Analysis Overview
Threat Level: Likely malicious
The file https://steamunlocked.net/ was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Checks installed software on the system
Looks up external IP address via web service
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: LoadsDriver
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 00:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 00:00
Reported
2024-10-20 00:04
Platform
win10v2004-20241007-en
Max time kernel
194s
Max time network
193s
Command Line
Signatures
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\EzExtractSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\EzExtractSetup (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\EzExtractSetup (2).exe | N/A |
Loads dropped DLL
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\EzExtractPro\EzExtractProCoreDll.dll | C:\Users\Admin\Downloads\EzExtractSetup.exe | N/A |
| File created | C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll | C:\Users\Admin\Downloads\EzExtractSetup.exe | N/A |
| File created | C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll | C:\Users\Admin\Downloads\EzExtractSetup.exe | N/A |
| File created | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | C:\Users\Admin\Downloads\EzExtractSetup.exe | N/A |
| File created | C:\Program Files (x86)\EzExtractPro\uninstall.exe | C:\Users\Admin\Downloads\EzExtractSetup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\EzExtractSetup (2).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\EzExtractSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\EzExtractSetup (2).exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "3" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.jar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.lz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.cab\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso\shellex\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 6c003100000000004759a14b10004f4e454e4f547e310000540009000400efbe4759a14b4759a64b2e00000016290200000001000000000000000000000000000000dbdf0a004f006e0065004e006f007400650020004e006f007400650062006f006f006b007300000018000000 | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive\DefaultIcon | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 60003100000000004759a24b10004d594e4f54457e310000480009000400efbe4759a14b4759a24b2e00000017290200000001000000000000000000000000000000f1e722004d00790020004e006f007400650062006f006f006b00000018000000 | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ManualSafeSave = "1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ = "C:\\Program Files (x86)\\EzExtractPro\\EzExtractProShell32.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} | C:\Windows\system32\regsvr32.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 26233.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 171670.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 848814.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 656581.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 598058.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\EzExtractSetup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\EzExtractSetup (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\EzExtractSetup (2).exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamunlocked.net/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbcb646f8,0x7ffbbcb64708,0x7ffbbcb64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=9428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
C:\Users\Admin\Downloads\EzExtractSetup.exe
"C:\Users\Admin\Downloads\EzExtractSetup.exe"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll"
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe" "C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe
"C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11736 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10808 /prefetch:8
C:\Users\Admin\Downloads\EzExtractSetup (2).exe
"C:\Users\Admin\Downloads\EzExtractSetup (2).exe"
C:\Users\Admin\Downloads\EzExtractSetup (2).exe
"C:\Users\Admin\Downloads\EzExtractSetup (2).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=12516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9704 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 104.27.201.89:443 | steamunlocked.net | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.201.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uploadhaven.com | udp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 8.8.8.8:53 | 18.82.197.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | ervantasrelaterc.com | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | orhavingartisticta.com | udp |
| US | 8.8.8.8:53 | ukankingwithea.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.21.5.18:443 | ervantasrelaterc.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 143.204.176.76:443 | getrunkhomuto.info | tcp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| GB | 18.244.140.102:443 | ghabovethec.info | tcp |
| GB | 18.245.143.53:443 | orhavingartisticta.com | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| US | 172.67.192.190:443 | ukankingwithea.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.5.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.212.224.103.in-addr.arpa | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| GB | 3.162.20.120:80 | crt.rootg2.amazontrust.com | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | 120.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1vy7td57198sq.cloudfront.net | udp |
| CZ | 65.9.94.103:443 | d1vy7td57198sq.cloudfront.net | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | loaksandtheir.info | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| GB | 54.192.137.93:443 | loaksandtheir.info | tcp |
| US | 8.8.8.8:53 | 246.197.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.94.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.137.192.54.in-addr.arpa | udp |
| GB | 92.123.128.169:443 | www.bing.com | tcp |
| GB | 92.123.128.169:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.146:443 | r.bing.com | tcp |
| GB | 92.123.128.133:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 169.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 133.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.222.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:443 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | a.omappapi.com | udp |
| US | 8.8.8.8:53 | a.pub.network | udp |
| US | 8.8.8.8:53 | app.fusebox.fm | udp |
| US | 8.8.8.8:53 | maps.whatismyipaddress.info | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | ds6.whatismyipaddress.com | udp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| GB | 79.127.237.132:443 | a.omappapi.com | tcp |
| CZ | 65.9.95.50:443 | cmp.inmobi.com | tcp |
| US | 104.18.21.206:443 | a.pub.network | tcp |
| US | 172.67.69.80:443 | maps.whatismyipaddress.info | tcp |
| US | 8.8.8.8:53 | api.floors.dev | udp |
| US | 8.8.8.8:53 | optimise.net | udp |
| US | 8.8.8.8:53 | 79.222.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.111.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.69.67.172.in-addr.arpa | udp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 8.8.8.8:53 | d.pub.network | udp |
| US | 34.160.152.31:443 | d.pub.network | tcp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| US | 8.8.8.8:53 | api.omappapi.com | udp |
| US | 172.66.42.248:443 | api.omappapi.com | tcp |
| US | 8.8.8.8:53 | onesignal.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 104.16.160.145:443 | onesignal.com | tcp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.libsyn.com | udp |
| GB | 13.224.81.17:443 | static.libsyn.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.67:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdn.whatismyipaddress.com | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 52.57.169.143:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | c.pub.network | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.128.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.152.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.152.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.160.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.169.57.52.in-addr.arpa | udp |
| US | 34.160.152.31:443 | c.pub.network | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| CZ | 65.9.95.111:443 | sb.scorecardresearch.com | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | freestar-io.videoplayerhub.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | pb-rtd.ccgateway.net | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 172.64.144.166:443 | cdn.confiant-integrations.net | tcp |
| US | 8.8.8.8:53 | pb-ing.ccgateway.net | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 34.213.6.186:443 | pb-ing.ccgateway.net | tcp |
| CZ | 65.9.98.75:443 | c.amazon-adsystem.com | tcp |
| US | 104.26.8.50:443 | freestar-io.videoplayerhub.com | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| US | 35.95.128.205:443 | pb-ing.ccgateway.net | tcp |
| GB | 18.165.160.6:443 | live.primis.tech | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | s2s.t13.io | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid.cootlogix.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 104.248.109.184:443 | prebid.cootlogix.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| GB | 92.123.241.36:443 | a.teads.tv | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| GB | 13.224.81.89:443 | hb.yellowblue.io | tcp |
| IE | 34.251.162.35:443 | ads.yieldmo.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| IE | 34.248.249.70:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| CZ | 65.9.95.80:443 | rules.quantcount.com | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | udp |
| US | 104.248.109.184:443 | prebid.cootlogix.com | tcp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 104.78.175.230:443 | secure.cdn.fastclick.net | tcp |
| GB | 13.224.81.122:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| GB | 18.165.160.56:443 | config.aps.amazon-adsystem.com | tcp |
| CZ | 65.9.9.197:443 | aax.amazon-adsystem.com | tcp |
| CZ | 65.9.9.197:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.98.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.6.213.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.128.95.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.140.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.212.159.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.162.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.109.248.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.249.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| IE | 52.95.125.22:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 52.213.178.209:443 | bcp.crwdcntrl.net | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| US | 8.8.8.8:53 | 0bab77ffa60b93cfe5cab43efe89c810.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | 0bab77ffa60b93cfe5cab43efe89c810.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| GB | 92.123.242.2:443 | eus.rubiconproject.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | 230.175.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.9.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.125.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 151.101.66.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | cs.seedtag.com | udp |
| GB | 2.19.117.29:443 | acdn.adnxs.com | tcp |
| US | 104.16.186.87:443 | cs.seedtag.com | tcp |
| US | 8.8.8.8:53 | sync.cootlogix.com | udp |
| US | 68.183.125.244:443 | sync.cootlogix.com | tcp |
| US | 8.8.8.8:53 | freestar-d.openx.net | udp |
| US | 34.98.64.218:443 | freestar-d.openx.net | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 34.98.64.218:443 | freestar-d.openx.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 23.219.196.188:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | csync.smartadserver.com | udp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 2.242.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.240.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.186.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.125.183.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.196.219.23.in-addr.arpa | udp |
| GB | 2.19.117.8:443 | csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| DE | 138.201.8.249:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| DE | 18.195.234.25:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 35.214.194.178:443 | csync.loopme.me | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| IE | 52.210.72.167:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.8.201.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.234.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.194.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.72.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu-west-1-cs-rtb.openwebmp.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| CZ | 65.9.95.49:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| US | 104.18.6.198:443 | gum.aidemsrv.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 35.170.216.127:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 2.19.117.26:443 | player.aniview.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| NL | 89.149.192.244:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| GB | 2.19.117.35:443 | ced-ns.sascdn.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 52.2.241.80:443 | api-2-0.spot.im | tcp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| FR | 164.132.25.184:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 49.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.6.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.216.170.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| NL | 35.214.194.178:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| GB | 142.250.180.2:443 | cm.g.doubleclick.net | udp |
| US | 172.240.45.96:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | cs.media.net | udp |
| US | 70.42.32.255:443 | b1sync.zemanta.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| GB | 2.23.220.28:443 | cs.media.net | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | bc-sync.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| IE | 52.31.4.203:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| IE | 54.154.113.197:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| DK | 37.157.2.233:443 | cm.adform.net | tcp |
| NL | 35.214.194.178:443 | csync.loopme.me | tcp |
| IE | 54.154.113.197:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | 80.241.2.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.25.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.220.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.4.31.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.113.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| US | 8.8.8.8:53 | sync-gdpr.intentiq.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | sync.bfmio.com | udp |
| GB | 3.162.20.39:443 | sync-gdpr.intentiq.com | tcp |
| US | 98.82.158.241:443 | s.amazon-adsystem.com | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 34.202.180.87:443 | sync.bfmio.com | tcp |
| GB | 54.192.137.93:443 | loaksandtheir.info | tcp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | api-gdpr.intentiq.com | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 44.238.160.234:443 | ids.ad.gt | tcp |
| GB | 13.224.81.82:443 | api-gdpr.intentiq.com | tcp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | governorneedle.icu | udp |
| US | 172.67.158.236:443 | governorneedle.icu | tcp |
| GB | 142.250.200.34:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 44.238.160.234:443 | ids.ad.gt | tcp |
| US | 52.71.71.25:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| NL | 35.214.194.178:443 | csync.loopme.me | tcp |
| US | 172.67.161.210:443 | fine-download.com | tcp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.180.202.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.160.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.71.71.52.in-addr.arpa | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | dsp-cookie.adfarm1.adition.com | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 104.26.2.174:443 | yourjsdelivery.com | tcp |
| IE | 52.95.125.22:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| IE | 34.251.85.66:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | nostop.go2cloud.org | udp |
| IE | 52.210.174.128:443 | nostop.go2cloud.org | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | sync-service.net | udp |
| NL | 35.214.194.178:443 | csync.loopme.me | tcp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| US | 204.62.13.67:443 | sync-service.net | tcp |
| US | 8.8.8.8:53 | seg.ad.gt | udp |
| US | 104.22.5.69:443 | seg.ad.gt | tcp |
| US | 8.8.8.8:53 | 174.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.210.82.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.174.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.85.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.webanalyticscounter.com | udp |
| US | 104.21.83.248:443 | stats.webanalyticscounter.com | tcp |
| US | 204.62.13.67:443 | sync-service.net | tcp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| GB | 3.162.23.168:443 | m.media-amazon.com | tcp |
| GB | 3.162.23.168:443 | m.media-amazon.com | tcp |
| US | 8.8.8.8:53 | odr.mookie1.com | udp |
| US | 204.62.13.67:443 | sync-service.net | tcp |
| US | 34.160.236.64:443 | odr.mookie1.com | tcp |
| US | 8.8.8.8:53 | aan.amazon.co.uk | udp |
| US | 8.2.108.175:443 | bc-sync.com | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| IE | 3.254.237.44:443 | aan.amazon.co.uk | tcp |
| US | 8.8.8.8:53 | ts.amazon-adsystem.com | udp |
| GB | 18.172.88.77:443 | ts.amazon-adsystem.com | tcp |
| GB | 18.172.88.77:443 | ts.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | mb9eo.publishers.tremorhub.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 44.194.70.0:443 | mb9eo.publishers.tremorhub.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 248.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.13.62.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.23.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.236.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.237.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.70.194.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:8443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdn.browsiprod.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 3.162.20.40:443 | cdn.browsiprod.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 52.32.160.127:443 | events.browsiprod.com | tcp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| GB | 13.224.81.8:443 | yield-manager.browsiprod.com | tcp |
| NL | 185.235.87.13:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.210:443 | ag.gbc.criteo.com | tcp |
| US | 52.32.160.127:443 | events.browsiprod.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | 8.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.87.235.185.in-addr.arpa | udp |
| US | 104.21.83.248:443 | stats.webanalyticscounter.com | tcp |
| US | 8.8.8.8:53 | ezextractpro.s3.amazonaws.com | udp |
| US | 52.216.57.41:443 | ezextractpro.s3.amazonaws.com | tcp |
| US | 52.216.57.41:443 | ezextractpro.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | x.urs.microsoft.com | udp |
| GB | 172.165.69.228:443 | x.urs.microsoft.com | tcp |
| US | 8.8.8.8:53 | sq-tungsten-ts-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | speedtest.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
| IE | 3.254.236.147:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| GB | 172.217.169.14:443 | google.com | tcp |
| US | 151.101.130.219:443 | speedtest.net | tcp |
| FR | 163.5.194.33:443 | prebid.a-mo.net | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | udp |
| GB | 3.162.20.113:443 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | tcp |
| GB | 3.162.20.40:443 | cdn.browsiprod.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | trk.playstretch.host | udp |
| IE | 3.254.236.147:443 | sq-tungsten-ts-eu.amazon-adsystem.com | tcp |
| IE | 54.155.11.60:443 | trk.playstretch.host | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| DE | 18.195.234.25:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | www.speedtest.net | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | 127.160.32.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.57.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.236.254.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 104.17.147.22:443 | www.speedtest.net | tcp |
| US | 8.8.8.8:53 | ai.browsiprod.com | udp |
| US | 104.17.147.22:443 | www.speedtest.net | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| GB | 3.162.20.8:443 | ai.browsiprod.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| FR | 163.5.194.37:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | sync.kueezrtb.com | udp |
| US | 143.244.155.164:443 | sync.kueezrtb.com | tcp |
| US | 52.32.160.127:443 | events.browsiprod.com | tcp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.147.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.155.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| DE | 79.127.216.47:443 | id.rtb.mx | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 204.62.13.67:443 | sync-service.net | tcp |
| US | 204.62.13.67:443 | sync-service.net | tcp |
| US | 204.62.13.67:443 | sync-service.net | tcp |
| US | 8.8.8.8:53 | stun4.l.google.com | udp |
| US | 8.8.8.8:53 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 104.16.160.145:443 | img.onesignal.com | tcp |
| US | 8.8.8.8:53 | ezextractinstaller.com | udp |
| US | 172.67.181.227:443 | ezextractinstaller.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 227.181.67.172.in-addr.arpa | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 52.216.57.41:443 | ezextractpro.s3.amazonaws.com | tcp |
| US | 52.216.57.41:443 | ezextractpro.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | rtb.primis.tech | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| GB | 18.165.160.6:443 | rtb.primis.tech | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | orhavingartisticta.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| GB | 18.244.140.79:443 | ghabovethec.info | tcp |
| GB | 143.204.176.76:443 | getrunkhomuto.info | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | 79.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | loaksandtheir.info | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | ezextractpro.s3.amazonaws.com | udp |
| US | 52.216.250.196:443 | ezextractpro.s3.amazonaws.com | tcp |
| US | 52.216.250.196:443 | ezextractpro.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:443 | google.com | udp |
| US | 8.8.8.8:53 | 196.250.216.52.in-addr.arpa | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | trk.playstretch.host | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 172.67.181.227:443 | ezextractinstaller.com | tcp |
| US | 8.8.8.8:53 | 192.98.74.40.in-addr.arpa | udp |
| US | 172.67.181.227:443 | ezextractinstaller.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.171:443 | r.bing.com | tcp |
| GB | 92.123.128.165:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 171.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.128.123.92.in-addr.arpa | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 52.216.250.196:443 | ezextractpro.s3.amazonaws.com | tcp |
| US | 52.216.250.196:443 | ezextractpro.s3.amazonaws.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
\??\pipe\LOCAL\crashpad_4148_IGNIFMNBUWXMMNCU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13ce42270878bd02bbb082d11a66cd2d |
| SHA1 | 0342e7a00be2f8dfbe955abd62f40b5ef8e38400 |
| SHA256 | c11084c2d7f57da6ea16eca057c8485762d9bd4afff4deebd2c0ed0218709e3d |
| SHA512 | 66d9a89011b65ce56809de4cbb8e52daaffc4335220cef9b17594ab9c6a744bf62625322497022747261c67a3ca31912d49d5ddaeecd3589a786058f30cacfb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa1209d7e0c1002a8db4b97043cc1d09 |
| SHA1 | 9247db6fa5448237bb83c536b5126c810bf18657 |
| SHA256 | 1cc157763aa5092c7004dc78c0f4ca19d27bc22449f2461d8b5764f911c421e0 |
| SHA512 | e79ae389fe60d686cb80079d66f352ee305ffd32b5c42dc175882edac52300c32675bac52b6c923c5183a57b67ceba3f7e0a6724bea5162152794f0f556a0b8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2eb589db26a461deea762c94f1a1742a |
| SHA1 | 2b5c6fbfb2f24e6cb14e8c0312fab4b90d7d5afe |
| SHA256 | 5a6c53dddbdde9a4f4f960d7898cf16ec3ee45112bc6c44f02850efee01e4708 |
| SHA512 | dd79168ab6d72c8c7c27fed076f642cc888d05687f2f333d97e993bad4f28957322a9a997692dac92be0d63e1e2b6a73bf47ab02b25dc64cebaaa297c7847ff9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ab9845b0f2f7653054be576aaad6de4 |
| SHA1 | 6a51c66a1d160525764ba7dbbec64a4dc2163d11 |
| SHA256 | 84b362b6bcc80f58b4ae188e7e5c9322028cf199aea6d110e7d82bb84092252f |
| SHA512 | a3b4ac6c0c9bedca357d18e56ba588d9c7ff6b1a226e1382f32d05e278a858aa43a72af1f5761377c662a3ce107eb87f1e22540c89c24c67196d6982fce356f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b3320186d0a8011362ace8ca30f69dd4 |
| SHA1 | 530ecd39668d05c6768a3cf2adb946fc92ceb1ba |
| SHA256 | 6a02dcfc577c3751eb8da371d1fb66b15d41dcd4b97d963a1fdbbd43e79928c4 |
| SHA512 | b1582345d309c8a668257eb6277aca224a919b785fdabd8a0cc3ee73ee63e3b18aff4740db95e71b0cf14e2f51f08b8da8fa41e7cd22a7f660d6327598af5989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e995.TMP
| MD5 | 7a34497feb0f0bc6eb85ff082e925501 |
| SHA1 | 1776202a9cea6115faf0d06273e5efd9aea48421 |
| SHA256 | b86761ccb754876982f29626a8842642bb674df8bc7f7272a82a0bb4967cf139 |
| SHA512 | 2eb99ab2c312c033c8db12cc1940e38c7681a2b3c38ec6dbb54306bfe9888d6f24beb14d32f8be1c9aae237607b76245e8880c51af6dd29a61cf8b98270404f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4b1de3bcc0c341817a6184283bad426 |
| SHA1 | d1c16ced9e2902fe19f7bc8ccefe32fbcd3c7131 |
| SHA256 | 683584887e09aa02f6dd622cc288d5b6aae64fcc0bac8b49fe0ae5add223750d |
| SHA512 | 3478c81dd40506180f25e0b2840fe35ba60a21d68ee36e443c7fb3e9228df91d744d0d515d0ebd019edad570f1cf9e587891b314738d94a3ebfc952288e7bc83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 542cbf1204053c207fdd4229179b4532 |
| SHA1 | 07d6e41450bc9f6059d0888d82c67036251c9dc9 |
| SHA256 | 9d85283763bc7b27a4e600c007fb811bc81b6603580ed0f69f6f23f2f68f0d00 |
| SHA512 | 0db2ab963508ab6f9b9cc94e107f32a7206aba713bf800708fb2bf997c9daa07de8dd830e78702540c385da60e47aa675ce04c3e0aeae2a2ac050359156ba2b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
| MD5 | 60462d29cf50606cdda8d5057fd4de28 |
| SHA1 | 0a7f8a6daa9233d860e72407b89f24e8df3f26ed |
| SHA256 | 08e26ddbe3dd98e08fd88597e1562975b062669f95dd7df634a1fbbd70f30721 |
| SHA512 | b63359cbd0434cbebb55c8bf5e6c70fb2dd28b850ec5f96e7166e9044dcdc887935a807d79e9fc2d292d77734166a050afb306d45941bd615d11c4cd687199e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f82ae4fab3916a30aa2de52f022dc59 |
| SHA1 | 5d9bfd623be0be4d1406173d795b68d5300c411c |
| SHA256 | c2d206a851047d944a6ecce7316daf0792967b57d21a4ed25c65c3707d1061b5 |
| SHA512 | d721464b77cb5bc723329f76df1b565ae61b853bbd679fa678f3ab3b5218ae488a8d3d30ae4097f3fb9fc2a90cbc5f190911e53bb01998eef35362a119744435 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2a068713f23bfd1c0a6806f5fc2e2ab5 |
| SHA1 | 2f564156aace90d6287c1b1dcbd734e9ea29aa2a |
| SHA256 | 91a24b34e26768ab8f316c6a0eddbcc8ca4574bfb51694bc6f99da7a00279e36 |
| SHA512 | 6db6dd504bcda6ff08657b4675c80858b64e634c5af615ee2de6edbf65c62d3e78c37466ead950b5b732f31e3c93d86ffa92dd8e96544c4c9d5b0169782820f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5818f2.TMP
| MD5 | 0fc9be5d6dd06f86db4e035b256aad76 |
| SHA1 | 60d803c9cb91af8ee2c8e129cb313c0ce3b3af1e |
| SHA256 | 04762fe12a07124a1e6dea9064b973e4c2a31ef9ca5d62aa2c62d2ddc3b21ec0 |
| SHA512 | f3cc3bea704fb3bef50296442d05657b361af53cb15a0736f75e6700b12811739a3ecfa98759fac597b7cc589a1d26422191dc84da495543988ea4d6fd2c24eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\Downloads\Unconfirmed 26233.crdownload
| MD5 | 7399ebe1e1b9c99f3cb4a2521d424384 |
| SHA1 | 7a560782421feb72b1e84f162cf0abd0809fda28 |
| SHA256 | 4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f |
| SHA512 | 80b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a684a07e5ceecbec6099f738cddd62c4 |
| SHA1 | ab9a4a0a2cd416a429c86f9bf1f8811b18ef7dcf |
| SHA256 | a9478705cbc21f8b65ffd5326e421c282ee2dc771f875249fb7c66c00931ac1c |
| SHA512 | 7f2e07accc3394e2d2d44bdc54c0192d36a5a13b7e9750de91d02e6b3677be4c59903de04c7e575a7c8c874733d9481d6be49e8b72865c082ca2ea1b31757842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aea8c09e62b223eefb30bbbd3e807cfa |
| SHA1 | a3a16d68da41be86d3519b56cb343262c366fc4c |
| SHA256 | 30b1eea534be28c7973c49e4d1dc941679525011ab3323efcb28bd9e750c1ca5 |
| SHA512 | 093a1724dcda83619328c80ee9dc1a00ee6d25d7eb7fc1a87c98a981b7c0ae45f92ca3047192294fe3e074d45422ac81b7d487a3836ce60cddb7996c0cb8135f |
C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\NsisPlugin.dll
| MD5 | 1d0e98e6817a35237509731e1398b47a |
| SHA1 | 2690a72941f1641495a1cf51ebf5399987a74e5c |
| SHA256 | 23abc9395b36419700f31b507f13a189ec2eeb70c7e1a1fe9406c2b9e0728298 |
| SHA512 | 5cf919baa11e3cdc3518a351e206a5dc84bb1beaf933194d27fb0a96edbc6b90a58106c45a357e8c7af9de815b4e74cf5e42a22bc91b5fac02bb386a6638d0ce |
C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b2f528b32d7f07b4a3dd4b2f764d9cb |
| SHA1 | e52d2a6e645cf03e837adc2b81bd1ef54307e38e |
| SHA256 | 5ba514b5a8845f9c3f03110a24b7f25ad331b1de89772bf8f5f58759a1282ea3 |
| SHA512 | c2d649248442fcb791893fcd7fbb880711712bda88bc45cd52e23c326e5f5cb2258deddf3472fee45a0a6542c6cdaf12d37d722b666443a1609d285dae8f5929 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dc1fee224c580ddf753a31e21d5cdf38 |
| SHA1 | 5711055c2a53f2ac3fc0163178a9ed09ef629502 |
| SHA256 | f3f93c6a489928ea59189e4fc58371e3c2ccfd65588c3e5b3779677b4dcae31c |
| SHA512 | 7ab4669535633d029633ee94515ebd1216811d20c1ceac9964cf30fe9e7c808ffee13b0d1c7c999f3e057abc4a62321da60a66705f4ee420bd3578d9dcf02031 |
C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe
| MD5 | 3b67b6026237810356f5aefb373d2b15 |
| SHA1 | 1a4d565f81195adb9c048f8eb7fa7d77018ee3d1 |
| SHA256 | 554ef8f1d2b201421a53dbbf897fcbea20dbba9d6e8fa881ad0b52be60c11f5e |
| SHA512 | 4e4a7445b1580c2076174c336414d5918a3fc0afbb13d56d29bd1fc18ca114affad1ced06fd52624292012dff2b95a76b19f4e3f9940c2d9a333c290a95d4641 |
C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\modern-wizard.bmp
| MD5 | cbe40fd2b1ec96daedc65da172d90022 |
| SHA1 | 366c216220aa4329dff6c485fd0e9b0f4f0a7944 |
| SHA256 | 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2 |
| SHA512 | 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63 |
memory/6780-763-0x0000000000ED0000-0x0000000000FAE000-memory.dmp
memory/6780-764-0x000000001BD80000-0x000000001BEC6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1d334cebc2639aa14373bbdc1d45a2fb |
| SHA1 | c432f287f7bac5d793524f88d5eff3f40296245f |
| SHA256 | e014b32a3aa72022087309221579debd435a545635fd2160002a681c31dd2085 |
| SHA512 | cddaff054b4f3167ad760614f6ec39f12bc4b9b883cb88372d47a39075fb414b55c22ccdc7661e09f4dab9ed5e2de02427c532e9ecb7f653aefa4aae89ba0eb8 |
C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
memory/6780-781-0x000000001BD30000-0x000000001BD38000-memory.dmp
memory/6780-782-0x0000000021250000-0x0000000021288000-memory.dmp
memory/6780-783-0x000000001BD60000-0x000000001BD6E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aecb663d8cab603ceff4d907a7d95946 |
| SHA1 | cb3b9ea6f80c0e257ce87428d76715809c3d44ff |
| SHA256 | 2bbb06d40c72fc14ba6db2be10c940a078e7139c25498a5f0772b62992bdea08 |
| SHA512 | 443ec85639b74555ddcddc233b9a48f4287d0332388fc5263611fca8836deb187f4f06a2f2f43b752df3961c76788b30bc86054c9a1a5001d953fab90ef4c645 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd78d4f69062b6c3476c508f89a72a02 |
| SHA1 | af0b3a4404e87b3b11f571bed25701407e054af3 |
| SHA256 | e0912e5a8aa7658ad8a7f15fe51deda39ae6e143ba2251c208def189c32c6a3b |
| SHA512 | 04655942a3bd02bbdf06b5b5fc5c955e28487bd326d389e40b84efc19911c17ae3f711408aed5fa5c38eba7d99af979e18cea008b849837f74bf476e3018aa6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a68228c0939a76bc050de2d162213d16 |
| SHA1 | 535a5572d5846a78aa82c1a943ede2d4167ebfad |
| SHA256 | 7866fbac45b678e1a6e3b6638e3984198818f7f43006c7fd006409b143ac01b7 |
| SHA512 | 2b4b98bb6c75a440635fe0212e73f289ece459991b1c0e0b05dabaa7df8c7326059d53684f298c0195d8aa31d4a34843f41fa0319d1f44c614d467c575dff914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3d0cc15bc33d6ddbd9a1b7a986e92129 |
| SHA1 | e95dfdb6e2186aea7bce10c1515c6a5d2afab48c |
| SHA256 | 049941a855916a6c0b2aeb87188761d6061b4cc1d80504d68d0712cb06060f37 |
| SHA512 | 839a3ba5e49490017c7f6962f7dcce76f290e5b251e627cba955814da0d9c6ad0ddb2b344485d6e6c89605089d399ef576409673a06f605be62b96629e7b2361 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 39a4d0b03799020307758961f4199b19 |
| SHA1 | 74a4e6b0223643361bec8d4b26b39675cbc3e565 |
| SHA256 | 90d6afa2c2052df89b0522e51b8c98cda61b819e2b24a75c2c0fcb218bc451f4 |
| SHA512 | 015a1be54de12ab28f14b5cfdc8def812c7dd5202b5ff827ad6b3ead493d2caf3e6b52164c3cc7dd1e5c9eb85b8ed93b6f55b242ae630e92ee78c4e01ce83b78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad8d0ea8c11a6efeb4ed228f19e85e04 |
| SHA1 | 4dcc9d80083653c4574eac35dc218903b3176f97 |
| SHA256 | 65329b5801b22ee7a76c707084c5b922a8ab9d616b56e7c22cbf43625c15774b |
| SHA512 | 22ef37fca5f364ca464f8de798e00a241b9096a06b793d38668e177fecd9e23e0e130d244b619f6314602e6bc4c050f03f4c20bcdff1b3e92455b7cdfaf88de2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ec106c3ca9d382bec41ad8f80a9a447 |
| SHA1 | d09a29da6863f8f06953c21470a274aa4fe07d9b |
| SHA256 | 6d31999f65a28ce0652870e1c9c23f8d3dfad57503c0ff975326e6ae353ff1df |
| SHA512 | f069eb8e45678786a2abda0e50acb7798e3c627cdbb69cb6d7366abf740ac7ea55622794a288e6ef579341334b29d20cf0d23ac07c8223c389fe2471f6ad7fd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 95ad70b0720495f26f4b7dc7aa152c13 |
| SHA1 | d325d177460b579980d6b36a4da2defbc709d6ce |
| SHA256 | 7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc |
| SHA512 | ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1dc97cfd0151049d0419bb0cc95a59ad |
| SHA1 | f7f58e6f9722000e1a7ba7abc98953c35b8840da |
| SHA256 | 1e228402f05431098d28d2f0280f98e768e05c850995019f80c9d1cdda530f4e |
| SHA512 | 7abaa333fed0f3db945c911b3eb0db23b708377a4ecbf764ffaf91fd811cb961ee73a09edd58c6925b665d2303db3f05ec5cac3e42a75ee5d7b94358bbfc1bf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
| MD5 | 2f1eb7d86ace8fadf0bf9f04728e6343 |
| SHA1 | fe0140afe94535872485112ef447c29e0c3eb344 |
| SHA256 | e1ef030b6c6fe32f650f1e1e01c71a230ca38f2d2aa8d4da0f16521838bdaae4 |
| SHA512 | ae58237b88c1082c318f772657a8f382a5e2cc3ab676a89f3ea31e71234d3757091ac3a3a2b88e3a857cb5af0da6fc7ccf39f59fae810160a3771ea867573473 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1468fb8ca1ddac144d8f58781dca241 |
| SHA1 | 1d08bfcd7939241f2408be53762205504ecf5460 |
| SHA256 | 4596235a0f9a644d2fd5df1b33f49a5b726375ab4dee0846baacea73e98de32e |
| SHA512 | e17d256830aa8b3e37447cf56e9ec6a3836d3ac0352e502f33178482a180a964a134f460c97d14169f970bdfbda9df1ddd2cf56f906e0a19e8c0c2ce35bd9e98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d498ab3052e87e49833c83196634e371 |
| SHA1 | 77ffad54990c7821e71b71da82eb27967013d6d1 |
| SHA256 | b936ae4ec21465e6dcd2e57357c13145f9fda11c2741d7c368624036ef2b8a4f |
| SHA512 | 47f50b73e85c088a43ae63d376e8549ef32f7169fc03e87a6c6a294a1b049ab9ca85e9fc28d859cd49fb3f4a43ace87d52338c7b28f3be8624035905a53b522c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 929b1f88aa0b766609e4ca5b9770dc24 |
| SHA1 | c1f16f77e4f4aecc80dadd25ea15ed10936cc901 |
| SHA256 | 965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074 |
| SHA512 | fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc30716273cdb160ed1fd5d50a507a6a |
| SHA1 | cf4e9d033cc2b6d8b1985849f5a85650bf9cf866 |
| SHA256 | c81df2fe4462a187c6f0c4b6a3c987f8b90fbe40db7c0adf662ce1114ca3f407 |
| SHA512 | 7c25d6b78d9ea41c0e826e688f9d36949b6c999e21ffc5f07be66c66e2a2e3f299efecff740dccf0a3f0d01bf9d4b6861d1ebb3daee60eff71c73da3a3866367 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
| MD5 | 4cfdf961f46b8e8e1b1861e5dc41173b |
| SHA1 | 340f370f4a3bd1086feff50772f3c0b9b544f7ae |
| SHA256 | d9a6b0dd794016db5cba73545744cb12538935c462b97bcf704da43931d5e9ba |
| SHA512 | 3e7a4d4729e884262a639f7ff06502837a3918461809eaa98fc4607bcc21cce7d8a860c20dd1ea0221d39f411ab23e152a86648dbcff14b2026f468d7cb856a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c0051c6389f4b79bf66374817cbad1b0 |
| SHA1 | 701f8056b3f8efaa8bf2d83b8251888d83814a75 |
| SHA256 | 69288fbdf6752896d040f22445e4da1e7405461692a2571e3b9d2596ffa3f21c |
| SHA512 | 40fded20d33efef156509d768217fde72b947164da3276847a42018a72f4b9b24f7321e1ccf63b779b5543695fc1af3a8bd3123debfc2d817ca15321f4a09cde |
memory/6780-1292-0x00000000016A0000-0x00000000016B2000-memory.dmp
memory/6780-1293-0x00000000017C0000-0x00000000017FC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 30903e0d5f78035c86dd8024f1ca1d64 |
| SHA1 | 701372f11145dc393112af72eaaf759f69c7cdf1 |
| SHA256 | 19a01fbb2f00fb09418c72e2837478650f82c57f156352375cf22936e40c3eca |
| SHA512 | 4fb87cd488d93831613e1c43a27dda4e9820ebb39c68bceb117b03ec72a178d9e14f5dc9436e419238fac7677573d633fe6b55ee43479950c5eb4ca8f1dd87f2 |
C:\Users\Admin\Downloads\Unconfirmed 598058.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |