IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_94a9958376cb9b9d82c2fdf0596f2ab52c2584_a6fb66b6_32cab553-2fd8-4028-9fae-40f8edef13dc\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B32.tmp.dmp
Mini DuMP crash report, 14 streams, Sat Mar 15 22:03:57 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DC3.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E9F.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\w47qq\c2vsr1
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\w47qq\g4op8g
SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\w47qq\glf379z5p
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\w47qq\h4euai
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 4, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 4
dropped
C:\ProgramData\w47qq\kno8yc26x
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\w47qq\l6890z
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\w47qq\n7glxt
ASCII text, with very long lines (1769), with CRLF line terminators
dropped
C:\ProgramData\w47qq\t0hlny
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\w47qq\wlfk6f
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1acf7aea-b49e-40f6-81c8-5cce0f0bb2fb.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\28c84ebe-8411-4580-b386-4dc674a42436.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3ccc10ef-35da-40c5-9bb7-8633eba6dd8b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4aa8e045-118d-4529-ba6e-981a1c8a4e93.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\582ad12b-5451-48f6-8b58-70a0c3ab7e87.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\719a1c7b-dac3-4756-b1fd-adb99fd0b864.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\73e26be8-d52c-4565-9382-f45fe7e28cbf.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7f4f9fdf-a2ec-4c24-ba49-4bfdfe78ab4b.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\866b686f-7ae7-4c5e-afda-47d0f60ea8ee.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\33a9fb77-deac-4ce6-a30d-4fff9aae0822.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D5F933-1EC8.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D5F934-1FAC.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D5F93E-10F4.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D5F93E-165C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1be0ede2-fa3f-40a5-9dc3-adb0088f6978.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2450143e-36df-4a4a-95ba-acc9fa68a8a9.tmp
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\36e72097-5ec5-4a2b-9cb3-adae3d67860e.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7576e552-90b5-48a7-ae2d-512bd05e9047.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7f0a2abb-8e19-44cd-afe2-31223484c8cc.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8ef69f93-43f7-4732-970c-2b8deb2382a1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\93f690b7-2954-4611-aa13-88c97e1e5038.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9f26e436-cab7-4aca-8a58-c21ee695a2c1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
ASCII text, with very long lines (1597), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0ae1e609-8b9a-4d19-9613-c46beb6e234f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\53ec8dce-f773-41e1-8b5d-8921ed252e7c.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8ed02611-8826-4bb4-bb2d-1a956d8a98f0.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2f63d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF1e942.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF1fa87.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF20006.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a79b6c00-dd98-41ab-a1ae-2c173c02fc5d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b2c87299-ba21-42e7-bb51-d1c73787d759.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c2ff5e8c-f51f-4a1e-bda1-2f118a4d291e.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d95489b8-0955-48cb-87a4-6e8086e9b44d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF22541.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2711f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e67e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF22706.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF24a0f.TMP (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386549825537769
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\069513db-34ca-4106-a107-54c41152639d.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\398171a0-22c6-45a0-b029-f101954b4940.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF1fa97.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF20006.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a49a2999-8431-4ad9-bc7c-4a38081a7d4f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ab78d70f-b4ad-43f0-98aa-f466a3fa1659.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
ASCII text, with very long lines (3951), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b915237f-db45-40d7-b6f7-48de29a25a1f.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1ac19.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1aca6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1d3a6.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1d443.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1d55c.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1fc0e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e67e.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30d5f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new
data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d9428828-23d7-438c-a530-2971d67c64e1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\04c3c623-c668-4174-9f0a-07da3657ba18.tmp
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
dropped
C:\Users\user\AppData\Local\Temp\4581bab3-27fd-4c25-b636-434a9cca70dc.tmp
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\5ae5d838-b513-49b2-b435-0b6c47a40642.tmp
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
dropped
C:\Users\user\AppData\Local\Temp\819a0976-7b40-42c2-b8f2-afc603a47fd2.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\9f48a731-363d-473f-b922-899b1d868aa6.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\bef99c89-29b3-4834-9177-5f219b5cdc42.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\cv_debug.log
JSON data
dropped
C:\Users\user\AppData\Local\Temp\ecab9c28-aa9a-4bcd-bab5-d2458b1c726b.tmp
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_1484013202\9f48a731-363d-473f-b922-899b1d868aa6.tmp
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_1484013202\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_1484013202\CRX_INSTALL\content.js
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_1484013202\CRX_INSTALL\content_new.js
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_1484013202\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\128.png
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\af\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\am\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ar\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\az\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\be\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\bg\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\bn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ca\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\cs\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\cy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\da\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\de\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\el\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\en\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\en_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\en_GB\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\en_US\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\es\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\es_419\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\et\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\eu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\fa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\fi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\fil\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\fr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\fr_CA\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\gl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\gu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\hi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\hr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\hu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\hy\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\id\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\is\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\it\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\iw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ja\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ka\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\kk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\km\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\kn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ko\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\lo\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\lt\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\lv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ml\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\mn\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\mr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ms\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\my\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ne\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\nl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\no\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\pa\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\pl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\pt_BR\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\pt_PT\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ro\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ru\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\si\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\sk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\sl\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\sr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\sv\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\sw\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ta\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\te\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\th\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\tr\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\uk\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\ur\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\vi\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\zh_CN\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\zh_HK\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\zh_TW\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_locales\zu\messages.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\dasherSettingSchema.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\offscreendocument.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\offscreendocument_main.js
ASCII text, with very long lines (4882)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\page_embed_script.js
ASCII text, with very long lines (337)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\CRX_INSTALL\service_worker_bin_prod.js
ASCII text, with very long lines (4884)
dropped
C:\Users\user\AppData\Local\Temp\scoped_dir5724_390175831\bef99c89-29b3-4834-9177-5f219b5cdc42.tmp
Google Chrome extension, version 3
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 441
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 442
ASCII text
downloaded
Chrome Cache Entry: 443
ASCII text, with very long lines (1437)
downloaded
Chrome Cache Entry: 444
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 445
ASCII text, with very long lines (2412)
downloaded
Chrome Cache Entry: 446
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 447
ASCII text, with very long lines (872)
downloaded
There are 275 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2308,i,15293753799897546638,14223410568821553602,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2476 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2064,i,11077271955637265282,249532908686684789,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1576 --field-trial-handle=1916,i,2447333108888660332,14346485730295745683,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2224,i,10611571270307567122,8227078237677590620,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2088,i,11204622022202113914,5734698100804861925,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6892 --field-trial-handle=2088,i,11204622022202113914,5734698100804861925,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7044 --field-trial-handle=2088,i,11204622022202113914,5734698100804861925,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7008 --field-trial-handle=2088,i,11204622022202113914,5734698100804861925,262144 /prefetch:8
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 2776
There are 7 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://duckduckgo.com/chrome_newtab
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1742076232410&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.175
https://duckduckgo.com/ac/?q=
unknown
https://permanently-removed.invalid/oauth2/v2/tokeninfo
unknown
https://ntp.msn.com/0
unknown
https://ntp.msn.com/_default
unknown
http://anglebug.com/4633
unknown
https://anglebug.com/7382
unknown
https://permanently-removed.invalid/v1/events
unknown
https://issuetracker.google.com/284462263
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
https://ntp.msn.cn/edge/ntp
unknown
https://docs.google.com/
unknown
https://www.youtube.com
unknown
https://anglebug.com/7714
unknown
https://www.instagram.com
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
204.79.197.203
http://anglebug.com/6248
unknown
https://ogs.google.com/widget/callout?eom=1
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
unknown
https://outlook.office.com/mail/compose?isExtension=true
unknown
http://anglebug.com/6929
unknown
http://anglebug.com/5281
unknown
https://i.y.qq.com/n2/m/index.html
unknown
https://www.deezer.com/
unknown
https://issuetracker.google.com/255411748
unknown
https://web.telegram.org/
unknown
https://permanently-removed.invalid/oauth2/v4/token
unknown
https://anglebug.com/7246
unknown
https://anglebug.com/7369
unknown
https://anglebug.com/7489
unknown
https://chrome.google.com/webstore
unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true
204.79.197.203
https://cdnjs.cloudflare.com/ajax/libs/mathjax/
unknown
https://drive-daily-2.corp.google.com/
unknown
https://unitedstates1.ss.wd.microsoft.us/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://issuetracker.google.com/161903006
unknown
https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true
204.79.197.203
https://drive-daily-1.corp.google.com/
unknown
https://excel.new?from=EdgeM365Shoreline
unknown
https://drive-daily-5.corp.google.com/
unknown
https://plus.google.com
unknown
https://permanently-removed.invalid/chrome/blank.html
unknown
http://anglebug.com/3078
unknown
http://anglebug.com/7553
unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness
2.22.242.11
http://anglebug.com/5375
unknown
https://permanently-removed.invalid/v1/issuetoken
unknown
http://anglebug.com/5371
unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png
2.22.242.89
http://anglebug.com/4722
unknown
https://permanently-removed.invalid/reauth/v1beta/users/
unknown
https://permanently-removed.invalid/LogoutYxAB
unknown
http://anglebug.com/7556
unknown
https://chromewebstore.google.com/
unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1742076233408&w=0&anoncknm=app_anon&NoResponseBody=true
52.168.117.175
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://drive-preprod.corp.google.com/
unknown
https://srtb.msn.cn/
unknown
https://msn.comXIDv10
unknown
https://chrome.google.com/webstore/
unknown
https://bard.google.com/
unknown
https://assets.msn.cn/resolver/
unknown
https://gemini.google.com/app?q=
unknown
https://browser.events.data.msn.com/
unknown
https://permanently-removed.invalid/RotateBoundCookies
unknown
http://anglebug.com/6692
unknown
https://issuetracker.google.com/258207403
unknown
https://t.me/g_etcontent
149.154.167.99
http://anglebug.com/3502
unknown
http://anglebug.com/3623
unknown
https://www.office.com
unknown
http://anglebug.com/3625
unknown
https://outlook.live.com/mail/0/
unknown
http://anglebug.com/3624
unknown
http://anglebug.com/5007
unknown
http://anglebug.com/3862
unknown
https://ntp.msn.com/edge/ntp
unknown
https://assets.msn.com/resolver/
unknown
https://chrome.google.com/webstoreLDDiscover
unknown
http://anglebug.com/4836
unknown
https://issuetracker.google.com/issues/166475273
unknown
https://tidal.com/
unknown
https://ntp.msn.com
unknown
https://lens.google.com/gen204
unknown
https://steamcommunity.com/profiles/76561199832267488dqu220Mozilla/5.0
unknown
https://msn.com/
unknown
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
unknown
http://anglebug.com/4384
unknown
https://gaana.com/
unknown
https://mail.google.com/mail/?tab=rm&ogbl
unknown
https://outlook.live.com/mail/compose?isExtension=true
unknown
https://sb.scorecardresearch.com/b?rn=1742076230514&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=06898F1A137E61ED2A909AAA12D66026&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
18.164.96.18
http://anglebug.com/3970
unknown
https://policies.google.com/
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
unknown
https://apis.google.com
unknown
https://support.mozilla.org/products/firefoxgro.all
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
142.250.186.132
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
t.p.formaxprime.co.uk
78.47.63.132
 malicious
ax-0003.ax-msedge.net
150.171.27.12
chrome.cloudflare-dns.com
172.64.41.3
plus.l.google.com
216.58.206.78
a416.dscd.akamai.net
2.22.242.11
ax-0002.ax-msedge.net
150.171.28.11
t.me
149.154.167.99
a-0003.a-msedge.net
204.79.197.203
c-msn-pme.trafficmanager.net
13.74.129.1
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
94.245.104.56
pki-goog.l.google.com
142.250.185.163
ax-0001.ax-msedge.net
150.171.27.10
a233.dscd.akamai.net
2.22.242.89
fg.microsoft.map.fastly.net
199.232.210.172
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
84.201.210.23
play.google.com
142.250.185.238
sb.scorecardresearch.com
18.244.18.32
www.google.com
142.250.186.132
googlehosted.l.googleusercontent.com
142.250.185.65
s-part-0032.t-0009.t-msedge.net
13.107.246.60
assets.msn.com
unknown
c.msn.com
unknown
ntp.msn.com
unknown
clients2.googleusercontent.com
unknown
bzib.nelreports.net
unknown
c.pki.goog
unknown
apis.google.com
unknown
api.msn.com
unknown
There are 18 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.7
unknown
unknown
malicious
78.47.63.132
t.p.formaxprime.co.uk
Germany
malicious
52.168.117.175
unknown
United States
2.22.242.11
a416.dscd.akamai.net
European Union
162.159.61.3
unknown
United States
20.110.205.119
unknown
United States
23.44.201.25
unknown
United States
142.250.185.65
googlehosted.l.googleusercontent.com
United States
23.44.201.26
unknown
United States
18.244.18.32
sb.scorecardresearch.com
United States
23.204.152.9
unknown
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
18.164.96.18
unknown
United States
216.58.206.78
plus.l.google.com
United States
149.154.167.99
t.me
United Kingdom
13.74.129.1
c-msn-pme.trafficmanager.net
United States
142.250.186.132
www.google.com
United States
204.79.197.219
unknown
United States
172.64.41.3
chrome.cloudflare-dns.com
United States
2.22.242.89
a233.dscd.akamai.net
European Union
150.171.27.12
ax-0003.ax-msedge.net
United States
23.43.85.19
unknown
United States
204.79.197.203
a-0003.a-msedge.net
United States
There are 14 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseenversion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
freseen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_dse_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
is_startup_page_recommended
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328676
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds
EdgeMUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles\Default
MUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ahokoikenoafgppiblgpenaaaolecifn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bhmhibnbialendcafinliemndanacfaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
bobbggphonhgdonfdibkfipfepfcildj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ceaifoolopnigfpidlheoagpheiplgii
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
cjneempfhkonkkbcmnfdibgobmhbagaj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dabfebgaghanlbehmkmaflipiohdimmc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dcaajljecejllikfgbhjdgeognacjkkp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dgiklkfkllikcanfonkcabmbdfmgleag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
dmbljphlfghcnbohaoffiedmodfmkmol
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ehlmnljdoejdahfjdfobmpfancoibmig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
eijpepilkjkofamihbmjcnihgpbebafj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
enkoeamdnimieoooocohgbdajhhkajko
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fikbjbembnmfhppjfnmfkahdhfohhjmg
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
fjngpfnaikknjdhkckmncgicobbkcnle
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbihlnbpmfkodghomcinpblknjhneknc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gbmoeijgfngecijpcnbooedokgafmmji
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gcinnojdebelpnodghnoicmcdmamjoch
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gecfnmoodchdkebjjffmdcmeghkflpib
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
gekagaaiohabmaknhkbaofhhedhelemf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ghglcnachgghkhbafjogogiggghcpjig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hciemgmhplhpinoohcjpafmncmjapioh
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hloomjjkinpbjldhobfkfdamkmikjmdo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
hmlhageoffiiefnmojcgoagebofoifpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
iglcjdemknebjbklcgkfaebgojjphkec
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ihmafllikibpmigkcoadcmckbfhibefp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jbleckejnaboogigodiafflhkajdmpcl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jdiccldimpdaibmpdkjnbmckianbfold
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jgcbloklkllbkmkbfckchanipicejgah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jlipacegilfgfpgkefbjcncbfcoeecgj
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jmjflgjpcpepeafmmgdpfkogkghcpiha
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
jpfjdekhebcolnfkpicpciaknbgcdcbm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kfihiegbjaloebkmglnjnljoljgkkchm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
khffkadolmfbdgahbabbhipadklfmhgf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kjncpkplfnolibapodobnnjfgmjmiaba
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kkobcodijbdelbnhbfkkfncbeildnpie
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
kmojgmpmopiiagdfbilgognmlegkonbk
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ncbjelpjchkpbikbpkcchkhkblodoama
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkbndigcebkoaejohleckhekfmcecfja
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
nnpnekncnhiglbokoiffmejlimgmgoam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ofefcgjbeghpigppfmkologfjadafddi
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ojmnomejplkgljjhjindfoilnmobmihe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olkdlefmaniacnmgofabnpmomgcpdaip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
olmhchkiafniffcaiciiomfdplnmklak
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
pencekojiebcjhifbkfdncgmmooepclc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
ppnnjfpaneghjbcepgedmlcgmfgkjhah
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_username
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
edge.services.last_account_id
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
lastrun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328676
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328676
WindowTabManagerFileMappingId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
00184012D27EB83F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87}
DeviceTicket
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
ProgramId
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
FileId
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
LowerCaseLongPath
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
LongPathHash
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
Name
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
OriginalFileName
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
Publisher
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
Version
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
BinFileVersion
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
BinaryType
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
ProductName
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
ProductVersion
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
LinkDate
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
BinProductVersion
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
AppxPackageFullName
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
AppxPackageRelativeId
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
Size
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
Language
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
IsOsComponent
\REGISTRY\A\{d99f1090-5759-5d8f-9ce2-8ba94dada90a}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
00184012D27EB83F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
There are 173 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
365AFFE000
unkown
page readonly
9C8004E4000
direct allocation
page read and write
42AC00430000
trusted library allocation
page read and write
226B4356000
heap
page read and write
226B4361000
heap
page read and write
3D2F000
heap
page read and write
23803222000
heap
page read and write
9CC03B7C000
direct allocation
page read and write
50B5000
heap
page read and write
3DC6000
heap
page read and write
319C000
stack
page read and write
F04000
heap
page read and write
391000290000
trusted library allocation
page read and write
78800030C000
trusted library allocation
page read and write
226B23F0000
heap
page read and write
22BC9EF2000
heap
page read and write
2DC03FE000
stack
page read and write
11AE000
stack
page read and write
3D4D000
heap
page read and write
9C800046000
direct allocation
page read and write
9CC02744000
direct allocation
page read and write
3677FFE000
unkown
page readonly
22A000294000
trusted library allocation
page read and write
226B2438000
heap
page read and write
46E000201000
trusted library allocation
page read and write
22A000270000
trusted library allocation
page read and write
5410000C0000
direct allocation
page read and write
6AFC002EC000
direct allocation
page read and write
78800015C000
trusted library allocation
page read and write
226B433F000
heap
page read and write
42AC00368000
trusted library allocation
page read and write
391000424000
trusted library allocation
page read and write
2DA43FF000
stack
page read and write
42F0000
heap
page read and write
4EEB000
heap
page read and write
3BF0000
heap
page read and write
226B252F000
heap
page read and write
42AC00394000
trusted library allocation
page read and write
2DBA3FD000
stack
page read and write
9C8000E5000
direct allocation
page read and write
788000108000
trusted library allocation
page read and write
78E800380000
trusted library allocation
page read and write
78E800054000
trusted library allocation
page read and write
78800017C000
trusted library allocation
page read and write
E87000
heap
page read and write
788000238000
trusted library allocation
page read and write
9CC0242C000
direct allocation
page read and write
22BC9EBA000
heap
page read and write
9CC025E0000
direct allocation
page read and write
22A0002A0000
trusted library allocation
page read and write
9C8005B4000
direct allocation
page read and write
F90000
heap
page read and write
9CC02448000
direct allocation
page read and write
2DAFBFE000
unkown
page readonly
391000250000
trusted library allocation
page read and write
2DACBFE000
unkown
page readonly
9C80047C000
direct allocation
page read and write
7880001F4000
trusted library allocation
page read and write
9CC0276C000
direct allocation
page read and write
9CC035B0000
direct allocation
page read and write
138D000
stack
page read and write
78E80020C000
trusted library allocation
page read and write
226B24A7000
heap
page read and write
5410000B8000
direct allocation
page read and write
5410000B4000
direct allocation
page read and write
3B75000
heap
page read and write
9CC02444000
direct allocation
page read and write
9CC02784000
direct allocation
page read and write
27C00284000
direct allocation
page read and write
36787FD000
stack
page read and write
22A000238000
trusted library allocation
page read and write
9CC02454000
direct allocation
page read and write
9CC03B7C000
direct allocation
page read and write
4958000D4000
direct allocation
page read and write
78E800230000
trusted library allocation
page read and write
42AC00210000
trusted library allocation
page read and write
12AE000
stack
page read and write
9CC02538000
direct allocation
page read and write
46E0002C8000
trusted library allocation
page read and write
4FCB000
heap
page read and write
46E0002B4000
trusted library allocation
page read and write
9C800528000
direct allocation
page read and write
42AC00404000
trusted library allocation
page read and write
9CC0369C000
direct allocation
page read and write
6AFC00234000
direct allocation
page read and write
2DAC3FE000
stack
page read and write
7880002E4000
trusted library allocation
page read and write
78E8002B0000
trusted library allocation
page read and write
3674FFE000
unkown
page readonly
46E0002F0000
trusted library allocation
page read and write
7880002B0000
trusted library allocation
page read and write
36647FC000
stack
page read and write
46E0002A8000
trusted library allocation
page read and write
3910003AC000
trusted library allocation
page read and write
3910003A4000
trusted library allocation
page read and write
22BC9EA9000
heap
page read and write
9CC03EC0000
direct allocation
page read and write
42AC00401000
trusted library allocation
page read and write
9CC03E84000
direct allocation
page read and write
9CC0244C000
direct allocation
page read and write
9C800188000
direct allocation
page read and write
366DFFE000
unkown
page readonly
22BCBD8D000
heap
page read and write
788000290000
trusted library allocation
page read and write
36047FE000
stack
page read and write
22BCBD57000
heap
page read and write
7880000A4000
trusted library allocation
page read and write
3910003B0000
trusted library allocation
page read and write
9CC03B6C000
direct allocation
page read and write
9CC027C4000
direct allocation
page read and write
9CC02580000
direct allocation
page read and write
9C800118000
direct allocation
page read and write
36667FC000
stack
page read and write
22A000210000
trusted library allocation
page read and write
1B853FF000
stack
page read and write
226B41C0000
heap
page read and write
9CC03F94000
direct allocation
page read and write
22BC9EA7000
heap
page read and write
9CC024E8000
direct allocation
page read and write
3C68000
heap
page read and write
4EF5000
heap
page read and write
9CC03538000
direct allocation
page read and write
78E800190000
trusted library allocation
page read and write
22A0002F0000
trusted library allocation
page read and write
391000248000
trusted library allocation
page read and write
49580002C000
direct allocation
page read and write
9C8006B0000
direct allocation
page read and write
9CC02814000
direct allocation
page read and write
3D45000
heap
page read and write
36777FE000
stack
page read and write
23805D78000
heap
page read and write
3B60000
heap
page read and write
36657FE000
stack
page read and write
9CC02430000
direct allocation
page read and write
78E800140000
trusted library allocation
page read and write
13B0000
heap
page read and write
6AFC00270000
direct allocation
page read and write
78E8002C4000
trusted library allocation
page read and write
9C800544000
direct allocation
page read and write
9CC03F40000
direct allocation
page read and write
78E8002D8000
trusted library allocation
page read and write
3D53000
heap
page read and write
42AC00418000
trusted library allocation
page read and write
788000401000
trusted library allocation
page read and write
39100020C000
trusted library allocation
page read and write
27C00210000
direct allocation
page read and write
27C0025C000
direct allocation
page read and write
3DCA000
heap
page read and write
42AC0040C000
trusted library allocation
page read and write
22BC9D60000
heap
page read and write
46E000294000
trusted library allocation
page read and write
344D000
stack
page read and write
226B4361000
heap
page read and write
4FD5000
heap
page read and write
42AC00344000
trusted library allocation
page read and write
23803204000
heap
page read and write
3C93000
heap
page read and write
78E80015C000
trusted library allocation
page read and write
9CC02474000
direct allocation
page read and write
7880000CC000
trusted library allocation
page read and write
9CC034F8000
direct allocation
page read and write
541000098000
direct allocation
page read and write
22BCBD75000
heap
page read and write
23805E26000
heap
page read and write
22BC9C40000
heap
page read and write
46E0002A8000
trusted library allocation
page read and write
78800034C000
trusted library allocation
page read and write
367DFFE000
unkown
page readonly
788000210000
trusted library allocation
page read and write
9C8004B0000
direct allocation
page read and write
3912000
heap
page read and write
541000098000
direct allocation
page read and write
9CC034C4000
direct allocation
page read and write
226B23D0000
heap
page readonly
6AFC00210000
direct allocation
page read and write
9CC027EC000
direct allocation
page read and write
22BCBD4B000
heap
page read and write
788000430000
trusted library allocation
page read and write
226B252F000
heap
page read and write
9CC02334000
direct allocation
page read and write
9CC036E4000
direct allocation
page read and write
3B67000
heap
page read and write
9CC0243C000
direct allocation
page read and write
22A0002B8000
trusted library allocation
page read and write
46E000248000
trusted library allocation
page read and write
3E75000
heap
page read and write
788000398000
trusted library allocation
page read and write
9CC038FC000
direct allocation
page read and write
42AC003C8000
trusted library allocation
page read and write
42AC00248000
trusted library allocation
page read and write
134D000
stack
page read and write
4926000
heap
page read and write
23803216000
heap
page read and write
788000134000
trusted library allocation
page read and write
9CC03F0C000
direct allocation
page read and write
22A000278000
trusted library allocation
page read and write
6AFC00250000
direct allocation
page read and write
3602FFE000
unkown
page readonly
78E8002FC000
trusted library allocation
page read and write
788000201000
trusted library allocation
page read and write
22A0002A8000
trusted library allocation
page read and write
23805E79000
heap
page read and write
3B24000
heap
page read and write
46E000210000
trusted library allocation
page read and write
78E800214000
trusted library allocation
page read and write
22BC9E47000
heap
page read and write
78E8002E4000
trusted library allocation
page read and write
3678FFE000
unkown
page readonly
22BC9EB5000
heap
page read and write
9CC034EC000
direct allocation
page read and write
78E800238000
trusted library allocation
page read and write
27C002E0000
direct allocation
page read and write
42AC00338000
trusted library allocation
page read and write
9CC02440000
direct allocation
page read and write
46E0002B4000
trusted library allocation
page read and write
78E800370000
trusted library allocation
page read and write
78E8000E8000
trusted library allocation
page read and write
9CC02744000
direct allocation
page read and write
78E800302000
trusted library allocation
page read and write
9CC025B4000
direct allocation
page read and write
788000218000
trusted library allocation
page read and write
9CC03368000
direct allocation
page read and write
788000450000
trusted library allocation
page read and write
3F22000
heap
page read and write
386E000
stack
page read and write
226B2502000
heap
page read and write
3D18000
heap
page read and write
22A000274000
trusted library allocation
page read and write
9C8004A0000
direct allocation
page read and write
7880001C4000
trusted library allocation
page read and write
9CC0393C000
direct allocation
page read and write
78800024C000
trusted library allocation
page read and write
42AC00300000
trusted library allocation
page read and write
78E80034C000
trusted library allocation
page read and write
788000190000
trusted library allocation
page read and write
9CC03F28000
direct allocation
page read and write
35DF000
stack
page read and write
46E0002B4000
trusted library allocation
page read and write
2DA63FE000
stack
page read and write
3910002C4000
trusted library allocation
page read and write
788000274000
trusted library allocation
page read and write
3DD1000
heap
page read and write
2DB93FD000
stack
page read and write
9CC03398000
direct allocation
page read and write
6AFC002A8000
direct allocation
page read and write
23809131000
heap
page read and write
42AC003C4000
trusted library allocation
page read and write
46E0002B4000
trusted library allocation
page read and write
7FF7531AB000
unkown
page readonly
238038EF000
heap
page read and write
226B24A8000
heap
page read and write
487C000
heap
page read and write
78E800218000
trusted library allocation
page read and write
226B24E3000
heap
page read and write
B9F000
stack
page read and write
788000244000
trusted library allocation
page read and write
22A000264000
trusted library allocation
page read and write
78E800254000
trusted library allocation
page read and write
22A0002A8000
trusted library allocation
page read and write
391000378000
trusted library allocation
page read and write
9C80052C000
direct allocation
page read and write
22A000288000
trusted library allocation
page read and write
2DB53FE000
stack
page read and write
9CC02488000
direct allocation
page read and write
22A0002A8000
trusted library allocation
page read and write
46E0002FC000
trusted library allocation
page read and write
3675FFE000
unkown
page readonly
22BC9EEC000
heap
page read and write
22BCBD45000
heap
page read and write
9CC036BC000
direct allocation
page read and write
6AFC00244000
direct allocation
page read and write
9C8005A4000
direct allocation
page read and write
226B24CC000
heap
page read and write
27C002C0000
direct allocation
page read and write
2DA3BFE000
unkown
page readonly
46E0002B4000
trusted library allocation
page read and write
6AFC00328000
direct allocation
page read and write
22BC9EC2000
heap
page read and write
9CC03498000
direct allocation
page read and write
78800026C000
trusted library allocation
page read and write
46E0002A8000
trusted library allocation
page read and write
226B24D1000
heap
page read and write
4931000
heap
page read and write
2380321B000
heap
page read and write
23803222000
heap
page read and write
22A0002B4000
trusted library allocation
page read and write
27C00290000
direct allocation
page read and write
3D7E000
heap<