IOC Report
v7942.exe

loading gif

Files

File Path
Type
Category
Malicious
v7942.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
 malicious
:cat (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\ph4eu37qie.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\xlng4w479r.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\zmgdjecba1.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\s9471[1].exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sss81242[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\l9543[1].exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\4TzoHWrzkq4Uuk1w.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\eKQjcS7RNcSarFuG.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\4mfMnLLX\EJNNjjms8tHlPaG5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\BGHJJDGH
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, 1st free page 51, free pages 2, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\ProgramData\IEBAAFCAFCBKFHJJJKKF
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5566.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER55F3.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6690.tmp.dmp
Mini DuMP crash report, 14 streams, Sat Mar 15 12:57:18 2025, 0x1205a4 type
dropped
C:\ProgramData\f3ohl\5fctr1
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\f3ohl\6ppppz
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\f3ohl\8glx4o
SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\f3ohl\j5fk68
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\ProgramData\f3ohl\jw4wb168q
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\f3ohl\kfuaiwtjm
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\f3ohl\lf3ekn
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\ProgramData\f3ohl\lfknyc
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\f3ohl\tjmy5f
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\28da428b-d546-49d7-8103-931bc693dbd8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2d45d068-14e1-48e8-bab6-b7049c31c4e5.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\88bfb3a0-1cd6-4a72-8412-1dc46e4828ab.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8e28f521-0703-407a-9b73-45d21c2e7336.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\977c011e-0359-44a6-9c13-a7f953d11684.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D57901-22CC.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D57902-1360.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D5792F-4498.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\039120e7-a0d9-4158-9bab-87d080348b54.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0b21f0d8-ec09-4cb5-8da6-270886e81a99.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2a056fc0-e73d-4762-bf5f-4c86c4e50eb4.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7e429a73-999f-41dd-91c5-85b14f5006ab.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9fcb4662-556d-4189-862f-1d46afa5a7f0.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\033a06e9-af85-41d3-b48f-7c345b1fcf7c.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\433d6559-f9b6-48b3-ab13-2eaff96c237b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\972ab389-a26f-451e-ae48-9ce09aaeb90e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF26d37.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF27e8c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f680e750-b7c8-49aa-b89c-5130c99d7d34.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fcfc98af-6a34-4f62-953a-31e9d36362ff.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2a907.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e862.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2caf7.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF2d392.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386516997995274
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\027ba15d-0745-4f49-96f2-8924eab11f66.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9039475f-7649-41ce-a203-7cd9e040ba7f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF27e8c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e48a5c10-b69c-4df7-b61a-cccd37e931ad.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\fea7c41e-0438-4255-92eb-b06c2d1e3b2e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a2312c36-f039-40fc-bab2-519a571d7310.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cf7eb033-6898-4a6c-b2e2-4fa8fad5b878.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d5c29b4d-568c-4ef6-a946-3243c7188e40.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25673.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF256d0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25c7e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28320.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2aadc.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3101e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF31f22.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF322ac.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
raw G3 (Group 3) FAX, byte-padded
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a3bc0bc9-83dd-4ad7-b0fa-98e0850c16da.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b152009d-9210-4df1-8d8f-3a384d089a6a.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c9bdd8cf-be78-4eca-a7f6-4f713d0b64d1.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d6bece68-9039-46f3-88fc-5a1ce50a89b8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\1e4046f2-9305-45f0-914c-b2bbbf57a0ae.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\4bc08ede-7c4e-45bf-858a-08423d2ddad8.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\77ff2946-b86f-46b4-8594-58d8c2d5ec67.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\af068602-bd70-4ce8-8a27-471130382d17.tmp
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\bc034515-8d5d-4ff4-9b54-a1a122d319e4.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\fd6631f4-475a-4f36-be7b-cfe8f584b2af.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\77ff2946-b86f-46b4-8594-58d8c2d5ec67.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (4882)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\page_embed_script.js
ASCII text, with very long lines (337)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_217465405\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (4884)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_535082118\4bc08ede-7c4e-45bf-858a-08423d2ddad8.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_535082118\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_535082118\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_535082118\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir4960_535082118\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoogleChrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Hidden, Archive, ctime=Sat Mar 15 11:57:00 2025, mtime=Sat Mar 15 11:57:00 2025, atime=Sat Mar 15 11:57:00 2025, length=257536, window=hide
dropped
Chrome Cache Entry: 552
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 553
ASCII text
downloaded
Chrome Cache Entry: 554
ASCII text, with very long lines (2412)
downloaded
Chrome Cache Entry: 555
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 556
ASCII text, with very long lines (887)
downloaded
There are 267 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\v7942.exe
"C:\Users\user\Desktop\v7942.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2160,i,2848418510720088059,16608843499343941724,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2504 /prefetch:3
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2160,i,2848418510720088059,16608843499343941724,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5244 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=2356,i,4967354887720745287,8533781015737576862,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2440,i,7459557275228332254,17977652345810778728,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6744 --field-trial-handle=2440,i,7459557275228332254,17977652345810778728,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2440,i,7459557275228332254,17977652345810778728,262144 /prefetch:8
malicious
C:\ProgramData\ph4eu37qie.exe
"C:\ProgramData\ph4eu37qie.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
 malicious
C:\ProgramData\zmgdjecba1.exe
"C:\ProgramData\zmgdjecba1.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
 malicious
C:\ProgramData\xlng4w479r.exe
"C:\ProgramData\xlng4w479r.exe"
malicious
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\eKQjcS7RNcSarFuG.exe
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\eKQjcS7RNcSarFuG.exe 0
 malicious
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\4TzoHWrzkq4Uuk1w.exe
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\4TzoHWrzkq4Uuk1w.exe 8788
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\f3ohl" & exit
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,1823826932740669469,7503870437745622031,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2440 /prefetch:3
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2348,i,1823826932740669469,7503870437745622031,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5348 /prefetch:8
malicious
C:\Users\user\AppData\Local\Temp\0Ru0udcQ\eKQjcS7RNcSarFuG.exe
"C:\Users\user\AppData\Local\Temp\0Ru0udcQ\eKQjcS7RNcSarFuG.exe"
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 804
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\timeout.exe
timeout /t 11
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 644
There are 23 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://77.90.153.241/a07daa7aeaf96e14/sqlite3.dll
77.90.153.241
 malicious
https://support.google.com/chrome/answer/6098869
unknown
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
unknown
https://permutive.app
unknown
http://anglebug.com/4633
unknown
https://anglebug.com/7382
unknown
https://docs.google.com/spreadsheets/?usp=installed_webapplidator
unknown
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
unknown
https://www.gstatic.cn/recaptcha/
unknown
https://steamcommunity.com/profiles/76561199822375128/inventory/
unknown
http://dns-tunnel-check.googlezip.net/connect
unknown
https://mail.google.com/chat/
unknown
https://www.youtube.com/s/notifications/manifest/cr_install.htmloot
unknown
http://unisolated.invalid/
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
204.79.197.203
https://ogs.google.com/widget/callout?eom=1
unknown
https://docs.google.com/spreadsheets/?usp=installed_webappefault
unknown
http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
unknown
https://www.youtube.com/s/notifications/manifest/cr_install.htmlndler
unknown
http://anglebug.com/6929
unknown
https://audienceproject.com
unknown
https://anglebug.com/7246
unknown
http://77.90.153.244/sss81242.exe
77.90.153.244
https://anglebug.com/7369
unknown
https://steamcommunity.com/profiles/76561199822375128
23.197.127.21
https://mail.google.com/chat/download?usp=chrome_defaultu
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true
204.79.197.203
https://mail.google.com/chat/download?usp=chrome_defaults
unknown
https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
unknown
https://apex-football.com
unknown
https://issuetracker.google.com/161903006
unknown
https://shinobi.jp
unknown
https://lv.queniujq.cn
unknown
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
unknown
https://eloan.co.jp
unknown
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
unknown
https://postrelease.com
unknown
https://aqfer.com
unknown
https://google-ohttp-relay-query.fastly-edge.com/KAnonymityServiceJoinRelayServer
unknown
http://77.90.153.244/l9543.exeF
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
2.22.242.105
https://permanently-removed.invalid/v1/issuetoken
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1742043407324&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.143.215
https://shared-storage-demo-publisher-a.web.app
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
2.22.242.97
http://anglebug.com/4722
unknown
https://m.google.com/devicemanagement/data/api
unknown
https://permanently-removed.invalid/reauth/v1beta/users/
unknown
https://docs.google.com/presentation/u/0/create?usp=chrome_actions
unknown
https://weborama-tech.ru
unknown
https://checkout.steampowered.com/
unknown
http://77.90.153.241/612acd258782ade8.phpition:
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
https://guntac.bet:443/bSHsyZD
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://nexxen.tech
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1742043406613&w=0&anoncknm=app_anon&NoResponseBody=true
52.182.143.215
https://gemini.google.com/app?q=
unknown
https://creative-serving.com
unknown
https://permanently-removed.invalid/RotateBoundCookies
unknown
https://t.me/g_etcontent
149.154.167.99
http://anglebug.com/3502
unknown
http://anglebug.com/3623
unknown
http://77.90.153.244/l9543.exeLUd
unknown
http://anglebug.com/3625
unknown
http://anglebug.com/3624
unknown
http://www.unicode.org/copyright.html
unknown
https://sb.scorecardresearch.com/b2?rn=1742043403500&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=29535F340DD9650527FA4A840C536462&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.173.219.84
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://chrome.google.com/webstoreLDDiscover
unknown
http://anglebug.com/4836
unknown
https://issuetracker.google.com/issues/166475273
unknown
https://lens.google.com/gen204
unknown
https://steamcommunity.com/profiles/76561199832267488dqu220Mozilla/5.0
unknown
https://taboola.com
unknown
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
unknown
https://broadcast.st.dl.eccdnx.com
unknown
http://anglebug.com/3970
unknown
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
unknown
https://apis.google.com
unknown
https://support.mozilla.org/products/firefoxgro.all
unknown
https://labs.google.com/search?source=ntp
unknown
https://google-ohttp-relay-query.fastly-edge.com/2P
unknown
https://mail.google.com/mail/?tab
unknown
https://semafor.com
unknown
http://77.90.153.241a07daa7aeaf96e14/sqlite3.dllxe
unknown
https://chrome.google.com/webstore/category/extensions
unknown
http://anglebug.com/5901
unknown
http://77.90.153.241ta
unknown
http://www.google.com/update2/response
unknown
https://anglebug.com/7161
unknown
http://anglebug.com/5906
unknown
http://anglebug.com/2517
unknown
https://docs.google.com/spreadsheets/?usp=installed_webappler
unknown
https://permanently-removed.invalid/MergeSession
unknown
https://pinterest.com
unknown
http://anglebug.com/4937
unknown
https://issuetracker.google.com/166809097
unknown
https://guntac.bet/bSHsyZDn
unknown
https://clients2.googleusercontent.com/crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx
216.58.212.161
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
t.p.formaxprime.co.uk
78.47.63.132
 malicious
chrome.cloudflare-dns.com
162.159.61.3
plus.l.google.com
142.250.185.142
a416.dscd.akamai.net
2.22.242.105
ax-0002.ax-msedge.net
150.171.28.11
t.me
149.154.167.99
a-0003.a-msedge.net
204.79.197.203
c-msn-pme.trafficmanager.net
13.74.129.1
ax-0001.ax-msedge.net
150.171.27.10
a233.dscd.akamai.net
2.22.242.97
bg.microsoft.map.fastly.net
199.232.210.172
steamcommunity.com
23.197.127.21
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.35
sb.scorecardresearch.com
18.244.18.32
www.google.com
142.250.186.164
googlehosted.l.googleusercontent.com
216.58.212.161
s-part-0032.t-0009.t-msedge.net
13.107.246.60
assets.msn.com
unknown
citywand.live
unknown
c.msn.com
unknown
weaponrywo.digital
unknown
ntp.msn.com
unknown
bugildbett.top
unknown
crosshairc.life
unknown
mrodularmall.top
unknown
cjlaspcorne.icu
unknown
guntac.bet
unknown
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com
unknown
jowinjoinery.icu
unknown
legenassedk.top
unknown
htardwarehu.icu
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 25 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
78.47.63.132
t.p.formaxprime.co.uk
Germany
malicious
192.168.2.5
unknown
unknown
malicious
77.90.153.241
unknown
Germany
malicious
162.159.61.3
chrome.cloudflare-dns.com
United States
2.22.242.97
a233.dscd.akamai.net
European Union
142.250.185.142
plus.l.google.com
United States
23.197.127.21
steamcommunity.com
United States
20.110.205.119
unknown
United States
23.200.0.10
unknown
United States
18.244.18.32
sb.scorecardresearch.com
United States
23.57.90.142
unknown
United States
239.255.255.250
unknown
Reserved
142.250.185.196
unknown
United States
23.219.82.40
unknown
United States
216.58.212.161
googlehosted.l.googleusercontent.com
United States
127.0.0.1
unknown
unknown
77.90.153.244
unknown
Germany
77.90.153.245
unknown
Germany
2.22.242.105
a416.dscd.akamai.net
European Union
149.154.167.99
t.me
United Kingdom
52.182.143.215
unknown
United States
13.74.129.1
c-msn-pme.trafficmanager.net
United States
204.79.197.219
unknown
United States
18.173.219.84
unknown
United States
172.64.41.3
unknown
United States
142.250.186.164
www.google.com
United States
204.79.197.203
a-0003.a-msedge.net
United States
There are 17 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
GoogleChrome
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263404
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
00180013B9570CBE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263404
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\263404
WindowTabManagerFileMappingId
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
ProgramId
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
FileId
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
LowerCaseLongPath
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
LongPathHash
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
Name
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
OriginalFileName
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
Publisher
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
Version
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
BinFileVersion
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
BinaryType
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
ProductName
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
ProductVersion
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
LinkDate
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
BinProductVersion
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
AppxPackageFullName
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
AppxPackageRelativeId
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
Size
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
Language
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\ekqjcs7rncsarfug|75ae68f2025d71dd
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
ProgramId
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
FileId
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
LowerCaseLongPath
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
LongPathHash
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
Name
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
OriginalFileName
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
Publisher
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
Version
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
BinFileVersion
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
BinaryType
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
ProductName
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
ProductVersion
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
LinkDate
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
BinProductVersion
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
AppxPackageFullName
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
AppxPackageRelativeId
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
Size
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
Language
\REGISTRY\A\{10996947-08e1-1191-4f42-eb99233ad44d}\Root\InventoryApplicationFile\4tzohwrzkq4uuk1w|fde9637cd690ecbf
Usn
There are 172 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1027000
heap
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
23519025000
heap
page read and write
1D004620000
trusted library allocation
page read and write
22A74DA0000
trusted library allocation
page read and write
1D004734000
trusted library allocation
page read and write
22A74F17000
heap
page read and write
E7800188000
direct allocation
page read and write
D42E000
stack
page read and write
627401163000
direct allocation
page read and write
1D000C01000
trusted library allocation
page read and write
DA6F000
stack
page read and write
627401154000
direct allocation
page read and write
36E40040C000
trusted library allocation
page read and write
1474000
heap
page read and write
150EF000
stack
page read and write
4DF000250000
direct allocation
page read and write
627400156000
direct allocation
page read and write
10C6E000
stack
page read and write
11BBF260000
unkown
page readonly
74DC00170000
trusted library allocation
page read and write
6274013EC000
direct allocation
page read and write
62740012C000
direct allocation
page read and write
14827FC000
stack
page read and write
627401D00000
direct allocation
page read and write
270A6E10000
heap
page read and write
F0EF000
stack
page read and write
A4177FE000
unkown
page readonly
F7733FE000
unkown
page readonly
A46F9FA000
stack
page read and write
E7C01380000
direct allocation
page read and write
17A6E000
stack
page read and write
3032000
heap
page read and write
6274018EC000
direct allocation
page read and write
22A74EA6000
heap
page read and write
627401DAC000
direct allocation
page read and write
154EE000
stack
page read and write
5A18002D8000
trusted library allocation
page read and write
E7800588000
direct allocation
page read and write
74DC00190000
trusted library allocation
page read and write
1D004488000
trusted library allocation
page read and write
627401A90000
direct allocation
page read and write
74DC00030000
trusted library allocation
page read and write
A4097FE000
unkown
page readonly
11BC3D50000
unclassified section
page read and write
7B90000F7000
direct allocation
page read and write
11BC25E0000
heap
page read and write
2901000
heap
page read and write
62740038C000
direct allocation
page read and write
700000
unkown
page readonly
627400304000
direct allocation
page read and write
E7C00D84000
direct allocation
page read and write
E7800170000
direct allocation
page read and write
E7800524000
direct allocation
page read and write
2902000
heap
page read and write
E7C00E33000
direct allocation
page read and write
11BBC488000
heap
page read and write
E7C003D8000
direct allocation
page read and write
A6379FE000
stack
page read and write
9710000
heap
page read and write
6274005C0000
direct allocation
page read and write
142A1B60000
heap
page read and write
4DF000274000
direct allocation
page read and write
3110000
heap
page read and write
627401328000
direct allocation
page read and write
E7C017D8000
direct allocation
page read and write
22A74F02000
heap
page read and write
1572F000
stack
page read and write
1206F000
stack
page read and write
3FE800001000
direct allocation
page read and write
74DC0000C000
trusted library allocation
page read and write
1B9EF000
stack
page read and write
1D004640000
trusted library allocation
page read and write
E7C00E44000
direct allocation
page read and write
25742B27000
heap
page read and write
22CBF000
stack
page read and write
25744965000
heap
page read and write
11BC4730000
unclassified section
page read and write
14A0000
heap
page read and write
627400C40000
direct allocation
page read and write
12CAF000
stack
page read and write
E7C015D8000
direct allocation
page read and write
74DC00304000
trusted library allocation
page read and write
F6F000
stack
page read and write
E7C012F4000
direct allocation
page read and write
11BC4BB0000
unclassified section
page read and write
E7C002F0000
direct allocation
page read and write
100E000
heap
page read and write
627400280000
direct allocation
page read and write
E7C00664000
direct allocation
page read and write
23520ED9000
unclassified section
page read and write
18E6F000
stack
page read and write
1F1FE000
stack
page read and write
1A86F000
stack
page read and write
627401548000
direct allocation
page read and write
2407E000
stack
page read and write
1A9AF000
stack
page read and write
62740198C000
direct allocation
page read and write
54AE000
stack
page read and write
74DC00220000
trusted library allocation
page read and write
7FF806E11000
unkown
page execute read
627000170000
direct allocation
page read and write
6274018A0000
direct allocation
page read and write
18A6F000
stack
page read and write
14DDFFE000
unkown
page readonly
3F36000
heap
page read and write
2507F000
stack
page read and write
7B9000110000
direct allocation
page read and write
64A000
remote allocation
page execute and read and write
D6AF000
stack
page read and write
37EE000
stack
page read and write
270A6B80000
heap
page read and write
1306F000
stack
page read and write
4C47000
heap
page read and write
627401AEC000
direct allocation
page read and write
E7C01340000
direct allocation
page read and write
E7C00B30000
direct allocation
page read and write
14DCFFE000
unkown
page readonly
E7C00260000
direct allocation
page read and write
6270001AC000
direct allocation
page read and write
218BF000
stack
page read and write
731000
unkown
page readonly
7B9000104000
direct allocation
page read and write
2363F000
stack
page read and write
4CEF000
stack
page read and write
E7C00BA4000
direct allocation
page read and write
E7C005CC000
direct allocation
page read and write
F754BFE000
stack
page read and write
E56F000
stack
page read and write
1D0045B8000
trusted library allocation
page read and write
2351CC18000
heap
page read and write
4DF000290000
direct allocation
page read and write
11BBCFE2000
unkown
page readonly
1936E000
stack
page read and write
7FF707B10000
unkown
page readonly
20AFF000
stack
page read and write
36E4002B0000
trusted library allocation
page read and write
3F69000
heap
page read and write
1DA3F000
stack
page read and write
B26F7FF000
stack
page read and write
A47E1FE000
unkown
page readonly
23519430000
unkown
page readonly
1D0045CC000
trusted library allocation
page read and write
22A76D66000
heap
page read and write
A6431FE000
unkown
page readonly
3D73000
heap
page read and write
A6399FD000
stack
page read and write
E7C000A6000
direct allocation
page read and write
1119000
heap
page read and write
36E400201000
trusted library allocation
page read and write
A6271FE000
unkown
page readonly
1446F000
stack
page read and write
23520450000
unclassified section
page read and write
4160000
heap
page read and write
100E000
stack
page read and write
1E7FE000
stack
page read and write
6274011F0000
direct allocation
page read and write
62700050C000
direct allocation
page read and write
6274015D8000
direct allocation
page read and write
114E000
stack
page read and write
14BEF000
stack
page read and write
627401004000
direct allocation
page read and write
3F58000
heap
page read and write
62740134C000
direct allocation
page read and write
6274001B0000
direct allocation
page read and write
4FAE000
stack
page read and write
96EF000
stack
page read and write
1D00463C000
trusted library allocation
page read and write
19BEF000
stack
page read and write
F7613FE000
unkown
page readonly
627400401000
direct allocation
page read and write
E7C005C0000
direct allocation
page read and write
8CAF000
stack
page read and write
6F24002C8000
trusted library allocation
page read and write
A62A9FE000
stack
page read and write
36E40027C000
trusted library allocation
page read and write
14D8FFE000
unkown
page readonly
1481FFE000
unkown
page readonly
206FF000
stack
page read and write
F36E000
stack
page read and write
1986E000
stack
page read and write
627401874000
direct allocation
page read and write
BEEE000
stack
page read and write
A6351FE000
unkown
page readonly
74DC00418000
trusted library allocation
page read and write
2351CB89000
heap
page read and write
BD6F000
stack
page read and write
A4037FE000
unkown
page readonly
2351CC21000
heap
page read and write
6B38002B8000
trusted library allocation
page read and write
62740168C000
direct allocation
page read and write
23520200000
unclassified section
page read and write
25742B2B000
heap
page read and write
1D0044D8000
trusted library allocation
page read and write
E7C01324000
direct allocation
page read and write
23520637000
unclassified section
page read and write
E7C0153C000
direct allocation
page read and write
22A74F58000
heap
page read and write
F75ABFE000
stack
page read and write
1474000
heap
page read and write
22A74E76000
heap
page read and write
E7C0024C000
direct allocation
page read and write
333F000
stack
page read and write
23520ED7000
unclassified section
page read and write
701000
unkown
page execute read
4DF000270000
direct allocation
page read and write
3FE8000C8000
direct allocation
page read and write
74DC0020C000
trusted library allocation
page read and write
238FF000
stack
page read and write
22A76D4E000
heap
page read and write
7B900008C000
direct allocation
page read and write
1D00453C000
trusted library allocation
page read and write
1011000
heap
page read and write
23520660000
heap
page read and write
74DC00260000
trusted library allocation
page read and write
E7C0053C000
direct allocation
page read and write
112AF000
stack
page read and write