009B4000
direct allocation
page read and write
5BDD1FE000
stack
page read and write
5BD29FE000
unkown
page readonly
4986000
heap
page read and write
280004D4000
direct allocation
page read and write
28401724000
direct allocation
page read and write
212909E0000
unclassified section
page read and write
3D39000
heap
page read and write
28401E18000
direct allocation
page read and write
2128F9ED000
heap
page read and write
461C00224000
trusted library allocation
page read and write
2840119C000
direct allocation
page read and write
28400154000
direct allocation
page read and write
4012000
heap
page read and write
20C73528000
heap
page read and write
28402144000
direct allocation
page read and write
2DCE000
stack
page read and write
CD8C7FD000
stack
page read and write
20C716EA000
heap
page read and write
986000
trusted library allocation
page read and write
795C00294000
trusted library allocation
page read and write
284001D0000
direct allocation
page read and write
6D5C002D8000
direct allocation
page read and write
5B2000388000
trusted library allocation
page read and write
28401AC4000
direct allocation
page read and write
2128FA2B000
heap
page read and write
28401804000
direct allocation
page read and write
6D5C002AC000
direct allocation
page read and write
43FC000
heap
page read and write
28401418000
direct allocation
page read and write
212904BD000
unclassified section
page read and write
28401EAC000
direct allocation
page read and write
28400048000
direct allocation
page read and write
461C00220000
trusted library allocation
page read and write
28000574000
direct allocation
page read and write
280004B9000
direct allocation
page read and write
284021A4000
direct allocation
page read and write
2128FA3C000
heap
page read and write
795C00210000
trusted library allocation
page read and write
3C80000
heap
page read and write
461C002D4000
trusted library allocation
page read and write
2128FA13000
heap
page read and write
28400100000
direct allocation
page read and write
20C71659000
heap
page read and write
A1000078000
direct allocation
page read and write
461C00274000
trusted library allocation
page read and write
284021C8000
direct allocation
page read and write
46E00002C000
direct allocation
page read and write
795C002C8000
trusted library allocation
page read and write
795C002E4000
trusted library allocation
page read and write
4456000
heap
page read and write
28402158000
direct allocation
page read and write
461C0024C000
trusted library allocation
page read and write
5B20002A4000
trusted library allocation
page read and write
2128FA43000
heap
page read and write
2128FA3C000
heap
page read and write
9B7000
heap
page read and write
4403000
heap
page read and write
CD8F7FC000
stack
page read and write
481D000
heap
page read and write
28000050000
direct allocation
page read and write
28400308000
direct allocation
page read and write
212884A0000
heap
page read and write
2840161C000
direct allocation
page read and write
29FE000
unkown
page read and write
2128BBB3000
heap
page read and write
28401A68000
direct allocation
page read and write
31FF000
stack
page read and write
53FF000
heap
page read and write
28401680000
direct allocation
page read and write
5BDF1FE000
stack
page read and write
461C000D8000
trusted library allocation
page read and write
461C000AD000
trusted library allocation
page read and write
21291C63000
heap
page read and write
2128FAD0000
heap
page read and write
20C716EA000
heap
page read and write
2128C050000
unclassified section
page read and write
28000088000
direct allocation
page read and write
28400520000
direct allocation
page read and write
20C73562000
heap
page read and write
CDE55ED000
stack
page read and write
4B55000
trusted library allocation
page read and write
CD85FFE000
unkown
page readonly
28401B24000
direct allocation
page read and write
2128F9D3000
heap
page read and write
A10000F7000
direct allocation
page read and write
5BE01FE000
stack
page read and write
280004DC000
direct allocation
page read and write
40B5000
heap
page read and write
6D5C0024C000
direct allocation
page read and write
28400994000
direct allocation
page read and write
21291C21000
heap
page read and write
2128FA43000
heap
page read and write
21291C21000
heap
page read and write
CD857FE000
stack
page read and write
4212000
heap
page read and write
2128FA2C000
heap
page read and write
28401050000
direct allocation
page read and write
2128C1C3000
heap
page read and write
2128FA62000
heap
page read and write
28401679000
direct allocation
page read and write
5BE89FE000
unkown
page readonly
CD877FE000
stack
page read and write
A10000C8000
direct allocation
page read and write
461C00248000
trusted library allocation
page read and write
CD84FFE000
unkown
page readonly
284016B4000
direct allocation
page read and write
28400AB0000
direct allocation
page read and write
28000401000
direct allocation
page read and write
CDE8DFE000
unkown
page readonly
2128C21B000
heap
page read and write
CD89FFE000
unkown
page readonly
212904D1000
unclassified section
page read and write
2128FB0C000
heap
page read and write
B8F000
stack
page read and write
CDFD5FB000
stack
page read and write
28401704000
direct allocation
page read and write