Malware Analysis Report

2025-01-23 15:01

Sample ID 240831-rvaj8aybrd
Target http://haxball.com
Tags
antivm discovery motw phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file http://haxball.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm discovery motw phishing

Looks up external IP address via web service

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Reads CPU attributes

Checks CPU configuration

Changes its process name

Reads runtime system information

Writes file to tmp directory

Browser Information Discovery

Enumerates kernel/hardware configuration

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-31 14:30

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-31 14:30

Reported

2024-08-31 14:35

Platform

ubuntu2004-amd64-20240611-en

Max time kernel

300s

Max time network

303s

Command Line

[xdg-open http://haxball.com]

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself glxtest:disk$0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-/usr/libex N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/lib/firefox/firefox N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/nautilus N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/usb/devices /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/usb/devices /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/class /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/class /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/virtio0/drm/renderD128 /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/glxtest N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/task/1689/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/151 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/dconf-service N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/goa-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/34 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/127 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1847/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/1856/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/gnome-keyring-daemon N/A
File opened for reading /proc/self/fd/90 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/12 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/161 /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/gnome-keyring-daemon N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1694/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1780/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/149 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-goa-volume-monitor N/A
File opened for reading /proc/1402/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/133 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/32 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/131 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1/cgroup /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /proc/self/fd/108 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/103 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/1607/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/84 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/155 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/1597/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/gvfsd-fuse N/A
File opened for reading /proc/self/fd/94 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1582/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/1868/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/1410/status /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A
File opened for modification /tmp/tmpaddon /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open http://haxball.com]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox http://haxball.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox http://haxball.com]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/lib/firefox/glxtest

[/usr/lib/firefox/glxtest -f 13]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {aa628b73-243f-4aa2-833f-cd5e9fa4f321} 1531 true socket]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/libexec/gvfsd

[/usr/libexec/gvfsd]

/usr/libexec/gvfsd-fuse

[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]

/usr/libexec/dconf-service

[/usr/libexec/dconf-service]

/usr/bin/nautilus

[/usr/bin/nautilus --gapplication-service]

/usr/libexec/gvfsd-trash

[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20271 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {cddfd6c2-4069-4b2b-9d1d-ff2a69422575} 1531 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26979 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {6aa12431-923a-4117-8f4a-05257d557956} 1531 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25456 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {dbc34c36-8f2e-4360-a100-5a8bd59d7735} 1531 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25597 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {cd87feeb-bd27-4749-a598-28427b05dc13} 1531 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 27888 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {277b3af3-ea11-49a5-9d85-b22a99616e30} 1531 true utility]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 27923 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {1f3b0d01-0d0a-41a3-9e23-cc4d0c86a4f3} 1531 true rdd]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25923 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {5feba030-6d68-48e5-907e-f280fda3feb0} 1531 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25923 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {15857568-0909-45c9-8a8f-f37ed831c229} 1531 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 25923 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {2f035197-4ea1-4185-858a-d445548f7737} 1531 true tab]

/usr/bin/gnome-keyring-daemon

[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]

/usr/libexec/gvfs-udisks2-volume-monitor

[/usr/libexec/gvfs-udisks2-volume-monitor]

/usr/libexec/gvfs-afc-volume-monitor

[/usr/libexec/gvfs-afc-volume-monitor]

/usr/libexec/gvfs-mtp-volume-monitor

[/usr/libexec/gvfs-mtp-volume-monitor]

/usr/libexec/gvfs-gphoto2-volume-monitor

[/usr/libexec/gvfs-gphoto2-volume-monitor]

/usr/libexec/gvfs-goa-volume-monitor

[/usr/libexec/gvfs-goa-volume-monitor]

/usr/libexec/goa-daemon

[/usr/libexec/goa-daemon]

/usr/libexec/goa-identity-service

[/usr/libexec/goa-identity-service]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 31701 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {adb65f29-a74c-4526-a652-048a7979ba33} 1531 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 29086 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {c3a9cc1e-28a0-4952-8b8e-a8c322ee09ca} 1531 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 10 -isForBrowser -prefsLen 29086 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {e06d95fc-beba-44f2-9237-9d4c514efcbe} 1531 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 haxball.com udp
US 1.1.1.1:53 haxball.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 104.21.32.203:80 haxball.com tcp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 www.haxball.com udp
US 1.1.1.1:53 www.haxball.com udp
US 104.21.32.203:80 www.haxball.com tcp
US 1.1.1.1:53 www.haxball.com udp
US 172.67.187.117:443 www.haxball.com tcp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 172.67.187.117:443 www.haxball.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 172.217.16.238:443 www.youtube.com udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 static.doubleclick.net udp
US 1.1.1.1:53 static.doubleclick.net udp
GB 142.250.187.198:443 static.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 142.250.187.198:443 static.doubleclick.net udp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 1.1.1.1:53 yt3.ggpht.com udp
US 1.1.1.1:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 play.google.com udp
US 1.1.1.1:53 play.google.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 216.58.204.78:443 play.google.com tcp
GB 216.58.204.78:443 play.google.com tcp
GB 216.58.204.78:443 play.google.com udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 172.67.187.117:443 www.haxball.com tcp
US 1.1.1.1:53 www.haxball.com udp
US 1.1.1.1:53 server.cpmstar.com udp
US 1.1.1.1:53 server.cpmstar.com udp
US 131.153.171.235:443 server.cpmstar.com tcp
US 1.1.1.1:53 ssl.cdne.cpmstar.com udp
US 1.1.1.1:53 ssl.cdne.cpmstar.com udp
US 1.1.1.1:53 cs2154.wpc.alphacdn.net udp
US 152.199.21.117:443 ssl.cdne.cpmstar.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 stun.l.google.com udp
US 1.1.1.1:53 p2p.haxball.com udp
US 1.1.1.1:53 p2p.haxball.com udp
US 1.1.1.1:53 p2p.haxball.com udp
US 74.125.250.129:19302 stun.l.google.com udp
US 172.67.187.117:443 p2p.haxball.com tcp
BA 62.113.18.121:60167 udp
US 74.125.250.129:19302 stun.l.google.com udp
US 1.1.1.1:53 p2p.haxball.com udp
US 172.67.187.117:443 p2p.haxball.com tcp
US 172.67.187.117:443 p2p.haxball.com tcp
BA 62.113.18.121:60582 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.98:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
GB 143.204.72.186:443 www.mozilla.org tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 1.1.1.1:53 whatismyipaddress.com udp
US 1.1.1.1:53 whatismyipaddress.com udp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.223.79:80 whatismyipaddress.com tcp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 104.19.222.79:443 whatismyipaddress.com udp
US 1.1.1.1:53 ds6.whatismyipaddress.com udp
US 1.1.1.1:53 ds6.whatismyipaddress.com udp
US 1.1.1.1:53 app.fusebox.fm udp
US 1.1.1.1:53 a.omappapi.com udp
US 1.1.1.1:53 a.omappapi.com udp
US 1.1.1.1:53 app.fusebox.fm udp
GB 143.244.38.136:443 a.omappapi.com tcp
US 1.1.1.1:53 cmp.inmobi.com udp
US 1.1.1.1:53 cmp.inmobi.com udp
US 1.1.1.1:53 a.pub.network udp
US 1.1.1.1:53 a.pub.network udp
US 104.18.21.206:443 a.pub.network tcp
US 104.18.21.206:443 a.pub.network udp
US 1.1.1.1:53 maps.whatismyipaddress.info udp
US 1.1.1.1:53 maps.whatismyipaddress.info udp
US 1.1.1.1:53 d.pub.network udp
US 1.1.1.1:53 d.pub.network udp
US 104.26.13.133:443 app.fusebox.fm tcp
US 104.26.13.133:443 app.fusebox.fm udp
US 1.1.1.1:53 api.omappapi.com udp
US 1.1.1.1:53 api.omappapi.com udp
US 172.66.42.248:443 api.omappapi.com tcp
US 104.26.13.133:443 app.fusebox.fm udp
US 104.26.13.133:443 app.fusebox.fm tcp
US 1.1.1.1:53 onesignal.com udp
US 1.1.1.1:53 onesignal.com udp
US 104.26.13.133:443 app.fusebox.fm tcp
US 104.16.160.145:443 onesignal.com tcp
US 104.16.160.145:443 onesignal.com udp
US 1.1.1.1:53 static.libsyn.com udp
US 1.1.1.1:53 static.libsyn.com udp
GB 18.165.242.34:443 static.libsyn.com tcp
US 1.1.1.1:53 region1.analytics.google.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 1.1.1.1:53 region1.analytics.google.com udp
US 1.1.1.1:53 www.google.co.uk udp
US 1.1.1.1:53 www.google.co.uk udp
BE 142.250.110.157:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.187.195:443 www.google.co.uk tcp
US 1.1.1.1:53 cmp-prod.inmobi-choice.io udp
GB 18.244.114.32:443 cmp.inmobi.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.187.195:443 www.google.co.uk udp
BE 142.250.110.157:443 stats.g.doubleclick.net udp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 1.1.1.1:53 cdn.whatismyipaddress.com udp
US 1.1.1.1:53 cdn.whatismyipaddress.com udp
US 104.19.222.79:443 cdn.whatismyipaddress.com tcp
US 1.1.1.1:53 api.cmp.inmobi.com udp
US 1.1.1.1:53 d.pub.network udp
US 1.1.1.1:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 34.160.152.31:443 d.pub.network tcp
US 104.19.222.79:443 cdn.whatismyipaddress.com udp
DE 3.124.222.217:443 api.cmp.inmobi.com tcp
US 34.160.152.31:443 d.pub.network udp
US 1.1.1.1:53 sb.scorecardresearch.com udp
US 1.1.1.1:53 sb.scorecardresearch.com udp
US 1.1.1.1:53 optimise.net udp
US 1.1.1.1:53 optimise.net udp
GB 18.165.242.4:443 sb.scorecardresearch.com tcp
US 34.111.152.239:443 optimise.net tcp
US 34.111.152.239:443 optimise.net tcp
US 34.111.152.239:443 optimise.net udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 1.1.1.1:53 cdn.confiant-integrations.net udp
US 1.1.1.1:53 cdn.confiant-integrations.net udp
US 1.1.1.1:53 freestar-io.videoplayerhub.com udp
US 172.64.144.166:443 cdn.confiant-integrations.net tcp
US 1.1.1.1:53 freestar-io.videoplayerhub.com udp
US 172.67.74.207:443 freestar-io.videoplayerhub.com tcp
US 172.64.144.166:443 cdn.confiant-integrations.net udp
US 1.1.1.1:53 btloader.com udp
US 1.1.1.1:53 btloader.com udp
US 104.22.75.216:443 btloader.com tcp
US 104.22.75.216:443 btloader.com tcp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp

Files

/root/.cache/dconf/user

MD5 c4103f122d27677c9db144cae1394a66
SHA1 1489f923c4dca729178b3e3233458550d8dddf29
SHA256 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA512 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

/tmp/tmpaddon

MD5 30082ae40dc48af6343db2fd22cfc645
SHA1 3eb577555ee638e8beb01173e8f29e172747a728
SHA256 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76
SHA512 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-31 14:30

Reported

2024-08-31 14:35

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

141s

Max time network

301s

Command Line

[xdg-open http://haxball.com]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/module/apparmor/parameters/enabled /usr/bin/dbus-daemon N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/1559/status /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/1575/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/1554/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/1559/attr/apparmor/current /usr/bin/dbus-daemon N/A

Processes

/usr/bin/xdg-open

[xdg-open http://haxball.com]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox http://haxball.com]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
GB 185.125.188.58:443 api.snapcraft.io tcp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.55:443 api.snapcraft.io tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
US 1.1.1.1:53 api.snapcraft.io udp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
GB 185.125.188.58:443 api.snapcraft.io tcp
US 1.1.1.1:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 1.1.1.1:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 91.189.91.42:443 canonical-bos01.cdn.snapcraftcontent.com tcp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
US 1.1.1.1:53 api.snapcraft.io udp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.59:443 api.snapcraft.io tcp
US 1.1.1.1:53 canonical-lgw01.cdn.snapcraftcontent.com udp
US 1.1.1.1:53 canonical-lgw01.cdn.snapcraftcontent.com udp
GB 185.125.190.26:443 canonical-lgw01.cdn.snapcraftcontent.com tcp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.55:443 api.snapcraft.io tcp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.55:443 api.snapcraft.io tcp
GB 185.125.188.55:443 api.snapcraft.io tcp
US 1.1.1.1:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 1.1.1.1:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.55:443 api.snapcraft.io tcp
US 1.1.1.1:53 canonical-lgw01.cdn.snapcraftcontent.com udp
GB 185.125.190.27:443 canonical-lgw01.cdn.snapcraftcontent.com tcp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 1.1.1.1:53 canonical-lgw01.cdn.snapcraftcontent.com udp
GB 185.125.190.28:443 canonical-lgw01.cdn.snapcraftcontent.com tcp
US 8.8.8.8:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 8.8.8.8:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 91.189.91.43:443 canonical-bos01.cdn.snapcraftcontent.com tcp
US 91.189.91.43:443 canonical-bos01.cdn.snapcraftcontent.com tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp

Files

/root/.dbus/session-bus/f2de92a803c744e586bd87567a26b68a-0

MD5 9581d30e60718b15782e781b683791bb
SHA1 31809168b531b7e055d6aa1e3911b359af642391
SHA256 e8a29907a7f89d84f23ce27d1e6116f913eb5351ce0b9b5f4117c73bea706332
SHA512 177b8e15b6c4e4dedf7c34254d0bee493cb67a2de1bd29c416d921191b8542764a7e7fdf98dc5a663eb980aa8f67b7fd5406fc7f071f61161ee81d46ed259a3c

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-31 14:30

Reported

2024-08-31 14:35

Platform

win11-20240802-en

Max time kernel

297s

Max time network

301s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://haxball.com

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{A8E4A36E-4C01-4752-8EBB-06CA644EC962} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4736 wrote to memory of 1556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://haxball.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa16b83cb8,0x7ffa16b83cc8,0x7ffa16b83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5032 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C0

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3848 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 haxball.com udp
US 172.67.187.117:80 p2p.haxball.com tcp
US 172.67.187.117:80 p2p.haxball.com tcp
US 172.67.187.117:80 p2p.haxball.com tcp
US 172.67.187.117:443 p2p.haxball.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.178.6:443 static.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
GB 142.250.180.1:443 yt3.ggpht.com udp
US 131.153.170.213:443 server.cpmstar.com tcp
US 8.8.8.8:53 213.170.153.131.in-addr.arpa udp
US 152.199.21.117:443 ssl.cdne.cpmstar.com tcp
N/A 224.0.0.251:5353 udp
US 131.153.170.213:443 server.cpmstar.com tcp
US 131.153.170.213:443 server.cpmstar.com tcp
US 74.125.250.129:19302 stun.l.google.com udp
US 104.21.32.203:443 p2p.haxball.com tcp
US 131.153.170.213:443 server.cpmstar.com tcp
US 131.153.170.213:443 server.cpmstar.com tcp
US 131.153.170.213:443 server.cpmstar.com tcp
US 74.125.250.129:19302 stun.l.google.com udp
US 104.21.32.203:443 p2p.haxball.com tcp
BA 62.113.18.121:63136 udp
US 74.125.250.129:19302 stun.l.google.com udp
US 104.21.32.203:443 p2p.haxball.com tcp
BA 62.113.18.121:64741 udp
GB 88.221.135.1:443 www.bing.com tcp
GB 88.221.135.1:443 www.bing.com tcp
GB 88.221.135.1:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.182:443 th.bing.com tcp
GB 95.101.143.193:443 th.bing.com tcp
GB 95.101.143.193:443 th.bing.com tcp
GB 95.101.143.182:443 th.bing.com tcp
US 188.114.97.0:443 www.pyproxy.com tcp
US 188.114.97.0:443 www.pyproxy.com tcp
US 188.114.97.0:443 www.pyproxy.com tcp
GB 88.221.135.104:80 apps.identrust.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
US 104.21.6.185:443 papi.pyproxy.com tcp
US 104.21.6.185:443 papi.pyproxy.com tcp
US 104.21.6.185:443 papi.pyproxy.com tcp
US 104.21.6.185:443 papi.pyproxy.com tcp
US 104.21.6.185:443 papi.pyproxy.com tcp
US 104.21.6.185:443 papi.pyproxy.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 104.19.222.79:443 whatismyipaddress.com tcp
US 8.8.8.8:53 a.pub.network udp
US 104.26.13.133:443 app.fusebox.fm tcp
GB 79.127.237.132:443 a.omappapi.com tcp
DE 3.160.150.117:443 cmp.inmobi.com tcp
US 104.18.20.206:443 a.pub.network tcp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 optimise.net udp
US 104.26.5.215:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 d.pub.network udp
US 34.160.128.112:443 api.floors.dev tcp
US 34.111.152.239:443 optimise.net tcp
US 34.160.152.31:443 d.pub.network tcp
US 104.26.13.133:443 app.fusebox.fm tcp
US 172.66.42.248:443 api.omappapi.com tcp
US 8.8.8.8:53 223.111.17.104.in-addr.arpa udp
US 8.8.8.8:53 206.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 117.150.160.3.in-addr.arpa udp
US 8.8.8.8:53 215.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 112.128.160.34.in-addr.arpa udp
US 8.8.8.8:53 239.152.111.34.in-addr.arpa udp
US 8.8.8.8:53 31.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 248.42.66.172.in-addr.arpa udp
DE 18.245.60.24:443 static.libsyn.com tcp
DE 3.124.222.217:443 api.cmp.inmobi.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 173.194.76.155:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 173.194.76.155:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 34.111.152.239:443 optimise.net tcp
DE 18.244.18.27:443 sb.scorecardresearch.com tcp
US 34.111.152.239:443 optimise.net udp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
US 172.67.74.207:443 freestar-io.videoplayerhub.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
US 104.22.75.216:443 btloader.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 34.160.152.31:443 c.pub.network tcp
US 34.160.152.31:443 c.pub.network udp
US 8.8.8.8:53 live.primis.tech udp
US 52.43.253.87:443 pb-rtd.ccgateway.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.83:443 id5-sync.com tcp
DE 162.19.138.83:443 id5-sync.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 104.22.5.69:443 p.ad.gt tcp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 104.22.75.216:443 btloader.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 54.184.54.14:443 pb-rtd.ccgateway.net tcp
DE 13.32.99.81:443 live.primis.tech tcp
US 104.22.5.69:443 p.ad.gt tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 52.43.253.87:443 pb-rtd.ccgateway.net tcp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 95.100.245.39:443 a.teads.tv tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 54.184.54.14:443 pb-rtd.ccgateway.net tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 104.18.41.106:443 ex.ingage.tech tcp
US 104.18.41.106:443 ex.ingage.tech tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
DE 52.222.236.48:443 hb.yellowblue.io tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 52.222.236.48:443 hb.yellowblue.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 18.66.147.28:80 crt.rootg2.amazontrust.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 34.149.50.64:443 s.seedtag.com tcp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 120.186.224.13.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 87.253.43.52.in-addr.arpa udp
US 8.8.8.8:53 81.99.32.13.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 14.54.184.54.in-addr.arpa udp
US 8.8.8.8:53 113.140.107.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 39.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 106.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 48.236.222.52.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 64.50.149.34.in-addr.arpa udp
DE 18.184.119.72:443 match.sharethrough.com tcp
DE 18.66.102.121:443 rules.quantcount.com tcp
US 104.22.5.69:443 p.ad.gt tcp
DE 18.245.31.92:443 config.aps.amazon-adsystem.com tcp
DE 13.33.173.196:443 aax.amazon-adsystem.com tcp
DE 13.33.173.196:443 aax.amazon-adsystem.com tcp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
GB 142.250.179.225:443 65eb1230bce850097580fb30dd017f9e.safeframe.googlesyndication.com tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
DE 65.9.66.97:443 tags.crwdcntrl.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 104.18.41.106:443 ex.ingage.tech tcp
US 34.215.110.219:443 ids.ad.gt tcp
US 34.215.110.219:443 ids.ad.gt tcp
US 104.18.41.106:443 ex.ingage.tech tcp
NL 185.89.210.82:443 secure.adnxs.com tcp
US 104.22.4.69:443 p.ad.gt tcp
US 34.149.50.64:443 s.seedtag.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 104.22.4.69:443 p.ad.gt tcp
US 34.215.110.219:443 ids.ad.gt tcp
GB 95.100.244.20:443 contextual.media.net tcp
GB 2.20.12.75:443 acdn.adnxs.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 34.215.110.219:443 ids.ad.gt tcp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 104.16.186.87:443 cs.seedtag.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
IE 54.171.4.236:443 bcp.crwdcntrl.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 ads.us.e-planning.net udp
GB 2.22.101.110:443 secure-assets.rubiconproject.com tcp
GB 88.221.134.186:443 csync.smartadserver.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 ad.360yield.com udp
NL 89.149.192.201:443 sync.smartadserver.com tcp
NL 89.149.192.201:443 sync.smartadserver.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
IE 34.253.18.218:443 match.prod.bidr.io tcp
NL 35.214.249.215:443 csync.loopme.me tcp
DE 138.201.8.249:443 sync.richaudience.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 35.214.249.215:443 csync.loopme.me tcp
IE 34.253.18.218:443 match.prod.bidr.io tcp
NL 89.149.192.201:443 sync.smartadserver.com tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
US 35.244.159.8:443 u.openx.net tcp
US 50.31.142.127:443 b1sync.zemanta.com tcp
IE 63.35.89.195:443 ad.360yield.com tcp
DK 37.157.6.237:443 cm.adform.net tcp
IE 63.32.32.33:443 ap.lijit.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 97.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 219.110.215.34.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 20.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 75.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 87.186.16.104.in-addr.arpa udp
US 8.8.8.8:53 74.122.95.52.in-addr.arpa udp
US 8.8.8.8:53 236.4.171.54.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 28.147.66.18.in-addr.arpa udp
US 50.31.142.127:443 b1sync.zemanta.com tcp
IE 63.35.89.195:443 ad.360yield.com tcp
DK 37.157.6.237:443 cm.adform.net tcp
IE 63.32.32.33:443 ap.lijit.com tcp
US 35.244.159.8:443 u.openx.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
NL 82.145.213.8:443 t.adx.opera.com tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 104.22.4.69:443 pixels.ad.gt tcp
IE 54.217.175.130:443 ads.yieldmo.com tcp
GB 88.221.134.19:443 cdn.doubleverify.com tcp
IE 52.214.83.88:443 tracker.yougov.com tcp
IE 54.171.188.18:443 pixel.adsafeprotected.com tcp
DE 18.66.102.32:443 cdn.browsiprod.com tcp
IE 54.77.218.202:443 aam.a47b.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 34.107.140.113:443 s2s.t13.io udp
GB 88.221.134.19:443 cdn.doubleverify.com tcp
IE 54.171.188.18:443 pixel.adsafeprotected.com tcp
IE 54.77.218.202:443 aam.a47b.com tcp
US 35.244.159.8:443 u.openx.net udp
GB 88.221.134.19:443 cdn.doubleverify.com tcp
IE 52.214.83.88:443 tracker.yougov.com tcp
DE 65.9.66.14:443 yield-manager.browsiprod.com tcp
US 54.244.255.127:443 events.browsiprod.com tcp
US 104.22.4.69:443 pixels.ad.gt tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 218.18.253.34.in-addr.arpa udp
US 8.8.8.8:53 201.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 195.89.35.63.in-addr.arpa udp
US 8.8.8.8:53 33.32.32.63.in-addr.arpa udp
US 8.8.8.8:53 237.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 127.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 130.175.217.54.in-addr.arpa udp
US 8.8.8.8:53 19.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.83.214.52.in-addr.arpa udp
US 8.8.8.8:53 18.188.171.54.in-addr.arpa udp
US 8.8.8.8:53 202.218.77.54.in-addr.arpa udp
US 8.8.8.8:53 32.102.66.18.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
NL 69.173.156.130:443 beacon-ams3.rubiconproject.com tcp
IE 108.128.174.19:443 protected-by.clarium.io tcp
NL 89.149.192.201:443 sync.smartadserver.com tcp
US 54.244.255.127:443 events.browsiprod.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
DE 18.66.102.32:443 cdn.browsiprod.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
DE 18.66.112.74:443 ai.browsiprod.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
GB 52.84.90.35:443 static.adsafeprotected.com tcp
DE 13.225.78.123:443 cdn.pathtosuccess.global tcp
US 3.220.24.218:443 cs-server-s2s.yellowblue.io tcp
NL 185.172.149.104:443 ajs.a47b.com tcp
DE 13.225.78.123:443 cdn.pathtosuccess.global tcp
NL 185.172.149.104:443 ajs.a47b.com tcp
NL 35.214.249.215:443 csync.loopme.me tcp
US 8.8.8.8:53 sync.kueezrtb.com udp
US 8.8.8.8:53 14.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 249.8.201.138.in-addr.arpa udp
US 8.8.8.8:53 130.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 127.255.244.54.in-addr.arpa udp
US 8.8.8.8:53 19.174.128.108.in-addr.arpa udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
US 8.8.8.8:53 74.112.66.18.in-addr.arpa udp
US 8.8.8.8:53 35.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 123.78.225.13.in-addr.arpa udp
GB 172.217.16.226:443 pubads.g.doubleclick.net tcp
US 159.223.96.127:443 sync.kueezrtb.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 3.215.58.153:443 mb9eo.publishers.tremorhub.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
FR 91.134.110.132:443 ssbsync.smartadserver.com tcp
FR 91.134.110.132:443 ssbsync.smartadserver.com tcp
NL 35.214.249.215:443 csync.loopme.me tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 3.215.58.153:443 mb9eo.publishers.tremorhub.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
FR 91.134.110.132:443 ssbsync.smartadserver.com tcp
US 159.223.96.127:443 sync.kueezrtb.com tcp
GB 172.217.16.226:443 pubads.g.doubleclick.net udp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 35.71.170.66:443 direct.adsrvr.org tcp
US 18.210.65.35:443 dt.adsafeprotected.com tcp
US 18.210.65.35:443 dt.adsafeprotected.com tcp
US 18.210.65.35:443 dt.adsafeprotected.com tcp
US 18.210.65.35:443 dt.adsafeprotected.com tcp
US 18.210.65.35:443 dt.adsafeprotected.com tcp
US 18.210.65.35:443 dt.adsafeprotected.com tcp
GB 88.221.134.186:443 csync.smartadserver.com tcp
US 8.8.8.8:53 66.170.71.35.in-addr.arpa udp
US 8.8.8.8:53 35.65.210.18.in-addr.arpa udp
GB 88.221.134.225:443 ced-ns.sascdn.com tcp
DE 18.245.46.117:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 34.160.152.31:443 c.pub.network udp
DE 18.245.46.117:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.17.43.93:443 gum.aidemsrv.com tcp
US 34.160.152.31:443 c.pub.network udp
GB 2.20.12.70:443 player.aniview.com tcp
DE 51.89.9.254:443 onetag-sys.com udp
US 50.31.142.127:443 b1sync.zemanta.com tcp
US 34.237.74.196:443 api-2-0.spot.im tcp
US 172.111.38.111:443 tracker.open-adsyield.com tcp
IE 54.171.130.238:443 jadserve.postrelease.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 54.172.114.232:443 sync.srv.stackadapt.com tcp
US 34.237.74.196:443 api-2-0.spot.im tcp
US 54.172.114.232:443 sync.srv.stackadapt.com tcp
US 172.111.38.111:443 tracker.open-adsyield.com tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
DK 37.157.4.29:443 c1.adform.net tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 70.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 93.43.17.104.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 238.130.171.54.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 232.114.172.54.in-addr.arpa udp
US 8.8.8.8:53 usermatch.krxd.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
FR 149.202.238.105:443 rtb-csync.smartadserver.com tcp
US 104.22.50.98:443 spl.zeotap.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 104.16.160.145:443 img.onesignal.com tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 34.160.128.112:443 api.floors.dev tcp
US 34.160.128.112:443 api.floors.dev tcp
US 34.160.128.112:443 api.floors.dev udp
US 34.111.152.239:443 optimise.net udp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 35.227.252.103:443 rtb.openx.net udp
US 34.111.152.239:443 optimise.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 54.184.54.14:443 pb-rtd.ccgateway.net tcp
GB 2.18.109.60:443 widgets.outbrain.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
GB 95.100.245.166:443 tcheck.outbrainimg.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 151.101.130.132:443 mv.outbrain.com tcp
US 50.31.142.63:443 log.outbrainimg.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 50.31.142.63:443 log.outbrainimg.com tcp
US 50.31.142.95:443 mcdp-chidc2.outbrain.com tcp
GB 95.100.245.166:443 tcheck.outbrainimg.com tcp
US 50.31.142.31:443 sync.outbrain.com tcp
US 50.31.142.63:443 log.outbrainimg.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
GB 173.194.76.155:443 stats.g.doubleclick.net udp
US 54.244.255.127:443 events.browsiprod.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 228fefc98d7fb5b4e27c6abab1de7207
SHA1 ada493791316e154a906ec2c83c412adf3a7061a
SHA256 448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2
SHA512 fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 026e0c65239e15ba609a874aeac2dc33
SHA1 a75e1622bc647ab73ab3bb2809872c2730dcf2df
SHA256 593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292
SHA512 9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

\??\pipe\LOCAL\crashpad_4736_USOPKPZOBCIDFKKV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5727110c5b0b000c892c08284a77d9de
SHA1 6134b8acebba724b1296ab788d4a9740872b9fe7
SHA256 31acbd2a154cb97509a1e7b525bc618c23b7d8bc364d99fc0b86e20de1e4349d
SHA512 31e21361dc2dbb5678722d5ad2703534fdb3135d74235f12fa3dacb8dc367f832a80614379de002e221c646fdb62f205ac91f7268896b0c1e08576bbce8dcde5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 652fe6581195b310b7838164403cf9a6
SHA1 49912ec4a753fd8384de4073bb8533c440d5f131
SHA256 719b18db35888f9b0b24dc5dff3736325e3229dee3b521c4e3cb914a11b63c18
SHA512 88cb1f9ccbe98f1430ab3f8cd52aec4d5d50c24f102235151f14e0fceaae100a747c1852bb8b8e7cb17ccbca2fde6d492c85f9f9898ef4aa3b1bc7893457542d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1a651e84eea3015a2b77da532eae6602
SHA1 2f11656a2a0c651a085f55692453828850208975
SHA256 a65ccc138a488ac8f6953a0090da24f95fce432e46f6d18c20132f9926e7c728
SHA512 04895b4a2cee0acb96606bc23c17e9b904c505bd0b11cda227d82b524c855b3dd2c02e6bd2817e7bb53a2deda0cea36228230e0117575cd749c55710f26c63a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8208a39de76c65339b7bcaecbee6130d
SHA1 1d0071ce2fd4e1589de9f1e5d217fe00ab7b2937
SHA256 ed31053801ffa7c280681f12186ad4fb47d950a1e8ef2e5cbc2d24627818e9f9
SHA512 2a0150fa90fd5a6d93f668c3f6ac24c07340a8554df8db9f14d6991e185c6f170dc3faddb807346f9fee32cdcf25584a5bb609028d812a990674496d190db849

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 bb37c11fdbc0465fe82618b8c25f513c
SHA1 55194601861bebb24419499a86956b0ca371e59d
SHA256 5e0ee43b3e4b3491b311ebec57eb8241568f6cf17be529e4d8947176c2bb5e6f
SHA512 caf0a84c14837d85b52c8d743312c2b421a4121b9d5305e51ba3428ebf28ba8ea73ab9badb8dc9555d8f9b8f8ecbc72ec070e64d33c41602a0e56df39d8e6444

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 802ae7e2cb0164a8cc30d3541d644864
SHA1 0558cc140800e0d434a3129307e24f3174d6adca
SHA256 d9e22cabba219278072c644457eca1d33c26f690a493bb84cbdd127462960632
SHA512 6e208718652536d38edd2d8372a2fa215a26d95eaee9c81e85e92003e14324b9ba9bcb6f0a812d8c66f5fc7341fc4b5daf32a7a8fc6068f4a6558dcd3c25bf66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a8c5ff5cbd172fb0fc6bcdea472ba47d
SHA1 d84894a7f486cf62ec40e3ebb324f08e5664be75
SHA256 b3b9d66887b006f94ddcf9d644406c5e1f409924707b557ae1b885ab6ee28d2b
SHA512 809c3d55e51ebb1fd89ce8ae2ec00f546e81a1be9ca80e7d48700dc902a6cd9bcf95bdd810c5a4c0fbe7b19e9dde928aba55b1ccc38d03260e24a17b8e61240b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d0d8bf8592fc0eddc13d36164a7b0b88
SHA1 a192eb263ae1e3ef56c6618c1eecfa21bff6c60f
SHA256 bdb47fcc37fedd9f0ddb5a7a2775ee754473321e21306536bac8da2aae116351
SHA512 91e5cff8dc6f887d3ebd4510fe48edef2364c0461b67ebbaaf6c8c08ff23d3239ce8e8c62a1a6be4227ad2e05943ffc7dbf5706f3d7e44b6b93f7f7b25cb655b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb4b44401402646e051ccb3476d36bdd
SHA1 473946bb592dc933b38457b143aa1476f2eac39a
SHA256 6d41f49fadb5e24e72257479f894d2ff8e786345d9eb0cb52f8e124639550be1
SHA512 0d90f66d9c43bd599187d7cef1330f124cf58d0207c0e1f24a439305f7fd1ed85220381db1677c3dc29242e2f13187806c56b816db53410fbcd9b8c2e68c1aea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eef20ad49e1b7187bae0ac8b086bae0c
SHA1 bdec758fcc123e5d8888284a40f37f3b23f054f0
SHA256 0c1e96bb71b52ed3f8030b0ec8b8b79be1ecf576fb624d8344543cc148d6a6e4
SHA512 142bf04db517d9c5a7a80107b69e8e2d26b951997962f603d7c9279ee505f0307d09a436dce18806292b828f64709cdab66ef5befc5e811c31af24cc61f730c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e9ca.TMP

MD5 61a71336b6581fea83ef8c7c729af3bb
SHA1 ba2dda7832610933b0ac8513e62375800544cab6
SHA256 72f287a344f15659c3e738e7785d9fc93bcd585777c94adfb69f4425600e3ee2
SHA512 ac46d5fadb9cbf27e5da74bdb53fea42d5baf7e92cf8796ba6c1c2d926357fac386e1fd175aab48aeba011cee6a0f1bde50e5b0e40772fb3f8176455af9052ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3955a226b79459d794cde96297780bf0
SHA1 c7b7c74137531b58414bdfd54b2b4ec6e7f70597
SHA256 d5a2c251eba80a998efd9ac0c3b6c147c040b244ca4dd2aa51c6e5b941818832
SHA512 56dd3472ce6c859376d2be04e016f338ec6a180e7b4417f9bef78ecc68405586ae555cf6b784e2732a0dde8182bf3f98b3a7d816dcd5bb315f75f10290f4380a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a264cd3c270ac91c64f06eec415bceb
SHA1 98bf607a2e5d99e262edf69aa787b5bf7fea7bc0
SHA256 1493fa2944d21d0bf452a03c576dd38068ae1ac6f99c295aecab374ddbe04000
SHA512 9b163db1cc7e477af455e8b6a5d4bf2b0385f2c4ea25f22af7501ca426926c3f5de6291703de73565c5ac9f0904a6dfb740ce2d98faad41aed485862ee506f88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

MD5 a2b03561cabc0d346e9a6be3f5b11b5e
SHA1 ba0aea2acc1c20700c4c09c5b2b8d0bfbd33ce6b
SHA256 09588f4db755d8d88d9e521f5189d97c2ac781ee7ad782bb0c644eb9f69feef1
SHA512 3602c58bf569bbf22d2a559f0a62c4ac8d6c9868dd956cf0d75d694d104eaf2f82d22c9427636a46ec82cc24e758ad1eaad75fab771ce843308c1b2fe57c6ddb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ace7e10dc5d5741b7b71fa5630f0b68a
SHA1 d8963ab7e86221d21181fdcbd7982c50582d05cc
SHA256 cac43bdc654639d88eeb2d5e9a4aa2c8ff3f5c8450202ed8584623b8fcfa2cc7
SHA512 c8e66fa225b534ade98cdd4bccee297d3ade36761c90847e48972ee19bb02f6f1de925cb34a6b57ae7b5652c21a7e2c9086bff39f9eeb6ce3d187ecd820234ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 956c46ebcb36cb8407b6b0b7e883fcc0
SHA1 5b591f3ac4b8b35d7be9a1e2ab9577b9f57f1053
SHA256 ac1e3068940533b537027659402a0abc601fe1bc5ca36cee057a06d90f2de76e
SHA512 c72c4ff39d789414fdd9dee3a63d10cac219a0b06abaf5b4b404036bcdef60acfd6473b00f3a7857e5a817caf50aff4a8cc3a83f609e35d9710cb02288465405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 99b2f716285f104031d6eb4a4fc2d4be
SHA1 17ac45a5485c81f4d78d2e8f0ed3909e40743abe
SHA256 04551e97506c17becdd1b33a0923c6574244c907c4527681cea2aa6a1d97c47a
SHA512 18bf453f2727b4680ddb726e4c72ba3b1687b40f25d5a074588c872c7db8360993ada275f6808cbeffee2115958c8e8c75ca99acfe70f4a194aa219a67a5bd99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e4dc4406497794c18afd1725cb31ebd3
SHA1 3e8e148b4ddcc36100437cf097201cdab90c293e
SHA256 bca8dfd7f8c1e489673fc4490e0333462d76b5394072604de75587d75dd50eef
SHA512 4b7e44692472befc9f55055d3bf88386058b0374d2b81023a57b88caf99acd0aeeffd3655e2154c72334cf18df226bc8445155b9bef1af54247e7ebea9b6b81a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

MD5 e81f849d22f556e1c55cbe982083221c
SHA1 5855dc7b3f8d5fc5de7ec52e32b3f910935573bb
SHA256 097b460749be89ca000ac3e9969d9876a3121f1a7356de857427c62634c8e5c4
SHA512 3af35f7ded0591afa5dee60f5aa9cfd63b8878c274a8d95b1ee650b387b4216e3a91c2da8374b5db2cd7c357f30971d74a994f24f720bd37a194b917e2723312

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

MD5 dda00247b36a9df775cb31aa96e96e53
SHA1 36721b000add52f63c79d0c7fa4dec52e9fe8d3f
SHA256 ba3097e039df81936d53218f598269278e54e63df9ab308bda2b4dbbf5cda1b5
SHA512 0c598f73153722a18f8720d7473d03bd958d7bdd0316a4c7fe617efaac52690af8ca4d40b33814041a6e9eebfd6ef685b24713e186024af7508c6e3103c6fded

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 72fc5c497f184cef47447e9910ff476c
SHA1 13a7e35da0ed90d697f864c3f4caf370899a5a41
SHA256 3701e82529677b60272a2f59cb5df82de1b508eb579eecfc566cf4056e9d72fc
SHA512 5b8641de3e4fcb5e0dd4d4c3bb3aa0f731d224252767f97d692aedd050ca2cf20be681e453daf40a0a77bf2f40c6c859232070e75975aa2baa194ad2724535ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 34cb984d29786586e74fd2432bf0f742
SHA1 f7918b4dc204bbdf49564e5d6ac0e6ad3afba659
SHA256 20694838061b3dde4b099cb4dabafd4f3327a81197ff2b028ece91cb711e6701
SHA512 06513c3005518284f21382f94276c7ad3d553ced64908f5107628388ed5020674598d6bbe857897d80a5f5c9390a2abbe12e966af449235542fb8388a804b230

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9089c5095b3652de802473b664e4dde3
SHA1 b8d5159dd89ebb0f756f9b830331dba8e5f9b0b7
SHA256 a108ae19ee95045a05764bb3b9bd89f3ed06a4a89d4f9b16772391bac9f5a80f
SHA512 13356c4ea217c6d04957a5546e9df75867c3eca02c67a279f5adf14979320f1793bfde35c25123be06957bd1019c330415f7eb9eeef86106eb5b36ea0f2a9d41

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 79dc76c19d68c431ced16379545803fd
SHA1 0b0ec9c82b23ae5b078a59800289eb2d29a79c48
SHA256 297959f4a97e1dc355dd6028f85bafa7a850dd7462d8857cd8f54b24b4db57e4
SHA512 28dde3eaf638d8429fb21f229a5873f0d5ca6f5ed601ed69e0fa03f0d41034aa16373cce4d3f7520ee7186a5edc526bee51fd999ecff88b4394b05d187055a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f1494f995fd36198dc8a76447bd860d2
SHA1 175ed880a79bb84ec30f0e9615410b37e25f8981
SHA256 2f9ca8cc476704d4a40493cca7916c8a5a8dadd97803d4c956b8fecb3ac31a81
SHA512 22d108502c2166febf7baaec8351a5082a07420810bdc52d5ce93db20e44121b967a7656fe2dd30069c4367cd271199480bd2ba8f9c8875eafc9d363a2f18c2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6201070b99192dd63425d19b76469f81
SHA1 4c0ed1ab102a9ac30213c750e56ccaf4063f333b
SHA256 615251d2f6aa69307817f7cc3b7f75498abef4a261fbe5e560af7f333ad4ed07
SHA512 adffb424eba8f5b7b93207969195d610388e7bcce46de05019e08eda66107d35ddfaa3ecb7151294095ef2aa2e881e9895917afc2396876809210756b9dd4df0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 55284f5d732d0c7bd4ce9a95686c7e17
SHA1 0ce10a7c8470b08be743139e0a3e60e494082cca
SHA256 b6d6e12a6a2e457b3c94edbeef2e9fd6e3499736b99401254056a26db98e2dd1
SHA512 7c14c1724b6b72305e32c8c481f7aa3332a8154832b09932ec35a006b112057b43785bcd8c54f7c5d8e86b6f8ba5152aa6028adcde49322e9e9fef34884ebd13