Malware Analysis Report

2025-01-22 20:29

Sample ID 241020-aarvbsxana
Target https://steamunlocked.net/
Tags
discovery motw persistence phishing privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://steamunlocked.net/ was found to be: Likely malicious.

Malicious Activity Summary

discovery motw persistence phishing privilege_escalation

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks installed software on the system

Looks up external IP address via web service

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 00:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 00:00

Reported

2024-10-20 00:04

Platform

win10v2004-20241007-en

Max time kernel

194s

Max time network

193s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamunlocked.net/

Signatures

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\EzExtractPro\EzExtractProCoreDll.dll C:\Users\Admin\Downloads\EzExtractSetup.exe N/A
File created C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll C:\Users\Admin\Downloads\EzExtractSetup.exe N/A
File created C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll C:\Users\Admin\Downloads\EzExtractSetup.exe N/A
File created C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe C:\Users\Admin\Downloads\EzExtractSetup.exe N/A
File created C:\Program Files (x86)\EzExtractPro\uninstall.exe C:\Users\Admin\Downloads\EzExtractSetup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\EzExtractSetup (2).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\EzExtractSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\EzExtractSetup (2).exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "3" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.jar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.lz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.cab\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso\shellex\ContextMenuHandlers C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 6c003100000000004759a14b10004f4e454e4f547e310000540009000400efbe4759a14b4759a64b2e00000016290200000001000000000000000000000000000000dbdf0a004f006e0065004e006f007400650020004e006f007400650062006f006f006b007300000018000000 C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive\DefaultIcon C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.7z\shellex C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 60003100000000004759a24b10004d594e4f54457e310000480009000400efbe4759a14b4759a24b2e00000017290200000001000000000000000000000000000000f1e722004d00790020004e006f007400650062006f006f006b00000018000000 C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ManualSafeSave = "1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ = "C:\\Program Files (x86)\\EzExtractPro\\EzExtractProShell32.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\shellex\ContextMenuHandlers C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7} C:\Windows\system32\regsvr32.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 26233.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 171670.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 848814.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 656581.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 598058.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4148 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 1452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 4788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4148 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamunlocked.net/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbcb646f8,0x7ffbbcb64708,0x7ffbbcb64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=9428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8

C:\Users\Admin\Downloads\EzExtractSetup.exe

"C:\Users\Admin\Downloads\EzExtractSetup.exe"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" "C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe

"C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11736 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10808 /prefetch:8

C:\Users\Admin\Downloads\EzExtractSetup (2).exe

"C:\Users\Admin\Downloads\EzExtractSetup (2).exe"

C:\Users\Admin\Downloads\EzExtractSetup (2).exe

"C:\Users\Admin\Downloads\EzExtractSetup (2).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=12516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,1918619047132746307,13536622667706842755,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9704 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 steamunlocked.net udp
US 104.27.201.89:443 steamunlocked.net tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 89.201.27.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 40.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 uploadhaven.com udp
US 169.197.82.18:443 uploadhaven.com tcp
US 169.197.82.18:443 uploadhaven.com tcp
US 8.8.8.8:53 18.82.197.169.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 ervantasrelaterc.com udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 orhavingartisticta.com udp
US 8.8.8.8:53 ukankingwithea.com udp
US 8.8.8.8:53 accounts.google.com udp
US 104.21.5.18:443 ervantasrelaterc.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 143.204.176.76:443 getrunkhomuto.info tcp
US 8.8.8.8:53 jecromaha.info udp
GB 18.244.140.102:443 ghabovethec.info tcp
GB 18.245.143.53:443 orhavingartisticta.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 103.224.212.215:443 jecromaha.info tcp
BE 64.233.184.84:443 accounts.google.com udp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 76.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 102.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 53.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 190.192.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 215.212.224.103.in-addr.arpa udp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
GB 3.162.20.120:80 crt.rootg2.amazontrust.com tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 120.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 94.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 d1vy7td57198sq.cloudfront.net udp
CZ 65.9.94.103:443 d1vy7td57198sq.cloudfront.net tcp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 loaksandtheir.info udp
US 103.224.212.215:443 jecromaha.info tcp
US 169.197.82.18:443 uploadhaven.com tcp
GB 54.192.137.93:443 loaksandtheir.info tcp
US 8.8.8.8:53 246.197.219.23.in-addr.arpa udp
US 8.8.8.8:53 103.94.9.65.in-addr.arpa udp
US 8.8.8.8:53 93.137.192.54.in-addr.arpa udp
GB 92.123.128.169:443 www.bing.com tcp
GB 92.123.128.169:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 8.8.8.8:53 a.omappapi.com udp
US 8.8.8.8:53 a.pub.network udp
US 8.8.8.8:53 app.fusebox.fm udp
US 8.8.8.8:53 maps.whatismyipaddress.info udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 ds6.whatismyipaddress.com udp
US 104.26.13.133:443 app.fusebox.fm tcp
GB 79.127.237.132:443 a.omappapi.com tcp
CZ 65.9.95.50:443 cmp.inmobi.com tcp
US 104.18.21.206:443 a.pub.network tcp
US 172.67.69.80:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 api.floors.dev udp
US 8.8.8.8:53 optimise.net udp
US 8.8.8.8:53 79.222.19.104.in-addr.arpa udp
US 8.8.8.8:53 133.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 223.111.17.104.in-addr.arpa udp
US 8.8.8.8:53 206.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 50.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 80.69.67.172.in-addr.arpa udp
US 34.160.128.112:443 api.floors.dev tcp
US 34.111.152.239:443 optimise.net tcp
US 8.8.8.8:53 d.pub.network udp
US 34.160.152.31:443 d.pub.network tcp
US 104.26.13.133:443 app.fusebox.fm tcp
US 8.8.8.8:53 api.omappapi.com udp
US 172.66.42.248:443 api.omappapi.com tcp
US 8.8.8.8:53 onesignal.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.16.160.145:443 onesignal.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 static.libsyn.com udp
GB 13.224.81.17:443 static.libsyn.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 172.217.169.67:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 74.125.206.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 cdn.whatismyipaddress.com udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 52.57.169.143:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 c.pub.network udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 112.128.160.34.in-addr.arpa udp
US 8.8.8.8:53 239.152.111.34.in-addr.arpa udp
US 8.8.8.8:53 31.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 248.42.66.172.in-addr.arpa udp
US 8.8.8.8:53 145.160.16.104.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 17.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 143.169.57.52.in-addr.arpa udp
US 34.160.152.31:443 c.pub.network tcp
US 34.160.152.31:443 c.pub.network udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 34.111.152.239:443 optimise.net tcp
CZ 65.9.95.111:443 sb.scorecardresearch.com tcp
US 34.111.152.239:443 optimise.net udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 freestar-io.videoplayerhub.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 pb-rtd.ccgateway.net udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 secure.quantserve.com udp
US 172.64.144.166:443 cdn.confiant-integrations.net tcp
US 8.8.8.8:53 pb-ing.ccgateway.net udp
DE 162.19.138.83:443 id5-sync.com tcp
DE 162.19.138.83:443 id5-sync.com tcp
US 8.8.8.8:53 live.primis.tech udp
US 34.213.6.186:443 pb-ing.ccgateway.net tcp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 104.26.8.50:443 freestar-io.videoplayerhub.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.120.133.55:443 api.rlcdn.com tcp
DE 91.228.74.244:443 secure.quantserve.com tcp
US 35.95.128.205:443 pb-ing.ccgateway.net tcp
GB 18.165.160.6:443 live.primis.tech tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 s2s.t13.io udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 a.teads.tv udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prebid.cootlogix.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 35.186.253.211:443 rtb.openx.net tcp
US 104.248.109.184:443 prebid.cootlogix.com tcp
US 172.67.41.60:443 btloader.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
GB 92.123.241.36:443 a.teads.tv tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 18.159.212.21:443 btlr.sharethrough.com tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 13.224.81.89:443 hb.yellowblue.io tcp
IE 34.251.162.35:443 ads.yieldmo.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
IE 34.248.249.70:443 g2.gumgum.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 rules.quantcount.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
CZ 65.9.95.80:443 rules.quantcount.com tcp
US 34.107.140.113:443 s2s.t13.io udp
US 104.248.109.184:443 prebid.cootlogix.com tcp
US 8.8.8.8:53 s.seedtag.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
GB 13.224.81.122:443 tags.crwdcntrl.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
GB 18.165.160.56:443 config.aps.amazon-adsystem.com tcp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 111.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 166.144.64.172.in-addr.arpa udp
US 8.8.8.8:53 50.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 75.98.9.65.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 186.6.213.34.in-addr.arpa udp
US 8.8.8.8:53 6.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 205.128.95.35.in-addr.arpa udp
US 8.8.8.8:53 113.140.107.34.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 36.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 89.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 21.212.159.18.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 35.162.251.34.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 184.109.248.104.in-addr.arpa udp
US 8.8.8.8:53 70.249.248.34.in-addr.arpa udp
US 8.8.8.8:53 80.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 172.67.23.234:443 a.ad.gt tcp
US 104.26.3.70:443 ad-delivery.net tcp
IE 52.95.125.22:443 aax-eu.amazon-adsystem.com tcp
IE 52.213.178.209:443 bcp.crwdcntrl.net tcp
US 34.111.152.239:443 optimise.net udp
US 8.8.8.8:53 0bab77ffa60b93cfe5cab43efe89c810.safeframe.googlesyndication.com udp
GB 142.250.187.193:443 0bab77ffa60b93cfe5cab43efe89c810.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
US 8.8.8.8:53 122.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 56.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 197.9.9.65.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 22.125.95.52.in-addr.arpa udp
US 8.8.8.8:53 209.178.213.52.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 contextual.media.net udp
GB 92.123.240.21:443 contextual.media.net tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 cs.seedtag.com udp
GB 2.19.117.29:443 acdn.adnxs.com tcp
US 104.16.186.87:443 cs.seedtag.com tcp
US 8.8.8.8:53 sync.cootlogix.com udp
US 68.183.125.244:443 sync.cootlogix.com tcp
US 8.8.8.8:53 freestar-d.openx.net udp
US 34.98.64.218:443 freestar-d.openx.net tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 eb2.3lift.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 34.98.64.218:443 freestar-d.openx.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 csync.smartadserver.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 2.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 29.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 87.186.16.104.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 244.125.183.68.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 188.196.219.23.in-addr.arpa udp
GB 2.19.117.8:443 csync.smartadserver.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 sync.richaudience.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 onetag-sys.com udp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 cacerts.rapidssl.com udp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 u.openx.net udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 csync.loopme.me udp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 35.214.194.178:443 csync.loopme.me tcp
US 34.149.50.64:443 s.seedtag.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
IE 52.210.72.167:443 match.prod.bidr.io tcp
US 8.8.8.8:53 ads.us.e-planning.net udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 8.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 249.8.201.138.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 178.194.214.35.in-addr.arpa udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 167.72.210.52.in-addr.arpa udp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
CZ 65.9.95.49:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.18.6.198:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 35.170.216.127:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 player.aniview.com udp
GB 2.19.117.26:443 player.aniview.com tcp
DE 51.89.9.252:443 onetag-sys.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ced-ns.sascdn.com udp
NL 89.149.192.244:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 dis.criteo.com udp
GB 2.19.117.35:443 ced-ns.sascdn.com tcp
US 8.8.8.8:53 sync.1rx.io udp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 52.2.241.80:443 api-2-0.spot.im tcp
GB 142.250.180.2:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 sync.smartadserver.com udp
FR 164.132.25.184:443 sync.smartadserver.com tcp
US 8.8.8.8:53 49.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 198.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 127.216.170.35.in-addr.arpa udp
US 8.8.8.8:53 26.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 244.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 35.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.aniview.com udp
NL 35.214.194.178:443 csync.loopme.me tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
GB 142.250.180.2:443 cm.g.doubleclick.net udp
US 172.240.45.96:443 sync.aniview.com tcp
US 8.8.8.8:53 cs.media.net udp
US 70.42.32.255:443 b1sync.zemanta.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
GB 2.23.220.28:443 cs.media.net tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 149.202.238.105:443 rtb-csync.smartadserver.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.2.108.175:443 bc-sync.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 bttrack.com udp
IE 52.31.4.203:443 ad.360yield.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 192.132.33.68:443 bttrack.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 ap.lijit.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
IE 54.154.113.197:443 ap.lijit.com tcp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.2.233:443 cm.adform.net tcp
NL 35.214.194.178:443 csync.loopme.me tcp
IE 54.154.113.197:443 ap.lijit.com tcp
US 8.8.8.8:53 80.241.2.52.in-addr.arpa udp
US 8.8.8.8:53 184.25.132.164.in-addr.arpa udp
US 8.8.8.8:53 28.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 255.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 105.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 203.4.31.52.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 233.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 197.113.154.54.in-addr.arpa udp
US 8.8.8.8:53 t.adx.opera.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 p.ad.gt udp
US 104.22.5.69:443 p.ad.gt tcp
US 8.8.8.8:53 sync-gdpr.intentiq.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 sync.bfmio.com udp
GB 3.162.20.39:443 sync-gdpr.intentiq.com tcp
US 98.82.158.241:443 s.amazon-adsystem.com tcp
US 34.160.152.31:443 c.pub.network udp
US 34.202.180.87:443 sync.bfmio.com tcp
GB 54.192.137.93:443 loaksandtheir.info tcp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 api-gdpr.intentiq.com udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 34.160.152.31:443 c.pub.network udp
US 44.238.160.234:443 ids.ad.gt tcp
GB 13.224.81.82:443 api-gdpr.intentiq.com tcp
GB 142.250.200.34:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 governorneedle.icu udp
US 172.67.158.236:443 governorneedle.icu tcp
GB 142.250.200.34:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 44.238.160.234:443 ids.ad.gt tcp
US 52.71.71.25:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
NL 35.214.194.178:443 csync.loopme.me tcp
US 172.67.161.210:443 fine-download.com tcp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 39.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 87.180.202.34.in-addr.arpa udp
US 8.8.8.8:53 82.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 236.158.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.160.238.44.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 25.71.71.52.in-addr.arpa udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 dsp-cookie.adfarm1.adition.com udp
GB 172.217.16.234:443 ajax.googleapis.com tcp
US 104.26.2.174:443 yourjsdelivery.com tcp
IE 52.95.125.22:443 aax-eu.amazon-adsystem.com tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
IE 34.251.85.66:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 8.8.8.8:53 nostop.go2cloud.org udp
IE 52.210.174.128:443 nostop.go2cloud.org tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 sync-service.net udp
NL 35.214.194.178:443 csync.loopme.me tcp
US 104.22.5.69:443 p.ad.gt tcp
US 204.62.13.67:443 sync-service.net tcp
US 8.8.8.8:53 seg.ad.gt udp
US 104.22.5.69:443 seg.ad.gt tcp
US 8.8.8.8:53 174.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 210.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 217.210.82.80.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 128.174.210.52.in-addr.arpa udp
US 8.8.8.8:53 66.85.251.34.in-addr.arpa udp
US 8.8.8.8:53 stats.webanalyticscounter.com udp
US 104.21.83.248:443 stats.webanalyticscounter.com tcp
US 204.62.13.67:443 sync-service.net tcp
US 8.8.8.8:53 m.media-amazon.com udp
GB 3.162.23.168:443 m.media-amazon.com tcp
GB 3.162.23.168:443 m.media-amazon.com tcp
US 8.8.8.8:53 odr.mookie1.com udp
US 204.62.13.67:443 sync-service.net tcp
US 34.160.236.64:443 odr.mookie1.com tcp
US 8.8.8.8:53 aan.amazon.co.uk udp
US 8.2.108.175:443 bc-sync.com tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
US 8.8.8.8:53 ts.amazon-adsystem.com udp
GB 18.172.88.77:443 ts.amazon-adsystem.com tcp
GB 18.172.88.77:443 ts.amazon-adsystem.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 mb9eo.publishers.tremorhub.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 44.194.70.0:443 mb9eo.publishers.tremorhub.com tcp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 248.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 67.13.62.204.in-addr.arpa udp
US 8.8.8.8:53 168.23.162.3.in-addr.arpa udp
US 8.8.8.8:53 64.236.160.34.in-addr.arpa udp
US 8.8.8.8:53 44.237.254.3.in-addr.arpa udp
US 8.8.8.8:53 77.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 0.70.194.44.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:8443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdn.browsiprod.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 3.162.20.40:443 cdn.browsiprod.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 40.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 pixels.ad.gt udp
US 104.22.4.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 52.32.160.127:443 events.browsiprod.com tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
GB 13.224.81.8:443 yield-manager.browsiprod.com tcp
NL 185.235.87.13:443 gem.gbc.criteo.com tcp
NL 185.235.87.210:443 ag.gbc.criteo.com tcp
US 52.32.160.127:443 events.browsiprod.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 8.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 13.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 210.87.235.185.in-addr.arpa udp
US 104.21.83.248:443 stats.webanalyticscounter.com tcp
US 8.8.8.8:53 ezextractpro.s3.amazonaws.com udp
US 52.216.57.41:443 ezextractpro.s3.amazonaws.com tcp
US 52.216.57.41:443 ezextractpro.s3.amazonaws.com tcp
US 8.8.8.8:53 x.urs.microsoft.com udp
GB 172.165.69.228:443 x.urs.microsoft.com tcp
US 8.8.8.8:53 sq-tungsten-ts-eu.amazon-adsystem.com udp
US 8.8.8.8:53 speedtest.net udp
US 8.8.8.8:53 google.com udp
IE 3.254.236.147:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
GB 172.217.169.14:443 google.com tcp
US 151.101.130.219:443 speedtest.net tcp
FR 163.5.194.33:443 prebid.a-mo.net tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev udp
GB 3.162.20.113:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
GB 3.162.20.40:443 cdn.browsiprod.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.159.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 trk.playstretch.host udp
IE 3.254.236.147:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
IE 54.155.11.60:443 trk.playstretch.host tcp
US 216.239.34.36:443 region1.analytics.google.com udp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 www.speedtest.net udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 127.160.32.52.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 41.57.216.52.in-addr.arpa udp
US 8.8.8.8:53 219.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 147.236.254.3.in-addr.arpa udp
US 8.8.8.8:53 33.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 113.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 19.159.19.104.in-addr.arpa udp
DE 79.127.216.47:443 id.a-mx.com tcp
US 104.17.147.22:443 www.speedtest.net tcp
US 8.8.8.8:53 ai.browsiprod.com udp
US 104.17.147.22:443 www.speedtest.net tcp
US 8.8.8.8:53 sync.a-mo.net udp
GB 3.162.20.8:443 ai.browsiprod.com tcp
GB 142.250.200.36:443 www.google.com tcp
FR 163.5.194.37:443 sync.a-mo.net tcp
US 8.8.8.8:53 sync.kueezrtb.com udp
US 143.244.155.164:443 sync.kueezrtb.com tcp
US 52.32.160.127:443 events.browsiprod.com tcp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 22.147.17.104.in-addr.arpa udp
US 8.8.8.8:53 8.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 37.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 164.155.244.143.in-addr.arpa udp
US 8.8.8.8:53 id.rtb.mx udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
DE 79.127.216.47:443 id.rtb.mx tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 204.62.13.67:443 sync-service.net tcp
US 204.62.13.67:443 sync-service.net tcp
US 204.62.13.67:443 sync-service.net tcp
US 8.8.8.8:53 stun4.l.google.com udp
US 8.8.8.8:53 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 104.16.160.145:443 img.onesignal.com tcp
US 8.8.8.8:53 ezextractinstaller.com udp
US 172.67.181.227:443 ezextractinstaller.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 227.181.67.172.in-addr.arpa udp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
GB 172.217.169.14:443 google.com udp
GB 142.250.200.36:443 www.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 52.216.57.41:443 ezextractpro.s3.amazonaws.com tcp
US 52.216.57.41:443 ezextractpro.s3.amazonaws.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 rtb.primis.tech udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
GB 18.165.160.6:443 rtb.primis.tech tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 169.197.82.18:443 uploadhaven.com tcp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 orhavingartisticta.com udp
US 8.8.8.8:53 www.facebook.com udp
BE 64.233.184.84:443 accounts.google.com udp
US 103.224.212.215:443 jecromaha.info tcp
GB 18.244.140.79:443 ghabovethec.info tcp
GB 143.204.176.76:443 getrunkhomuto.info tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 79.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 loaksandtheir.info udp
US 103.224.212.215:443 jecromaha.info tcp
GB 172.217.16.234:443 ajax.googleapis.com udp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 ezextractpro.s3.amazonaws.com udp
US 52.216.250.196:443 ezextractpro.s3.amazonaws.com tcp
US 52.216.250.196:443 ezextractpro.s3.amazonaws.com tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.14:443 google.com udp
US 8.8.8.8:53 196.250.216.52.in-addr.arpa udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 trk.playstretch.host udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 172.67.181.227:443 ezextractinstaller.com tcp
US 8.8.8.8:53 192.98.74.40.in-addr.arpa udp
US 172.67.181.227:443 ezextractinstaller.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.171:443 r.bing.com tcp
GB 92.123.128.165:443 r.bing.com tcp
US 8.8.8.8:53 171.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 165.128.123.92.in-addr.arpa udp
US 103.224.212.215:443 jecromaha.info tcp
US 52.216.250.196:443 ezextractpro.s3.amazonaws.com tcp
US 52.216.250.196:443 ezextractpro.s3.amazonaws.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

\??\pipe\LOCAL\crashpad_4148_IGNIFMNBUWXMMNCU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13ce42270878bd02bbb082d11a66cd2d
SHA1 0342e7a00be2f8dfbe955abd62f40b5ef8e38400
SHA256 c11084c2d7f57da6ea16eca057c8485762d9bd4afff4deebd2c0ed0218709e3d
SHA512 66d9a89011b65ce56809de4cbb8e52daaffc4335220cef9b17594ab9c6a744bf62625322497022747261c67a3ca31912d49d5ddaeecd3589a786058f30cacfb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa1209d7e0c1002a8db4b97043cc1d09
SHA1 9247db6fa5448237bb83c536b5126c810bf18657
SHA256 1cc157763aa5092c7004dc78c0f4ca19d27bc22449f2461d8b5764f911c421e0
SHA512 e79ae389fe60d686cb80079d66f352ee305ffd32b5c42dc175882edac52300c32675bac52b6c923c5183a57b67ceba3f7e0a6724bea5162152794f0f556a0b8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2eb589db26a461deea762c94f1a1742a
SHA1 2b5c6fbfb2f24e6cb14e8c0312fab4b90d7d5afe
SHA256 5a6c53dddbdde9a4f4f960d7898cf16ec3ee45112bc6c44f02850efee01e4708
SHA512 dd79168ab6d72c8c7c27fed076f642cc888d05687f2f333d97e993bad4f28957322a9a997692dac92be0d63e1e2b6a73bf47ab02b25dc64cebaaa297c7847ff9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ab9845b0f2f7653054be576aaad6de4
SHA1 6a51c66a1d160525764ba7dbbec64a4dc2163d11
SHA256 84b362b6bcc80f58b4ae188e7e5c9322028cf199aea6d110e7d82bb84092252f
SHA512 a3b4ac6c0c9bedca357d18e56ba588d9c7ff6b1a226e1382f32d05e278a858aa43a72af1f5761377c662a3ce107eb87f1e22540c89c24c67196d6982fce356f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3320186d0a8011362ace8ca30f69dd4
SHA1 530ecd39668d05c6768a3cf2adb946fc92ceb1ba
SHA256 6a02dcfc577c3751eb8da371d1fb66b15d41dcd4b97d963a1fdbbd43e79928c4
SHA512 b1582345d309c8a668257eb6277aca224a919b785fdabd8a0cc3ee73ee63e3b18aff4740db95e71b0cf14e2f51f08b8da8fa41e7cd22a7f660d6327598af5989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e995.TMP

MD5 7a34497feb0f0bc6eb85ff082e925501
SHA1 1776202a9cea6115faf0d06273e5efd9aea48421
SHA256 b86761ccb754876982f29626a8842642bb674df8bc7f7272a82a0bb4967cf139
SHA512 2eb99ab2c312c033c8db12cc1940e38c7681a2b3c38ec6dbb54306bfe9888d6f24beb14d32f8be1c9aae237607b76245e8880c51af6dd29a61cf8b98270404f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4b1de3bcc0c341817a6184283bad426
SHA1 d1c16ced9e2902fe19f7bc8ccefe32fbcd3c7131
SHA256 683584887e09aa02f6dd622cc288d5b6aae64fcc0bac8b49fe0ae5add223750d
SHA512 3478c81dd40506180f25e0b2840fe35ba60a21d68ee36e443c7fb3e9228df91d744d0d515d0ebd019edad570f1cf9e587891b314738d94a3ebfc952288e7bc83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 542cbf1204053c207fdd4229179b4532
SHA1 07d6e41450bc9f6059d0888d82c67036251c9dc9
SHA256 9d85283763bc7b27a4e600c007fb811bc81b6603580ed0f69f6f23f2f68f0d00
SHA512 0db2ab963508ab6f9b9cc94e107f32a7206aba713bf800708fb2bf997c9daa07de8dd830e78702540c385da60e47aa675ce04c3e0aeae2a2ac050359156ba2b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

MD5 60462d29cf50606cdda8d5057fd4de28
SHA1 0a7f8a6daa9233d860e72407b89f24e8df3f26ed
SHA256 08e26ddbe3dd98e08fd88597e1562975b062669f95dd7df634a1fbbd70f30721
SHA512 b63359cbd0434cbebb55c8bf5e6c70fb2dd28b850ec5f96e7166e9044dcdc887935a807d79e9fc2d292d77734166a050afb306d45941bd615d11c4cd687199e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f82ae4fab3916a30aa2de52f022dc59
SHA1 5d9bfd623be0be4d1406173d795b68d5300c411c
SHA256 c2d206a851047d944a6ecce7316daf0792967b57d21a4ed25c65c3707d1061b5
SHA512 d721464b77cb5bc723329f76df1b565ae61b853bbd679fa678f3ab3b5218ae488a8d3d30ae4097f3fb9fc2a90cbc5f190911e53bb01998eef35362a119744435

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2a068713f23bfd1c0a6806f5fc2e2ab5
SHA1 2f564156aace90d6287c1b1dcbd734e9ea29aa2a
SHA256 91a24b34e26768ab8f316c6a0eddbcc8ca4574bfb51694bc6f99da7a00279e36
SHA512 6db6dd504bcda6ff08657b4675c80858b64e634c5af615ee2de6edbf65c62d3e78c37466ead950b5b732f31e3c93d86ffa92dd8e96544c4c9d5b0169782820f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5818f2.TMP

MD5 0fc9be5d6dd06f86db4e035b256aad76
SHA1 60d803c9cb91af8ee2c8e129cb313c0ce3b3af1e
SHA256 04762fe12a07124a1e6dea9064b973e4c2a31ef9ca5d62aa2c62d2ddc3b21ec0
SHA512 f3cc3bea704fb3bef50296442d05657b361af53cb15a0736f75e6700b12811739a3ecfa98759fac597b7cc589a1d26422191dc84da495543988ea4d6fd2c24eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\Downloads\Unconfirmed 26233.crdownload

MD5 7399ebe1e1b9c99f3cb4a2521d424384
SHA1 7a560782421feb72b1e84f162cf0abd0809fda28
SHA256 4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f
SHA512 80b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a684a07e5ceecbec6099f738cddd62c4
SHA1 ab9a4a0a2cd416a429c86f9bf1f8811b18ef7dcf
SHA256 a9478705cbc21f8b65ffd5326e421c282ee2dc771f875249fb7c66c00931ac1c
SHA512 7f2e07accc3394e2d2d44bdc54c0192d36a5a13b7e9750de91d02e6b3677be4c59903de04c7e575a7c8c874733d9481d6be49e8b72865c082ca2ea1b31757842

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aea8c09e62b223eefb30bbbd3e807cfa
SHA1 a3a16d68da41be86d3519b56cb343262c366fc4c
SHA256 30b1eea534be28c7973c49e4d1dc941679525011ab3323efcb28bd9e750c1ca5
SHA512 093a1724dcda83619328c80ee9dc1a00ee6d25d7eb7fc1a87c98a981b7c0ae45f92ca3047192294fe3e074d45422ac81b7d487a3836ce60cddb7996c0cb8135f

C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\NsisPlugin.dll

MD5 1d0e98e6817a35237509731e1398b47a
SHA1 2690a72941f1641495a1cf51ebf5399987a74e5c
SHA256 23abc9395b36419700f31b507f13a189ec2eeb70c7e1a1fe9406c2b9e0728298
SHA512 5cf919baa11e3cdc3518a351e206a5dc84bb1beaf933194d27fb0a96edbc6b90a58106c45a357e8c7af9de815b4e74cf5e42a22bc91b5fac02bb386a6638d0ce

C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b2f528b32d7f07b4a3dd4b2f764d9cb
SHA1 e52d2a6e645cf03e837adc2b81bd1ef54307e38e
SHA256 5ba514b5a8845f9c3f03110a24b7f25ad331b1de89772bf8f5f58759a1282ea3
SHA512 c2d649248442fcb791893fcd7fbb880711712bda88bc45cd52e23c326e5f5cb2258deddf3472fee45a0a6542c6cdaf12d37d722b666443a1609d285dae8f5929

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc1fee224c580ddf753a31e21d5cdf38
SHA1 5711055c2a53f2ac3fc0163178a9ed09ef629502
SHA256 f3f93c6a489928ea59189e4fc58371e3c2ccfd65588c3e5b3779677b4dcae31c
SHA512 7ab4669535633d029633ee94515ebd1216811d20c1ceac9964cf30fe9e7c808ffee13b0d1c7c999f3e057abc4a62321da60a66705f4ee420bd3578d9dcf02031

C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe

MD5 3b67b6026237810356f5aefb373d2b15
SHA1 1a4d565f81195adb9c048f8eb7fa7d77018ee3d1
SHA256 554ef8f1d2b201421a53dbbf897fcbea20dbba9d6e8fa881ad0b52be60c11f5e
SHA512 4e4a7445b1580c2076174c336414d5918a3fc0afbb13d56d29bd1fc18ca114affad1ced06fd52624292012dff2b95a76b19f4e3f9940c2d9a333c290a95d4641

C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

memory/6780-763-0x0000000000ED0000-0x0000000000FAE000-memory.dmp

memory/6780-764-0x000000001BD80000-0x000000001BEC6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1d334cebc2639aa14373bbdc1d45a2fb
SHA1 c432f287f7bac5d793524f88d5eff3f40296245f
SHA256 e014b32a3aa72022087309221579debd435a545635fd2160002a681c31dd2085
SHA512 cddaff054b4f3167ad760614f6ec39f12bc4b9b883cb88372d47a39075fb414b55c22ccdc7661e09f4dab9ed5e2de02427c532e9ecb7f653aefa4aae89ba0eb8

C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nsl530F.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

memory/6780-781-0x000000001BD30000-0x000000001BD38000-memory.dmp

memory/6780-782-0x0000000021250000-0x0000000021288000-memory.dmp

memory/6780-783-0x000000001BD60000-0x000000001BD6E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 aecb663d8cab603ceff4d907a7d95946
SHA1 cb3b9ea6f80c0e257ce87428d76715809c3d44ff
SHA256 2bbb06d40c72fc14ba6db2be10c940a078e7139c25498a5f0772b62992bdea08
SHA512 443ec85639b74555ddcddc233b9a48f4287d0332388fc5263611fca8836deb187f4f06a2f2f43b752df3961c76788b30bc86054c9a1a5001d953fab90ef4c645

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd78d4f69062b6c3476c508f89a72a02
SHA1 af0b3a4404e87b3b11f571bed25701407e054af3
SHA256 e0912e5a8aa7658ad8a7f15fe51deda39ae6e143ba2251c208def189c32c6a3b
SHA512 04655942a3bd02bbdf06b5b5fc5c955e28487bd326d389e40b84efc19911c17ae3f711408aed5fa5c38eba7d99af979e18cea008b849837f74bf476e3018aa6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a68228c0939a76bc050de2d162213d16
SHA1 535a5572d5846a78aa82c1a943ede2d4167ebfad
SHA256 7866fbac45b678e1a6e3b6638e3984198818f7f43006c7fd006409b143ac01b7
SHA512 2b4b98bb6c75a440635fe0212e73f289ece459991b1c0e0b05dabaa7df8c7326059d53684f298c0195d8aa31d4a34843f41fa0319d1f44c614d467c575dff914

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3d0cc15bc33d6ddbd9a1b7a986e92129
SHA1 e95dfdb6e2186aea7bce10c1515c6a5d2afab48c
SHA256 049941a855916a6c0b2aeb87188761d6061b4cc1d80504d68d0712cb06060f37
SHA512 839a3ba5e49490017c7f6962f7dcce76f290e5b251e627cba955814da0d9c6ad0ddb2b344485d6e6c89605089d399ef576409673a06f605be62b96629e7b2361

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 39a4d0b03799020307758961f4199b19
SHA1 74a4e6b0223643361bec8d4b26b39675cbc3e565
SHA256 90d6afa2c2052df89b0522e51b8c98cda61b819e2b24a75c2c0fcb218bc451f4
SHA512 015a1be54de12ab28f14b5cfdc8def812c7dd5202b5ff827ad6b3ead493d2caf3e6b52164c3cc7dd1e5c9eb85b8ed93b6f55b242ae630e92ee78c4e01ce83b78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad8d0ea8c11a6efeb4ed228f19e85e04
SHA1 4dcc9d80083653c4574eac35dc218903b3176f97
SHA256 65329b5801b22ee7a76c707084c5b922a8ab9d616b56e7c22cbf43625c15774b
SHA512 22ef37fca5f364ca464f8de798e00a241b9096a06b793d38668e177fecd9e23e0e130d244b619f6314602e6bc4c050f03f4c20bcdff1b3e92455b7cdfaf88de2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ec106c3ca9d382bec41ad8f80a9a447
SHA1 d09a29da6863f8f06953c21470a274aa4fe07d9b
SHA256 6d31999f65a28ce0652870e1c9c23f8d3dfad57503c0ff975326e6ae353ff1df
SHA512 f069eb8e45678786a2abda0e50acb7798e3c627cdbb69cb6d7366abf740ac7ea55622794a288e6ef579341334b29d20cf0d23ac07c8223c389fe2471f6ad7fd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 95ad70b0720495f26f4b7dc7aa152c13
SHA1 d325d177460b579980d6b36a4da2defbc709d6ce
SHA256 7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc
SHA512 ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1dc97cfd0151049d0419bb0cc95a59ad
SHA1 f7f58e6f9722000e1a7ba7abc98953c35b8840da
SHA256 1e228402f05431098d28d2f0280f98e768e05c850995019f80c9d1cdda530f4e
SHA512 7abaa333fed0f3db945c911b3eb0db23b708377a4ecbf764ffaf91fd811cb961ee73a09edd58c6925b665d2303db3f05ec5cac3e42a75ee5d7b94358bbfc1bf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 2f1eb7d86ace8fadf0bf9f04728e6343
SHA1 fe0140afe94535872485112ef447c29e0c3eb344
SHA256 e1ef030b6c6fe32f650f1e1e01c71a230ca38f2d2aa8d4da0f16521838bdaae4
SHA512 ae58237b88c1082c318f772657a8f382a5e2cc3ab676a89f3ea31e71234d3757091ac3a3a2b88e3a857cb5af0da6fc7ccf39f59fae810160a3771ea867573473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1468fb8ca1ddac144d8f58781dca241
SHA1 1d08bfcd7939241f2408be53762205504ecf5460
SHA256 4596235a0f9a644d2fd5df1b33f49a5b726375ab4dee0846baacea73e98de32e
SHA512 e17d256830aa8b3e37447cf56e9ec6a3836d3ac0352e502f33178482a180a964a134f460c97d14169f970bdfbda9df1ddd2cf56f906e0a19e8c0c2ce35bd9e98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d498ab3052e87e49833c83196634e371
SHA1 77ffad54990c7821e71b71da82eb27967013d6d1
SHA256 b936ae4ec21465e6dcd2e57357c13145f9fda11c2741d7c368624036ef2b8a4f
SHA512 47f50b73e85c088a43ae63d376e8549ef32f7169fc03e87a6c6a294a1b049ab9ca85e9fc28d859cd49fb3f4a43ace87d52338c7b28f3be8624035905a53b522c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 929b1f88aa0b766609e4ca5b9770dc24
SHA1 c1f16f77e4f4aecc80dadd25ea15ed10936cc901
SHA256 965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074
SHA512 fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc30716273cdb160ed1fd5d50a507a6a
SHA1 cf4e9d033cc2b6d8b1985849f5a85650bf9cf866
SHA256 c81df2fe4462a187c6f0c4b6a3c987f8b90fbe40db7c0adf662ce1114ca3f407
SHA512 7c25d6b78d9ea41c0e826e688f9d36949b6c999e21ffc5f07be66c66e2a2e3f299efecff740dccf0a3f0d01bf9d4b6861d1ebb3daee60eff71c73da3a3866367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

MD5 4cfdf961f46b8e8e1b1861e5dc41173b
SHA1 340f370f4a3bd1086feff50772f3c0b9b544f7ae
SHA256 d9a6b0dd794016db5cba73545744cb12538935c462b97bcf704da43931d5e9ba
SHA512 3e7a4d4729e884262a639f7ff06502837a3918461809eaa98fc4607bcc21cce7d8a860c20dd1ea0221d39f411ab23e152a86648dbcff14b2026f468d7cb856a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c0051c6389f4b79bf66374817cbad1b0
SHA1 701f8056b3f8efaa8bf2d83b8251888d83814a75
SHA256 69288fbdf6752896d040f22445e4da1e7405461692a2571e3b9d2596ffa3f21c
SHA512 40fded20d33efef156509d768217fde72b947164da3276847a42018a72f4b9b24f7321e1ccf63b779b5543695fc1af3a8bd3123debfc2d817ca15321f4a09cde

memory/6780-1292-0x00000000016A0000-0x00000000016B2000-memory.dmp

memory/6780-1293-0x00000000017C0000-0x00000000017FC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 30903e0d5f78035c86dd8024f1ca1d64
SHA1 701372f11145dc393112af72eaaf759f69c7cdf1
SHA256 19a01fbb2f00fb09418c72e2837478650f82c57f156352375cf22936e40c3eca
SHA512 4fb87cd488d93831613e1c43a27dda4e9820ebb39c68bceb117b03ec72a178d9e14f5dc9436e419238fac7677573d633fe6b55ee43479950c5eb4ca8f1dd87f2

C:\Users\Admin\Downloads\Unconfirmed 598058.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e