Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

TEDGRQXB.exe

PE32 executable (console) Intel 80386, for MS Windows

initial sample

C:\ProgramData\9h4wb\26fuaa

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\ProgramData\9h4wb\3e3op8qim

SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\9h4wb\7yc2no

SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\9h4wb\8qiekn

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9

dropped

C:\ProgramData\9h4wb\8ymym7

SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5

dropped

C:\ProgramData\9h4wb\jmyu37

SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2

dropped

C:\ProgramData\9h4wb\m79rq1vs0

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\9h4wb\phlfc2

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1

dropped

C:\ProgramData\9h4wb\srq16p

ASCII text, with very long lines (1743), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\04cf934f-43a1-4920-bca3-7be215d55d0e.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1278c174-9ed9-4795-b713-45013a867b78.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\630a5dc1-55ad-46f0-af24-854f9d85dbd3.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\706b18e4-09f8-4a5e-87f8-e3c69f8aa190.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\89f65ad3-5dcd-4ee1-a55e-f4cadea2dde0.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\944acee9-1da9-4d14-9009-c7dc209cde6f.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\99f65b82-5a2f-456e-867c-5b61ab68ee00.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\7647adaa-bf39-4667-8cbe-098123195135.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D0C077-166C.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D0C079-1724.pma

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c3b62b9-f4d9-47a0-9ee1-75700c134aaa.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp

ASCII text, with very long lines (1597), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\66cef836-93f4-47f8-965a-b367599f781c.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6bd505b7-257d-48f9-a440-fcf49bf5d4ab.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\716ccb25-ce9b-4f69-86ad-10c1fa438996.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\85b456ba-9dc5-4f7a-a813-b1c5a705c06a.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9fd375bb-f043-4fd4-8e0c-9ec6429e2f89.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

ASCII text, with very long lines (1597), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0bf4adb5-2749-4c8b-9b76-4bd9144d15a6.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\51e2ff17-2e06-442f-a53a-c5584178553d.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6890fd13-ae10-4928-92e7-ee2b650fbbcd.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\927ec045-9fee-42ba-8bbd-12e8c433db66.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF37f62.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2fc09.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF30fa1.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bfbd64ec-0393-4388-bc2e-e8cd51a39368.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e742f1d4-1759-439c-8aa4-445877a6abce.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34538.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF383a8.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f8d8.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF33692.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

OpenPGP Secret Key

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF38713.TMP (copy)

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386207612803099

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\58c4e4de-e42b-4c61-a272-19564d41a563.tmp

JSON data

modified

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7ded52aa-f952-4197-b337-45ab9a70fbb8.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\849fce4f-0cdb-42a3-a952-05af0ca63bc6.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF37f62.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF30fa1.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c2e0b87a-50ee-4d82-970a-05efe1cf70d8.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f1bfdcf1-9168-477d-85f0-7adf86a9f25d.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 11

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ab9b5941-4b1b-4c2b-ab09-b565fd657d14.tmp

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

ASCII text, with very long lines (3951), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d54a70c9-ac0c-4ff6-b1d8-75a4a2db65e4.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

SQLite Write-Ahead Log, version 3007000

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

ASCII text

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e4b9.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e4f7.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e804.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30e97.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3372e.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f7fd.TMP (copy)

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

raw G3 (Group 3) FAX, byte-padded

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

JSON data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\09c4a00e-5719-4bd2-830d-92c1793fa7e4.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\0acf737c-9f6a-4d32-8ec9-052ff7946f88.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\0e67150d-93ce-4aff-a1dc-c8dc0930ca8f.tmp

very short file (no magic)

dropped

C:\Users\user\AppData\Local\Temp\24d95951-5357-470d-8393-33cef6fbdba6.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\5956e5d8-b2bf-463b-a9da-319506b568a0.tmp

JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3

dropped

C:\Users\user\AppData\Local\Temp\7f5e4730-c216-49d6-9560-c8e9772d171a.tmp

gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902

dropped

C:\Users\user\AppData\Local\Temp\8e7a1141-d783-4c6f-a5c7-65ab1f7b15aa.tmp

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3

dropped

C:\Users\user\AppData\Local\Temp\cv_debug.log

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_1850008060\09c4a00e-5719-4bd2-830d-92c1793fa7e4.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_1850008060\CRX_INSTALL\_metadata\verified_contents.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_1850008060\CRX_INSTALL\content.js

Unicode text, UTF-8 text, with very long lines (8031), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_1850008060\CRX_INSTALL\content_new.js

Unicode text, UTF-8 text, with very long lines (8604), with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_1850008060\CRX_INSTALL\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\24d95951-5357-470d-8393-33cef6fbdba6.tmp

Google Chrome extension, version 3

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\128.png

PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\af\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\am\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ar\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\az\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\be\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\bg\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\bn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ca\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\cs\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\cy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\da\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\de\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\el\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\en\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\en_CA\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\en_GB\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\en_US\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\es\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\es_419\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\et\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\eu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\fa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\fi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\fil\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\fr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\fr_CA\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\gl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\gu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\hi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\hr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\hu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\hy\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\id\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\is\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\it\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\iw\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ja\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ka\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\kk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\km\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\kn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ko\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\lo\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\lt\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\lv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ml\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\mn\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\mr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ms\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\my\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ne\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\nl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\no\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\pa\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\pl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\pt_BR\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\pt_PT\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ro\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ru\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\si\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\sk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\sl\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\sr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\sv\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\sw\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ta\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\te\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\th\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\tr\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\uk\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\ur\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\vi\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\zh_CN\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\zh_HK\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\zh_TW\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_locales\zu\messages.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\_metadata\verified_contents.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\dasherSettingSchema.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\manifest.json

JSON data

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\offscreendocument.html

HTML document, ASCII text

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\offscreendocument_main.js

ASCII text, with very long lines (4882)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\page_embed_script.js

ASCII text, with very long lines (337)

dropped

C:\Users\user\AppData\Local\Temp\scoped_dir5924_378114928\CRX_INSTALL\service_worker_bin_prod.js

ASCII text, with very long lines (4884)

dropped

Chrome Cache Entry: 475

ASCII text

downloaded

Chrome Cache Entry: 476

ASCII text, with very long lines (65531)

downloaded

Chrome Cache Entry: 477

ASCII text, with very long lines (882)

downloaded

There are 257 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\TEDGRQXB.exe

"C:\Users\user\Desktop\TEDGRQXB.exe"

C:\Users\user\Desktop\TEDGRQXB.exe

"C:\Users\user\Desktop\TEDGRQXB.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,2253101441032793717,4721009517651061481,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=268 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,2253101441032793717,4721009517651061481,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2284,i,1465142929615344142,2036732362950933187,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6504 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=4528 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4732 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\9h4wb" & exit

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\timeout.exe

timeout /t 11

There are 6 hidden processes, click here to show them.

URLs

Name

Malicious

https://mail.google.com/mail/?usp=installed_webapp

unknown

https://duckduckgo.com/ac/?q=

unknown

https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing

unknown

https://permanently-removed.invalid/oauth2/v2/tokeninfo

unknown

https://support.google.com/chrome/answer/6098869

unknown

https://ntp.msn.com/0

unknown

https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b

unknown

https://docs.google.com/document/J

unknown

https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone

unknown

https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.

unknown

https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/

unknown

https://deff.nelreports.net/api/report?cat=msn

unknown

https://ntp.msn.cn/edge/ntp

unknown

https://logly.co.jp

unknown

https://support.google.com/chrome?p=desktop_tab_groups

unknown

http://dns-tunnel-check.googlezip.net/connect

unknown

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741734024362&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true

104.208.16.92

https://docs.google.com/

unknown

https://docs.google.com/document/:

unknown

https://mail.google.com/chat/

unknown

https://www.instagram.com

unknown

https://dreammail.jp

unknown

https://jkforum.net

unknown

http://unisolated.invalid/

unknown

https://a-mo.net

unknown

https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl

unknown

https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531

204.79.197.203

https://www.google.com/chrome/tips/

unknown

https://drive.google.com/?lfhs=2

unknown

https://duckduckgo.com/chrome_newtabv209h

unknown

https://ogs.google.com/widget/callout?eom=1

unknown

https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge

unknown

http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)

unknown

https://outlook.office.com/mail/compose?isExtension=true

unknown

https://audienceproject.com

unknown

https://verve.com

unknown

https://i.y.qq.com/n2/m/index.html

unknown

https://www.deezer.com/

unknown

https://www.youtube.com/?feature=ytca

unknown

https://www.google.com/chrome/browser-tools/

unknown

https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonep

unknown

https://csp.withgoogle.com/csp/gws/cdt1rj

unknown

https://docs.google.com/document/u/0/create?usp=chrome_actions

unknown

https://web.telegram.org/

unknown

https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.cb5d86730a0bdbdd55a4.js

23.209.72.39

https://permanently-removed.invalid/oauth2/v4/token

unknown

https://bluems.com

unknown

https://docs.google.com/presentation/

unknown

https://chrome.google.com/webstore

unknown

https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true

204.79.197.203

https://atomex.net

unknown

https://cdnjs.cloudflare.com/ajax/libs/mathjax/

unknown

https://drive-daily-2.corp.google.com/

unknown

https://rubiconproject.com

unknown

https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview

unknown

https://sitescout.com

unknown

https://unitedstates1.ss.wd.microsoft.us/

unknown

https://apex-football.com

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true

204.79.197.203

https://usemax.de

unknown

https://mail.google.com/chat/download?usp=chrome_defaulttor

unknown

https://drive-daily-1.corp.google.com/

unknown

https://excel.new?from=EdgeM365Shoreline

unknown

https://www.youtube.com/

unknown

https://drive-daily-5.corp.google.com/

unknown

https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions

unknown

https://eloan.co.jp

unknown

https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy

unknown

https://docs.google.com/spreadsheets/

unknown

https://postrelease.com

unknown

104.208.16.92

https://permanently-removed.invalid/chrome/blank.html

unknown

https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl

unknown

https://c.msn.com/c.gif?rnd=1741734024364&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=ab55e306178a4260b140085018ad5fe9&activityId=ab55e306178a4260b140085018ad5fe9&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=AAB9671B094F4742986999F2EC91D080&MUID=390BF5B215C66C813DC9E01E14F96DFA

20.110.205.119

https://permanently-removed.invalid/v1/issuetoken

unknown

https://shared-storage-demo-publisher-a.web.app

unknown

https://assets.msn.com/statics/icons/favicon_newtabpage.png

23.209.72.39

https://m.google.com/devicemanagement/data/api

unknown

https://permanently-removed.invalid/reauth/v1beta/users/

unknown

https://docs.google.com/presentation/u/0/create?usp=chrome_actions

unknown

https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.c1f2f2c818c03b7d76c6.js

23.209.72.39

https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref

unknown

https://chromewebstore.google.com/

unknown

https://demand.supply

unknown

https://drive-preprod.corp.google.com/

unknown

https://srtb.msn.cn/

unknown

https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477

unknown

https://nexxen.tech

unknown

104.208.16.92

https://chrome.google.com/webstore/

unknown

104.208.16.92

https://assets.msn.cn/resolver/

unknown

https://clients4.google.com/chrome-sync

unknown

https://gemini.google.com/app?q=

unknown

https://undertone.com

unknown

https://browser.events.data.msn.com/

unknown

https://creative-serving.com

unknown

https://permanently-removed.invalid/RotateBoundCookies

unknown

https://t.me/g_etcontent

149.154.167.99

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

t.formaxprime.co.uk

78.47.63.132

chrome.cloudflare-dns.com

162.159.61.3

a416.dscd.akamai.net

2.22.242.11

t.me

149.154.167.99

a-0003.a-msedge.net

204.79.197.203

www.google.com

142.250.184.196

googlehosted.l.googleusercontent.com

142.250.185.225

clients2.googleusercontent.com

unknown

bzib.nelreports.net

unknown

ntp.msn.com

unknown

IPs

Domain

Country

Malicious

78.47.63.132

t.formaxprime.co.uk

Germany

192.168.2.5

unknown

23.44.201.15

unknown

United States

23.200.0.151

unknown

United States

192.168.2.16

unknown

2.22.242.11

a416.dscd.akamai.net

European Union

23.219.82.97

unknown

United States

149.154.167.99

t.me

United Kingdom

192.168.2.6

unknown

142.250.185.225

googlehosted.l.googleusercontent.com

United States

162.159.61.3

chrome.cloudflare-dns.com

United States

104.208.16.92

unknown

United States

23.209.72.39

unknown

United States

18.164.124.98

unknown

United States

20.110.205.119

unknown

United States

204.79.197.219

unknown

United States

92.123.104.33

unknown

European Union

142.250.184.196

www.google.com

United States

23.219.82.49

unknown

United States

23.219.82.88

unknown

United States

239.255.255.250

unknown

Reserved

127.0.0.1

unknown

204.79.197.203

a-0003.a-msedge.net

United States

There are 13 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB

Left

HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB

Top

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

freseenversion

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

freseen

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults

is_dse_recommended

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults

is_startup_page_recommended

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\917612

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dgiklkfkllikcanfonkcabmbdfmgleag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fikbjbembnmfhppjfnmfkahdhfohhjmg

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

iglcjdemknebjbklcgkfaebgojjphkec

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ihmafllikibpmigkcoadcmckbfhibefp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jdiccldimpdaibmpdkjnbmckianbfold

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ncbjelpjchkpbikbpkcchkhkblodoama

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds

EdgeMUID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default

MUID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahfgeienlihckogmohjhadlkjgocpleb

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ahokoikenoafgppiblgpenaaaolecifn

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bhmhibnbialendcafinliemndanacfaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

bobbggphonhgdonfdibkfipfepfcildj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ceaifoolopnigfpidlheoagpheiplgii

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

cjneempfhkonkkbcmnfdibgobmhbagaj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dabfebgaghanlbehmkmaflipiohdimmc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dcaajljecejllikfgbhjdgeognacjkkp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dgiklkfkllikcanfonkcabmbdfmgleag

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

dmbljphlfghcnbohaoffiedmodfmkmol

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ehlmnljdoejdahfjdfobmpfancoibmig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

eijpepilkjkofamihbmjcnihgpbebafj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

enkoeamdnimieoooocohgbdajhhkajko

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fikbjbembnmfhppjfnmfkahdhfohhjmg

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

fjngpfnaikknjdhkckmncgicobbkcnle

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbihlnbpmfkodghomcinpblknjhneknc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gbmoeijgfngecijpcnbooedokgafmmji

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gecfnmoodchdkebjjffmdcmeghkflpib

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

gekagaaiohabmaknhkbaofhhedhelemf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghbmnnjooekpmoecnnnilnnbdlolhkhi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ghglcnachgghkhbafjogogiggghcpjig

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hciemgmhplhpinoohcjpafmncmjapioh

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hloomjjkinpbjldhobfkfdamkmikjmdo

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

hmlhageoffiiefnmojcgoagebofoifpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

iglcjdemknebjbklcgkfaebgojjphkec

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ihmafllikibpmigkcoadcmckbfhibefp

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jbleckejnaboogigodiafflhkajdmpcl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jdiccldimpdaibmpdkjnbmckianbfold

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jlipacegilfgfpgkefbjcncbfcoeecgj

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jmjflgjpcpepeafmmgdpfkogkghcpiha

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

jpfjdekhebcolnfkpicpciaknbgcdcbm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kfihiegbjaloebkmglnjnljoljgkkchm

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

khffkadolmfbdgahbabbhipadklfmhgf

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kjncpkplfnolibapodobnnjfgmjmiaba

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kkobcodijbdelbnhbfkkfncbeildnpie

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

kmojgmpmopiiagdfbilgognmlegkonbk

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

mhjfbmdgcfjbbpaeojofohoefgiehjai

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ncbjelpjchkpbikbpkcchkhkblodoama

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkbndigcebkoaejohleckhekfmcecfja

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nkeimhogjdpnpccoofpliimaahmaaome

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

nnpnekncnhiglbokoiffmejlimgmgoam

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ofefcgjbeghpigppfmkologfjadafddi

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olkdlefmaniacnmgofabnpmomgcpdaip

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

olmhchkiafniffcaiciiomfdplnmklak

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

pencekojiebcjhifbkfdncgmmooepclc

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings

ppnnjfpaneghjbcepgedmlcgmfgkjhah

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty

StatusCodes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics

user_experience_metrics.stability.exited_cleanly

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

media.cdm.origin_data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.reporting

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

media.storage_id_salt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_startup_urls

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.prompt_wave

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.account_id

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.prompt_seed

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_homepage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.last_username

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

default_search_provider_data.template_url_data

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

safebrowsing.incidents_sent

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

pinned_tabs

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

search_provider_overrides

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

edge.services.last_account_id

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

software_reporter.prompt_version

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

session.startup_urls

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

session.restore_on_startup

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

settings_reset_prompt.last_triggered_for_default_search

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

prefs.preference_reset_time

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

browser.show_home_button

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

homepage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default

homepage_is_newtabpage

HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}

lastrun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\917612

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\917612

WindowTabManagerFileMappingId

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon

state

There are 91 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

1284000

heap

page read and write

1236000

heap

page read and write

1234000

heap

page read and write

1236000

heap

page read and write

127F000

heap

page read and write

E4033BC000

direct allocation

page read and write

54B40048D000

trusted library allocation

page read and write

3C2DFE000

unkown

page readonly

3A3C3FA000

stack

page read and write

E4025E0000

direct allocation

page read and write

E402204000

direct allocation

page read and write

21E8000B8000

direct allocation

page read and write

E402450000

direct allocation

page read and write

10B7000

heap

page read and write

20BC4BC0000

unclassified section

page read and write

16028CC7000

heap

page read and write

E403B8C000

direct allocation

page read and write

47E800260000

direct allocation

page read and write

E4039D0000

direct allocation

page read and write

3A563FC000

stack

page read and write

7C0000C8000

direct allocation

page read and write

54B4002E0000

trusted library allocation

page read and write

20BC2507000

heap

page read and write

41F0000

heap

page read and write

4861000

heap

page read and write

553B000

heap

page read and write

3B3DFE000

unkown

page readonly

E402E01000

direct allocation

page read and write

3A32BFE000

unkown

page readonly

E403610000

direct allocation

page read and write

E402584000

direct allocation

page read and write

E0005C8000

direct allocation

page read and write

5430000

heap

page read and write

E402720000

direct allocation

page read and write

20BBFC28000

heap

page read and write

E4031E0000

direct allocation

page read and write

54B4002B0000

trusted library allocation

page read and write

E403884000

direct allocation

page read and write

E403868000

direct allocation

page read and write

E000610000

direct allocation

page read and write

439B000

heap

page read and write

3A5F3FD000

stack

page read and write

E4040BC000

direct allocation

page read and write

E4024E8000

direct allocation

page read and write

E4023D4000

direct allocation

page read and write

20BC3D30000

unclassified section

page read and write

3B65FE000

stack

page read and write

3A573FC000

stack

page read and write

43DD000

heap

page read and write

41FA000

heap

page read and write

54B4001F8000

trusted library allocation

page read and write

20BC25FD000

heap

page read and write

4D0E000

heap

page read and write

10B7000

heap

page read and write

122F000

heap

page read and write

54B400001000

trusted library allocation

page read and write

20BC25FE000

heap

page read and write

E402384000

direct allocation

page read and write

47280032C000

trusted library allocation

page read and write

E402258000

direct allocation

page read and write

21E8000C0000

direct allocation

page read and write

E403D14000

direct allocation

page read and write

47280031C000

trusted library allocation

page read and write

16028C13000

heap

page read and write

47E8002E0000

direct allocation

page read and write

7DB4002A8000

trusted library allocation

page read and write

E403D54000

direct allocation

page read and write

5466000

heap

page read and write

E000504000

direct allocation

page read and write

7DB400260000

trusted library allocation

page read and write

20BC257E000

heap

page read and write

2F20000

heap

page read and write

54B400280000

trusted library allocation

page read and write

E00047C000

direct allocation

page read and write

472800404000

trusted library allocation

page read and write

E000218000

direct allocation

page read and write

40AD000

heap

page read and write

E0004AC000

direct allocation

page read and write

424C000

heap

page read and write

E4034A8000

direct allocation

page read and write

54B4003D0000

trusted library allocation

page read and write

E403520000

direct allocation

page read and write

E00016D000

direct allocation

page read and write

20BBFE80000

heap

page read and write

7C000048000

direct allocation

page read and write

5371000

heap

page read and write

20BC2477000

unclassified section

page read and write

3BCDFE000

unkown

page readonly

3A43BFE000

unkown

page readonly

20BC02BE000

heap

page read and write

20BC2347000

unclassified section

page read and write

E403E01000

direct allocation

page read and write

3A4EBFE000

unkown

page readonly

20BC25DE000

heap

page read and write

3C65FE000

stack

page read and write

428C000

heap

page read and write

20BC2687000

heap

page read and write

3A4F3FC000

stack

page read and write

E0005C4000

direct allocation

page read and write

E403639000

direct allocation

page read and write

3A4E3FD000

stack

page read and write

54B400140000

trusted library allocation

page read and write

20BC0311000

heap

page read and write

20BC2594000

heap

page read and write

128B000

heap

page read and write

20BBC690000

trusted library allocation

page read and write

E40364C000

direct allocation

page read and write

20BC2687000

heap

page read and write

21E80002C000

direct allocation

page read and write

E0005A8000

direct allocation

page read and write

123A000

heap

page read and write

E403C94000

direct allocation

page read and write

20BC3EC0000

unclassified section

page read and write

20BC4230000

heap

page read and write

E402584000

direct allocation

page read and write

E4024DC000

direct allocation

page read and write

1602AB32000

heap

page read and write

E40304D000

direct allocation

page read and write

54B40016C000

trusted library allocation

page read and write

16028D2B000

heap

page read and write

E000070000

direct allocation

page read and write

E30000

unkown

page readonly

E30000

unkown

page readonly

1602AB4A000

heap

page read and write

20BC25D2000

heap

page read and write

20BC2681000

heap

page read and write

20BC262F000

heap

page read and write

1277000

heap

page read and write

54B400078000

trusted library allocation

page read and write

3B35FE000

stack

page read and write

E403868000

direct allocation

page read and write

20BC2681000

heap

page read and write

ECD000

unkown

page write copy

E402970000

direct allocation

page read and write

20BBC54E000

heap

page read and write

20BC2594000

heap

page read and write

283C000

heap

page read and write

54B40000C000

trusted library allocation

page read and write

E403B4C000

direct allocation

page read and write

E402434000

direct allocation

page read and write

3B01000

heap

page read and write

3C05FE000

stack

page read and write

3A45BFE000

unkown

page readonly

E00055C000

direct allocation

page read and write

20BC3F20000

unclassified section

page read and write

4091000

heap

page read and write

20BC4DE0000

unclassified section

page read and write

3B01000

heap

page read and write

7DB400235000

trusted library allocation

page read and write

7DB4002A0000

trusted library allocation

page read and write

E402778000

direct allocation

page read and write

E403374000

direct allocation

page read and write

E40385C000

direct allocation

page read and write

4DC3000

heap

page read and write

E4035B0000

direct allocation

page read and write

E403401000

direct allocation

page read and write

20BBC460000

heap

page read and write

E40358C000

direct allocation

page read and write

20BC263A000

heap

page read and write

20BC24A0000

heap

page read and write

3A34BFE000

unkown

page readonly

47E800210000

direct allocation

page read and write

1602AB32000

heap

page read and write

3A48BFE000

unkown

page readonly

E40233C000

direct allocation

page read and write

54B4002B0000

trusted library allocation

page read and write

20BBFC14000

heap

page read and write

E4024DC000

direct allocation

page read and write

20BBC574000

heap

page read and write

54B400270000

trusted library allocation

page read and write

20BC2627000

heap

page read and write

20BC2537000

heap

page read and write

E402438000

direct allocation

page read and write

E403388000

direct allocation

page read and write

E402754000

direct allocation

page read and write

54B4003D0000

trusted library allocation

page read and write

4390000

heap

page read and write

54B40028C000

trusted library allocation

page read and write

4079000

heap

page read and write

E000164000

direct allocation

page read and write

54B400030000

trusted library allocation

page read and write

54B400264000

trusted library allocation

page read and write

54B40029C000

trusted library allocation

page read and write

16028D58000

heap

page read and write

47280025C000

trusted library allocation

page read and write

20BBFC29000

heap

page read and write

E000144000

direct allocation

page read and write

E403B58000

direct allocation

page read and write

3A433FE000

stack

page read and write

E4024CC000

direct allocation

page read and write

4070000

heap

page read and write

E403AB8000

direct allocation

page read and write

1602AB92000

heap

page read and write

102F000

stack

page read and write

E40353C000

direct allocation

page read and write

20BC25FD000

heap

page read and write

C0F000

stack

page read and write

E403964000

direct allocation

page read and write

7C000044000

direct allocation

page read and write

54B400390000

trusted library allocation

page read and write

E402AD4000

direct allocation

page read and write

406C000

heap

page read and write

E4038EC000

direct allocation

page read and write

E402500000

direct allocation

page read and write

7DB4002B4000

trusted library allocation

page read and write

20BC24A2000

heap

page read and write

E40269E000

direct allocation

page read and write

4285000

heap

page read and write

1602AB0D000

heap

page read and write

101C000

stack

page read and write

E000004000

direct allocation

page read and write

7C000018000

direct allocation

page read and write

20BC02B9000

heap

page read and write

1602AB32000

heap

page read and write

E4022FB000

direct allocation

page read and write

54B400300000

trusted library allocation

page read and write

E4023AC000

direct allocation

page read and write

16028C7C000

heap

page read and write

E403C01000

direct allocation

page read and write

20BC0230000

heap

page read and write

4232000

heap

page read and write

E4034F8000

direct allocation

page read and write

7DB400220000

trusted library allocation

page read and write

21E80008C000

direct allocation

page read and write

E000478000

direct allocation

page read and write

20BC24D5000

heap

page read and write

47E8002D8000

direct allocation

page read and write

47280032C000

trusted library allocation

page read and write

4072000

heap

page read and write

3C85FE000

stack

page read and write

E40309C000

direct allocation

page read and write

E402638000

direct allocation

page read and write

E404080000

direct allocation

page read and write

E40327C000

direct allocation

page read and write

3C00000

trusted library allocation

page read and write

20BC2577000

heap

page read and write

47E800294000

direct allocation

page read and write

47E8002EC000

direct allocation

page read and write

4683000

heap

page read and write

E40241C000

direct allocation

page read and write

E402CD0000

direct allocation

page read and write

20BC2681000

heap

page read and write

3A4DBFE000

unkown

page readonly

E402401000

direct allocation

page read and write

249D000

stack

page read and write

20BC4DF1000

unclassified section

page read and write

21E8000A8000

direct allocation

page read and write

1602AA02000

heap

page read and write

54B40026C000

trusted library allocation

page read and write

16028CA2000

heap

page read and write

47E8002D0000

direct allocation

page read and write

E402EBC000

direct allocation

page read and write

E403C84000

direct allocation

page read and write

20BC2687000

heap

page read and write

E00059C000

direct allocation

page read and write

E000204000

direct allocation

page read and write

54B400110000

trusted library allocation

page read and write

EC8000

unkown

page readonly

E4022C4000

direct allocation

page read and write

20BC4441000

unclassified section

page read and write

4728002A4000

trusted library allocation

page read and write

E402580000

direct allocation

page read and write

13C0000

trusted library allocation

page read and write

E403794000

direct allocation

page read and write

E402404000

direct allocation

page read and write

54B40040D000

trusted library allocation

page read and write

16028CE3000

heap

page read and write

3C15FE000

stack

page read and write

E403641000

direct allocation

page read and write

3FF4000

heap

page read and write

3A25F3000

stack

page read and write

16028AF0000

heap

page read and write

2D02000

heap

page read and write

3B55FE000

stack

page read and write

20BC46E7000

unclassified section

page read and write

20BC2130000

unclassified section

page read and write

7DB400250000

trusted library allocation

page read and write

E404088000

direct allocation

page read and write

472800284000

trusted library allocation

page read and write

20BC3E61000

unclassified section

page read and write

16028BF0000

heap

page readonly

E403C2C000

direct allocation

page read and write

21E800054000

direct allocation

page read and write

E40338B000

direct allocation

page read and write

E403668000

direct allocation

page read and write

3A40BFE000

unkown

page readonly

21E800080000

direct allocation

page read and write

E40359C000

direct allocation

page read and write

20BC3F31000

unclassified section

page read and write

3A613FD000

stack

page read and write

7C000104000

direct allocation

page read and write

20BC3D60000

unclassified section

page read and write

4252000

heap

page read and write

20BC2549000

heap

page read and write

21E800001000

direct allocation

page read and write

7DB4002D8000

trusted library allocation

page read and write

E402C28000

direct allocation

page read and write

3BADFE000

unkown

page readonly

4CA1000

heap

page read and write

54B400020000

trusted library allocation

page read and write

E402757000

direct allocation

page read and write

10A0000

heap

page read and write

20BBC490000

heap

page read and write

3A393FB000

stack

page read and write

54B400298000

trusted library allocation

page read and write

54B4002A4000

trusted library allocation

page read and write

E4027C8000

direct allocation

page read and write

54B400464000

trusted library allocation

page read and write

E000158000

direct allocation

page read and write

21E8000E8000

direct allocation

page read and write

E402D4C000

direct allocation

page read and write

20BC25D7000

heap

page read and write

7DB4002C8000

trusted library allocation

page read and write

E30000

unkown

page readonly

E00056C000

direct allocation

page read and write

425C000

heap

page read and write

4330000

heap

page read and write

E40233C000

direct allocation

page read and write

7C000008000

direct allocation

page read and write

7DB4002B4000

trusted library allocation

page read and write

E403330000

direct allocation

page read and write

E403478000

direct allocation

page read and write

20BBC4B0000

heap

page readonly

20BC41AD000

unclassified section

page read and write

E000474000

direct allocation

page read and write

21E800068000

direct allocation

page read and write

16028CC7000

heap

page read and write

E000548000

direct allocation

page read and write

7C00000F000

direct allocation

page read and write

E402E8C000

direct allocation

page read and write

4E38000

heap

page read and write

20BC257B000

heap

page read and write

43A3000

heap

page read and write

54B400401000

trusted library allocation

page read and write

20BBC7E5000

heap

page read and write

54B400234000

trusted library allocation

page read and write

E403480000

direct allocation

page read and write

13F0000

heap

page read and write

E402BE4000

direct allocation

page read and write

E404277000

direct allocation

page read and write

E40236C000

direct allocation

page read and write

159E000

stack

page read and write

47E8002D0000

direct allocation

page read and write

E4033C8000

direct allocation

page read and write

E402C54000

direct allocation

page read and write

20BC0311000

heap

page read and write

54B400230000

trusted library allocation

page read and write

20BC0260000

heap

page read and write

20BBFC16000

heap

page read and write

20BC25FD000

heap

page read and write

E402788000

direct allocation

page read and write

54B4003AC000

trusted library allocation

page read and write

20BC2594000

heap

page read and write

472800308000

trusted library allocation

page read and write

47E800303000

direct allocation

page read and write

E403100000

direct allocation

page read and write

20BC5B51000

heap

page read and write

54B40036C000

trusted library allocation

page read and write

E0000C7000

direct allocation

page read and write

4214000

heap

page read and write

472800220000

trusted library allocation

page read and write

20BC2550000

heap

page read and write

E4030D4000

direct allocation

page read and write

21E8000A8000

direct allocation

page read and write

E4026FC000

direct allocation

page read and write

E4025C0000

direct allocation

page read and write

1602A910000

heap

page read and write

3B01000

heap

page read and write

E402A5C000

direct allocation

page read and write

20BBFC1E000

heap

page read and write

E403778000

direct allocation

page read and write

20BC0248000

heap

page read and write

3A5E3FA000

stack

page read and write

48F9000

heap

page read and write

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
TEDGRQXB.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportTEDGRQXB.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
TEDGRQXB.exe