Analysis Overview
Threat Level: Shows suspicious behavior
The file http://haxball.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Looks up external IP address via web service
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Reads CPU attributes
Checks CPU configuration
Changes its process name
Reads runtime system information
Writes file to tmp directory
Browser Information Discovery
Enumerates kernel/hardware configuration
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-31 14:30
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-31 14:30
Reported
2024-08-31 14:35
Platform
ubuntu2004-amd64-20240611-en
Max time kernel
300s
Max time network
303s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/virtio0/drm/renderD128 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/task/1689/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/151 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/dconf-service | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/34 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/127 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1847/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1856/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/self/fd/90 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/12 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/161 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1694/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1780/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/149 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-goa-volume-monitor | N/A |
| File opened for reading | /proc/1402/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/133 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/32 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/131 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /proc/self/fd/108 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/103 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1607/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/84 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/155 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/1597/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd-fuse | N/A |
| File opened for reading | /proc/self/fd/94 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1582/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1868/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1410/status | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open http://haxball.com]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox http://haxball.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://haxball.com]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {aa628b73-243f-4aa2-833f-cd5e9fa4f321} 1531 true socket]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20271 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {cddfd6c2-4069-4b2b-9d1d-ff2a69422575} 1531 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26979 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {6aa12431-923a-4117-8f4a-05257d557956} 1531 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25456 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {dbc34c36-8f2e-4360-a100-5a8bd59d7735} 1531 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25597 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {cd87feeb-bd27-4749-a598-28427b05dc13} 1531 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 27888 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {277b3af3-ea11-49a5-9d85-b22a99616e30} 1531 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 27923 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {1f3b0d01-0d0a-41a3-9e23-cc4d0c86a4f3} 1531 true rdd]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25923 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {5feba030-6d68-48e5-907e-f280fda3feb0} 1531 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25923 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {15857568-0909-45c9-8a8f-f37ed831c229} 1531 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 25923 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {2f035197-4ea1-4185-858a-d445548f7737} 1531 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 31701 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {adb65f29-a74c-4526-a652-048a7979ba33} 1531 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 29086 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {c3a9cc1e-28a0-4952-8b8e-a8c322ee09ca} 1531 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 10 -isForBrowser -prefsLen 29086 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {e06d95fc-beba-44f2-9237-9d4c514efcbe} 1531 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | haxball.com | udp |
| US | 1.1.1.1:53 | haxball.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 104.21.32.203:80 | haxball.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | www.haxball.com | udp |
| US | 1.1.1.1:53 | www.haxball.com | udp |
| US | 104.21.32.203:80 | www.haxball.com | tcp |
| US | 1.1.1.1:53 | www.haxball.com | udp |
| US | 172.67.187.117:443 | www.haxball.com | tcp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 172.67.187.117:443 | www.haxball.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | static.doubleclick.net | udp |
| US | 1.1.1.1:53 | static.doubleclick.net | udp |
| GB | 142.250.187.198:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.198:443 | static.doubleclick.net | udp |
| US | 1.1.1.1:53 | jnn-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 1.1.1.1:53 | yt3.ggpht.com | udp |
| US | 1.1.1.1:53 | yt3.ggpht.com | udp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.225:443 | yt3.ggpht.com | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.78:443 | play.google.com | tcp |
| GB | 216.58.204.78:443 | play.google.com | tcp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 172.67.187.117:443 | www.haxball.com | tcp |
| US | 1.1.1.1:53 | www.haxball.com | udp |
| US | 1.1.1.1:53 | server.cpmstar.com | udp |
| US | 1.1.1.1:53 | server.cpmstar.com | udp |
| US | 131.153.171.235:443 | server.cpmstar.com | tcp |
| US | 1.1.1.1:53 | ssl.cdne.cpmstar.com | udp |
| US | 1.1.1.1:53 | ssl.cdne.cpmstar.com | udp |
| US | 1.1.1.1:53 | cs2154.wpc.alphacdn.net | udp |
| US | 152.199.21.117:443 | ssl.cdne.cpmstar.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | stun.l.google.com | udp |
| US | 1.1.1.1:53 | p2p.haxball.com | udp |
| US | 1.1.1.1:53 | p2p.haxball.com | udp |
| US | 1.1.1.1:53 | p2p.haxball.com | udp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 172.67.187.117:443 | p2p.haxball.com | tcp |
| BA | 62.113.18.121:60167 | udp | |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 1.1.1.1:53 | p2p.haxball.com | udp |
| US | 172.67.187.117:443 | p2p.haxball.com | tcp |
| US | 172.67.187.117:443 | p2p.haxball.com | tcp |
| BA | 62.113.18.121:60582 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.98:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 1.1.1.1:53 | whatismyipaddress.com | udp |
| US | 1.1.1.1:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:80 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:443 | whatismyipaddress.com | udp |
| US | 1.1.1.1:53 | ds6.whatismyipaddress.com | udp |
| US | 1.1.1.1:53 | ds6.whatismyipaddress.com | udp |
| US | 1.1.1.1:53 | app.fusebox.fm | udp |
| US | 1.1.1.1:53 | a.omappapi.com | udp |
| US | 1.1.1.1:53 | a.omappapi.com | udp |
| US | 1.1.1.1:53 | app.fusebox.fm | udp |
| GB | 143.244.38.136:443 | a.omappapi.com | tcp |
| US | 1.1.1.1:53 | cmp.inmobi.com | udp |
| US | 1.1.1.1:53 | cmp.inmobi.com | udp |
| US | 1.1.1.1:53 | a.pub.network | udp |
| US | 1.1.1.1:53 | a.pub.network | udp |
| US | 104.18.21.206:443 | a.pub.network | tcp |
| US | 104.18.21.206:443 | a.pub.network | udp |
| US | 1.1.1.1:53 | maps.whatismyipaddress.info | udp |
| US | 1.1.1.1:53 | maps.whatismyipaddress.info | udp |
| US | 1.1.1.1:53 | d.pub.network | udp |
| US | 1.1.1.1:53 | d.pub.network | udp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| US | 104.26.13.133:443 | app.fusebox.fm | udp |
| US | 1.1.1.1:53 | api.omappapi.com | udp |
| US | 1.1.1.1:53 | api.omappapi.com | udp |
| US | 172.66.42.248:443 | api.omappapi.com | tcp |
| US | 104.26.13.133:443 | app.fusebox.fm | udp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| US | 1.1.1.1:53 | onesignal.com | udp |
| US | 1.1.1.1:53 | onesignal.com | udp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| US | 104.16.160.145:443 | onesignal.com | tcp |
| US | 104.16.160.145:443 | onesignal.com | udp |
| US | 1.1.1.1:53 | static.libsyn.com | udp |
| US | 1.1.1.1:53 | static.libsyn.com | udp |
| GB | 18.165.242.34:443 | static.libsyn.com | tcp |
| US | 1.1.1.1:53 | region1.analytics.google.com | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | region1.analytics.google.com | udp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| US | 1.1.1.1:53 | www.google.co.uk | udp |
| BE | 142.250.110.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.187.195:443 | www.google.co.uk | tcp |
| US | 1.1.1.1:53 | cmp-prod.inmobi-choice.io | udp |
| GB | 18.244.114.32:443 | cmp.inmobi.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | udp |
| BE | 142.250.110.157:443 | stats.g.doubleclick.net | udp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 1.1.1.1:53 | cdn.whatismyipaddress.com | udp |
| US | 1.1.1.1:53 | cdn.whatismyipaddress.com | udp |
| US | 104.19.222.79:443 | cdn.whatismyipaddress.com | tcp |
| US | 1.1.1.1:53 | api.cmp.inmobi.com | udp |
| US | 1.1.1.1:53 | d.pub.network | udp |
| US | 1.1.1.1:53 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | udp |
| US | 34.160.152.31:443 | d.pub.network | tcp |
| US | 104.19.222.79:443 | cdn.whatismyipaddress.com | udp |
| DE | 3.124.222.217:443 | api.cmp.inmobi.com | tcp |
| US | 34.160.152.31:443 | d.pub.network | udp |
| US | 1.1.1.1:53 | sb.scorecardresearch.com | udp |
| US | 1.1.1.1:53 | sb.scorecardresearch.com | udp |
| US | 1.1.1.1:53 | optimise.net | udp |
| US | 1.1.1.1:53 | optimise.net | udp |
| GB | 18.165.242.4:443 | sb.scorecardresearch.com | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | cdn.confiant-integrations.net | udp |
| US | 1.1.1.1:53 | cdn.confiant-integrations.net | udp |
| US | 1.1.1.1:53 | freestar-io.videoplayerhub.com | udp |
| US | 172.64.144.166:443 | cdn.confiant-integrations.net | tcp |
| US | 1.1.1.1:53 | freestar-io.videoplayerhub.com | udp |
| US | 172.67.74.207:443 | freestar-io.videoplayerhub.com | tcp |
| US | 172.64.144.166:443 | cdn.confiant-integrations.net | udp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
Files
/root/.cache/dconf/user
| MD5 | c4103f122d27677c9db144cae1394a66 |
| SHA1 | 1489f923c4dca729178b3e3233458550d8dddf29 |
| SHA256 | 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 |
| SHA512 | 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54 |
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-31 14:30
Reported
2024-08-31 14:35
Platform
ubuntu2204-amd64-20240522.1-en
Max time kernel
141s
Max time network
301s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/module/apparmor/parameters/enabled | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/1559/status | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1575/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/1554/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/1559/attr/apparmor/current | /usr/bin/dbus-daemon | N/A |
Processes
/usr/bin/xdg-open
[xdg-open http://haxball.com]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox http://haxball.com]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.55:443 | api.snapcraft.io | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 1.1.1.1:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 91.189.91.42:443 | canonical-bos01.cdn.snapcraftcontent.com | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.59:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | canonical-lgw01.cdn.snapcraftcontent.com | udp |
| US | 1.1.1.1:53 | canonical-lgw01.cdn.snapcraftcontent.com | udp |
| GB | 185.125.190.26:443 | canonical-lgw01.cdn.snapcraftcontent.com | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.55:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.55:443 | api.snapcraft.io | tcp |
| GB | 185.125.188.55:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 1.1.1.1:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.55:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | canonical-lgw01.cdn.snapcraftcontent.com | udp |
| GB | 185.125.190.27:443 | canonical-lgw01.cdn.snapcraftcontent.com | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.54:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | canonical-lgw01.cdn.snapcraftcontent.com | udp |
| GB | 185.125.190.28:443 | canonical-lgw01.cdn.snapcraftcontent.com | tcp |
| US | 8.8.8.8:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 8.8.8.8:53 | canonical-bos01.cdn.snapcraftcontent.com | udp |
| US | 91.189.91.43:443 | canonical-bos01.cdn.snapcraftcontent.com | tcp |
| US | 91.189.91.43:443 | canonical-bos01.cdn.snapcraftcontent.com | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| US | 8.8.8.8:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
Files
/root/.dbus/session-bus/f2de92a803c744e586bd87567a26b68a-0
| MD5 | 9581d30e60718b15782e781b683791bb |
| SHA1 | 31809168b531b7e055d6aa1e3911b359af642391 |
| SHA256 | e8a29907a7f89d84f23ce27d1e6116f913eb5351ce0b9b5f4117c73bea706332 |
| SHA512 | 177b8e15b6c4e4dedf7c34254d0bee493cb67a2de1bd29c416d921191b8542764a7e7fdf98dc5a663eb980aa8f67b7fd5406fc7f071f61161ee81d46ed259a3c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-31 14:30
Reported
2024-08-31 14:35
Platform
win11-20240802-en
Max time kernel
297s
Max time network
301s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{A8E4A36E-4C01-4752-8EBB-06CA644EC962} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://haxball.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa16b83cb8,0x7ffa16b83cc8,0x7ffa16b83cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5032 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C0
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3848 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13021823776503332035,6475845986139525536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | haxball.com | udp |
| US | 172.67.187.117:80 | p2p.haxball.com | tcp |
| US | 172.67.187.117:80 | p2p.haxball.com | tcp |
| US | 172.67.187.117:80 | p2p.haxball.com | tcp |
| US | 172.67.187.117:443 | p2p.haxball.com | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 131.153.170.213:443 | server.cpmstar.com | tcp |
| US | 8.8.8.8:53 | 213.170.153.131.in-addr.arpa | udp |
| US | 152.199.21.117:443 | ssl.cdne.cpmstar.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 131.153.170.213:443 | server.cpmstar.com | tcp |
| US | 131.153.170.213:443 | server.cpmstar.com | tcp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 104.21.32.203:443 | p2p.haxball.com | tcp |
| US | 131.153.170.213:443 | server.cpmstar.com | tcp |
| US | 131.153.170.213:443 | server.cpmstar.com | tcp |
| US | 131.153.170.213:443 | server.cpmstar.com | tcp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 104.21.32.203:443 | p2p.haxball.com | tcp |
| BA | 62.113.18.121:63136 | udp | |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 104.21.32.203:443 | p2p.haxball.com | tcp |
| BA | 62.113.18.121:64741 | udp | |
| GB | 88.221.135.1:443 | www.bing.com | tcp |
| GB | 88.221.135.1:443 | www.bing.com | tcp |
| GB | 88.221.135.1:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.182:443 | th.bing.com | tcp |
| GB | 95.101.143.193:443 | th.bing.com | tcp |
| GB | 95.101.143.193:443 | th.bing.com | tcp |
| GB | 95.101.143.182:443 | th.bing.com | tcp |
| US | 188.114.97.0:443 | www.pyproxy.com | tcp |
| US | 188.114.97.0:443 | www.pyproxy.com | tcp |
| US | 188.114.97.0:443 | www.pyproxy.com | tcp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 104.21.6.185:443 | papi.pyproxy.com | tcp |
| US | 104.21.6.185:443 | papi.pyproxy.com | tcp |
| US | 104.21.6.185:443 | papi.pyproxy.com | tcp |
| US | 104.21.6.185:443 | papi.pyproxy.com | tcp |
| US | 104.21.6.185:443 | papi.pyproxy.com | tcp |
| US | 104.21.6.185:443 | papi.pyproxy.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 104.19.222.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.222.79:443 | whatismyipaddress.com | tcp |
| US | 8.8.8.8:53 | a.pub.network | udp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| GB | 79.127.237.132:443 | a.omappapi.com | tcp |
| DE | 3.160.150.117:443 | cmp.inmobi.com | tcp |
| US | 104.18.20.206:443 | a.pub.network | tcp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 8.8.8.8:53 | optimise.net | udp |
| US | 104.26.5.215:443 | maps.whatismyipaddress.info | tcp |
| US | 8.8.8.8:53 | d.pub.network | udp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.160.152.31:443 | d.pub.network | tcp |
| US | 104.26.13.133:443 | app.fusebox.fm | tcp |
| US | 172.66.42.248:443 | api.omappapi.com | tcp |
| US | 8.8.8.8:53 | 223.111.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.150.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.5.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.128.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.152.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.152.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.42.66.172.in-addr.arpa | udp |
| DE | 18.245.60.24:443 | static.libsyn.com | tcp |
| DE | 3.124.222.217:443 | api.cmp.inmobi.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 173.194.76.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 173.194.76.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| DE | 18.244.18.27:443 | sb.scorecardresearch.com | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | tcp |
| US | 172.67.74.207:443 | freestar-io.videoplayerhub.com | tcp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | udp |
| US | 34.160.152.31:443 | c.pub.network | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 52.43.253.87:443 | pb-rtd.ccgateway.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 54.184.54.14:443 | pb-rtd.ccgateway.net | tcp |
| DE | 13.32.99.81:443 | live.primis.tech | tcp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 52.43.253.87:443 | pb-rtd.ccgateway.net | tcp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 95.100.245.39:443 | a.teads.tv | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 54.184.54.14:443 | pb-rtd.ccgateway.net | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 104.18.41.106:443 | ex.ingage.tech | tcp |
| US | 104.18.41.106:443 | ex.ingage.tech | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| DE | 52.222.236.48:443 | hb.yellowblue.io | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 52.222.236.48:443 | hb.yellowblue.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 18.66.147.28:80 | crt.rootg2.amazontrust.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.186.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.253.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.99.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.54.184.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.140.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.236.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| DE | 18.66.102.121:443 | rules.quantcount.com | tcp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| DE | 18.245.31.92:443 | config.aps.amazon-adsystem.com | tcp |
| DE | 13.33.173.196:443 | aax.amazon-adsystem.com | tcp |
| DE | 13.33.173.196:443 | aax.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | 65eb1230bce850097580fb30dd017f9e.safeframe.googlesyndication.com | tcp |
| GB | 23.49.161.153:443 | secure.cdn.fastclick.net | tcp |
| DE | 65.9.66.97:443 | tags.crwdcntrl.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 104.18.41.106:443 | ex.ingage.tech | tcp |
| US | 34.215.110.219:443 | ids.ad.gt | tcp |
| US | 34.215.110.219:443 | ids.ad.gt | tcp |
| US | 104.18.41.106:443 | ex.ingage.tech | tcp |
| NL | 185.89.210.82:443 | secure.adnxs.com | tcp |
| US | 104.22.4.69:443 | p.ad.gt | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 104.22.4.69:443 | p.ad.gt | tcp |
| US | 34.215.110.219:443 | ids.ad.gt | tcp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| GB | 2.20.12.75:443 | acdn.adnxs.com | tcp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 34.215.110.219:443 | ids.ad.gt | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 104.16.186.87:443 | cs.seedtag.com | tcp |
| IE | 52.95.122.74:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 54.171.4.236:443 | bcp.crwdcntrl.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| GB | 2.22.101.110:443 | secure-assets.rubiconproject.com | tcp |
| GB | 88.221.134.186:443 | csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| NL | 89.149.192.201:443 | sync.smartadserver.com | tcp |
| NL | 89.149.192.201:443 | sync.smartadserver.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| DE | 138.201.8.249:443 | sync.richaudience.com | tcp |
| DE | 138.201.8.249:443 | sync.richaudience.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| IE | 34.253.18.218:443 | match.prod.bidr.io | tcp |
| NL | 35.214.249.215:443 | csync.loopme.me | tcp |
| DE | 138.201.8.249:443 | sync.richaudience.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 35.214.249.215:443 | csync.loopme.me | tcp |
| IE | 34.253.18.218:443 | match.prod.bidr.io | tcp |
| NL | 89.149.192.201:443 | sync.smartadserver.com | tcp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 50.31.142.127:443 | b1sync.zemanta.com | tcp |
| IE | 63.35.89.195:443 | ad.360yield.com | tcp |
| DK | 37.157.6.237:443 | cm.adform.net | tcp |
| IE | 63.32.32.33:443 | ap.lijit.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.110.215.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.186.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.122.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.4.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.147.66.18.in-addr.arpa | udp |
| US | 50.31.142.127:443 | b1sync.zemanta.com | tcp |
| IE | 63.35.89.195:443 | ad.360yield.com | tcp |
| DK | 37.157.6.237:443 | cm.adform.net | tcp |
| IE | 63.32.32.33:443 | ap.lijit.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| IE | 54.217.175.130:443 | ads.yieldmo.com | tcp |
| GB | 88.221.134.19:443 | cdn.doubleverify.com | tcp |
| IE | 52.214.83.88:443 | tracker.yougov.com | tcp |
| IE | 54.171.188.18:443 | pixel.adsafeprotected.com | tcp |
| DE | 18.66.102.32:443 | cdn.browsiprod.com | tcp |
| IE | 54.77.218.202:443 | aam.a47b.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 34.107.140.113:443 | s2s.t13.io | udp |
| GB | 88.221.134.19:443 | cdn.doubleverify.com | tcp |
| IE | 54.171.188.18:443 | pixel.adsafeprotected.com | tcp |
| IE | 54.77.218.202:443 | aam.a47b.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| GB | 88.221.134.19:443 | cdn.doubleverify.com | tcp |
| IE | 52.214.83.88:443 | tracker.yougov.com | tcp |
| DE | 65.9.66.14:443 | yield-manager.browsiprod.com | tcp |
| US | 54.244.255.127:443 | events.browsiprod.com | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 218.18.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.89.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.32.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.175.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.83.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.188.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.218.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.102.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| NL | 69.173.156.130:443 | beacon-ams3.rubiconproject.com | tcp |
| IE | 108.128.174.19:443 | protected-by.clarium.io | tcp |
| NL | 89.149.192.201:443 | sync.smartadserver.com | tcp |
| US | 54.244.255.127:443 | events.browsiprod.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| DE | 18.66.102.32:443 | cdn.browsiprod.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| DE | 18.66.112.74:443 | ai.browsiprod.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| GB | 52.84.90.35:443 | static.adsafeprotected.com | tcp |
| DE | 13.225.78.123:443 | cdn.pathtosuccess.global | tcp |
| US | 3.220.24.218:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 185.172.149.104:443 | ajs.a47b.com | tcp |
| DE | 13.225.78.123:443 | cdn.pathtosuccess.global | tcp |
| NL | 185.172.149.104:443 | ajs.a47b.com | tcp |
| NL | 35.214.249.215:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | sync.kueezrtb.com | udp |
| US | 8.8.8.8:53 | 14.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.8.201.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.255.244.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.174.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.44.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.112.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.78.225.13.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | pubads.g.doubleclick.net | tcp |
| US | 159.223.96.127:443 | sync.kueezrtb.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 3.215.58.153:443 | mb9eo.publishers.tremorhub.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| FR | 91.134.110.132:443 | ssbsync.smartadserver.com | tcp |
| FR | 91.134.110.132:443 | ssbsync.smartadserver.com | tcp |
| NL | 35.214.249.215:443 | csync.loopme.me | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 3.215.58.153:443 | mb9eo.publishers.tremorhub.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| FR | 91.134.110.132:443 | ssbsync.smartadserver.com | tcp |
| US | 159.223.96.127:443 | sync.kueezrtb.com | tcp |
| GB | 172.217.16.226:443 | pubads.g.doubleclick.net | udp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 35.71.170.66:443 | direct.adsrvr.org | tcp |
| US | 18.210.65.35:443 | dt.adsafeprotected.com | tcp |
| US | 18.210.65.35:443 | dt.adsafeprotected.com | tcp |
| US | 18.210.65.35:443 | dt.adsafeprotected.com | tcp |
| US | 18.210.65.35:443 | dt.adsafeprotected.com | tcp |
| US | 18.210.65.35:443 | dt.adsafeprotected.com | tcp |
| US | 18.210.65.35:443 | dt.adsafeprotected.com | tcp |
| GB | 88.221.134.186:443 | csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 66.170.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.65.210.18.in-addr.arpa | udp |
| GB | 88.221.134.225:443 | ced-ns.sascdn.com | tcp |
| DE | 18.245.46.117:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| DE | 18.245.46.117:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| GB | 2.20.12.70:443 | player.aniview.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| US | 50.31.142.127:443 | b1sync.zemanta.com | tcp |
| US | 34.237.74.196:443 | api-2-0.spot.im | tcp |
| US | 172.111.38.111:443 | tracker.open-adsyield.com | tcp |
| IE | 54.171.130.238:443 | jadserve.postrelease.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 54.172.114.232:443 | sync.srv.stackadapt.com | tcp |
| US | 34.237.74.196:443 | api-2-0.spot.im | tcp |
| US | 54.172.114.232:443 | sync.srv.stackadapt.com | tcp |
| US | 172.111.38.111:443 | tracker.open-adsyield.com | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| DK | 37.157.4.29:443 | c1.adform.net | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | 70.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.130.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 232.114.172.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | usermatch.krxd.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 104.16.160.145:443 | img.onesignal.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 34.160.128.112:443 | api.floors.dev | udp |
| US | 34.111.152.239:443 | optimise.net | udp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 34.111.152.239:443 | optimise.net | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 54.184.54.14:443 | pb-rtd.ccgateway.net | tcp |
| GB | 2.18.109.60:443 | widgets.outbrain.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| GB | 95.100.245.166:443 | tcheck.outbrainimg.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 151.101.130.132:443 | mv.outbrain.com | tcp |
| US | 50.31.142.63:443 | log.outbrainimg.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 50.31.142.63:443 | log.outbrainimg.com | tcp |
| US | 50.31.142.95:443 | mcdp-chidc2.outbrain.com | tcp |
| GB | 95.100.245.166:443 | tcheck.outbrainimg.com | tcp |
| US | 50.31.142.31:443 | sync.outbrain.com | tcp |
| US | 50.31.142.63:443 | log.outbrainimg.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 173.194.76.155:443 | stats.g.doubleclick.net | udp |
| US | 54.244.255.127:443 | events.browsiprod.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 228fefc98d7fb5b4e27c6abab1de7207 |
| SHA1 | ada493791316e154a906ec2c83c412adf3a7061a |
| SHA256 | 448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2 |
| SHA512 | fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 026e0c65239e15ba609a874aeac2dc33 |
| SHA1 | a75e1622bc647ab73ab3bb2809872c2730dcf2df |
| SHA256 | 593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292 |
| SHA512 | 9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569 |
\??\pipe\LOCAL\crashpad_4736_USOPKPZOBCIDFKKV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5727110c5b0b000c892c08284a77d9de |
| SHA1 | 6134b8acebba724b1296ab788d4a9740872b9fe7 |
| SHA256 | 31acbd2a154cb97509a1e7b525bc618c23b7d8bc364d99fc0b86e20de1e4349d |
| SHA512 | 31e21361dc2dbb5678722d5ad2703534fdb3135d74235f12fa3dacb8dc367f832a80614379de002e221c646fdb62f205ac91f7268896b0c1e08576bbce8dcde5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 652fe6581195b310b7838164403cf9a6 |
| SHA1 | 49912ec4a753fd8384de4073bb8533c440d5f131 |
| SHA256 | 719b18db35888f9b0b24dc5dff3736325e3229dee3b521c4e3cb914a11b63c18 |
| SHA512 | 88cb1f9ccbe98f1430ab3f8cd52aec4d5d50c24f102235151f14e0fceaae100a747c1852bb8b8e7cb17ccbca2fde6d492c85f9f9898ef4aa3b1bc7893457542d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a651e84eea3015a2b77da532eae6602 |
| SHA1 | 2f11656a2a0c651a085f55692453828850208975 |
| SHA256 | a65ccc138a488ac8f6953a0090da24f95fce432e46f6d18c20132f9926e7c728 |
| SHA512 | 04895b4a2cee0acb96606bc23c17e9b904c505bd0b11cda227d82b524c855b3dd2c02e6bd2817e7bb53a2deda0cea36228230e0117575cd749c55710f26c63a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8208a39de76c65339b7bcaecbee6130d |
| SHA1 | 1d0071ce2fd4e1589de9f1e5d217fe00ab7b2937 |
| SHA256 | ed31053801ffa7c280681f12186ad4fb47d950a1e8ef2e5cbc2d24627818e9f9 |
| SHA512 | 2a0150fa90fd5a6d93f668c3f6ac24c07340a8554df8db9f14d6991e185c6f170dc3faddb807346f9fee32cdcf25584a5bb609028d812a990674496d190db849 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | bb37c11fdbc0465fe82618b8c25f513c |
| SHA1 | 55194601861bebb24419499a86956b0ca371e59d |
| SHA256 | 5e0ee43b3e4b3491b311ebec57eb8241568f6cf17be529e4d8947176c2bb5e6f |
| SHA512 | caf0a84c14837d85b52c8d743312c2b421a4121b9d5305e51ba3428ebf28ba8ea73ab9badb8dc9555d8f9b8f8ecbc72ec070e64d33c41602a0e56df39d8e6444 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 802ae7e2cb0164a8cc30d3541d644864 |
| SHA1 | 0558cc140800e0d434a3129307e24f3174d6adca |
| SHA256 | d9e22cabba219278072c644457eca1d33c26f690a493bb84cbdd127462960632 |
| SHA512 | 6e208718652536d38edd2d8372a2fa215a26d95eaee9c81e85e92003e14324b9ba9bcb6f0a812d8c66f5fc7341fc4b5daf32a7a8fc6068f4a6558dcd3c25bf66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a8c5ff5cbd172fb0fc6bcdea472ba47d |
| SHA1 | d84894a7f486cf62ec40e3ebb324f08e5664be75 |
| SHA256 | b3b9d66887b006f94ddcf9d644406c5e1f409924707b557ae1b885ab6ee28d2b |
| SHA512 | 809c3d55e51ebb1fd89ce8ae2ec00f546e81a1be9ca80e7d48700dc902a6cd9bcf95bdd810c5a4c0fbe7b19e9dde928aba55b1ccc38d03260e24a17b8e61240b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d0d8bf8592fc0eddc13d36164a7b0b88 |
| SHA1 | a192eb263ae1e3ef56c6618c1eecfa21bff6c60f |
| SHA256 | bdb47fcc37fedd9f0ddb5a7a2775ee754473321e21306536bac8da2aae116351 |
| SHA512 | 91e5cff8dc6f887d3ebd4510fe48edef2364c0461b67ebbaaf6c8c08ff23d3239ce8e8c62a1a6be4227ad2e05943ffc7dbf5706f3d7e44b6b93f7f7b25cb655b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cb4b44401402646e051ccb3476d36bdd |
| SHA1 | 473946bb592dc933b38457b143aa1476f2eac39a |
| SHA256 | 6d41f49fadb5e24e72257479f894d2ff8e786345d9eb0cb52f8e124639550be1 |
| SHA512 | 0d90f66d9c43bd599187d7cef1330f124cf58d0207c0e1f24a439305f7fd1ed85220381db1677c3dc29242e2f13187806c56b816db53410fbcd9b8c2e68c1aea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eef20ad49e1b7187bae0ac8b086bae0c |
| SHA1 | bdec758fcc123e5d8888284a40f37f3b23f054f0 |
| SHA256 | 0c1e96bb71b52ed3f8030b0ec8b8b79be1ecf576fb624d8344543cc148d6a6e4 |
| SHA512 | 142bf04db517d9c5a7a80107b69e8e2d26b951997962f603d7c9279ee505f0307d09a436dce18806292b828f64709cdab66ef5befc5e811c31af24cc61f730c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e9ca.TMP
| MD5 | 61a71336b6581fea83ef8c7c729af3bb |
| SHA1 | ba2dda7832610933b0ac8513e62375800544cab6 |
| SHA256 | 72f287a344f15659c3e738e7785d9fc93bcd585777c94adfb69f4425600e3ee2 |
| SHA512 | ac46d5fadb9cbf27e5da74bdb53fea42d5baf7e92cf8796ba6c1c2d926357fac386e1fd175aab48aeba011cee6a0f1bde50e5b0e40772fb3f8176455af9052ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3955a226b79459d794cde96297780bf0 |
| SHA1 | c7b7c74137531b58414bdfd54b2b4ec6e7f70597 |
| SHA256 | d5a2c251eba80a998efd9ac0c3b6c147c040b244ca4dd2aa51c6e5b941818832 |
| SHA512 | 56dd3472ce6c859376d2be04e016f338ec6a180e7b4417f9bef78ecc68405586ae555cf6b784e2732a0dde8182bf3f98b3a7d816dcd5bb315f75f10290f4380a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a264cd3c270ac91c64f06eec415bceb |
| SHA1 | 98bf607a2e5d99e262edf69aa787b5bf7fea7bc0 |
| SHA256 | 1493fa2944d21d0bf452a03c576dd38068ae1ac6f99c295aecab374ddbe04000 |
| SHA512 | 9b163db1cc7e477af455e8b6a5d4bf2b0385f2c4ea25f22af7501ca426926c3f5de6291703de73565c5ac9f0904a6dfb740ce2d98faad41aed485862ee506f88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | a2b03561cabc0d346e9a6be3f5b11b5e |
| SHA1 | ba0aea2acc1c20700c4c09c5b2b8d0bfbd33ce6b |
| SHA256 | 09588f4db755d8d88d9e521f5189d97c2ac781ee7ad782bb0c644eb9f69feef1 |
| SHA512 | 3602c58bf569bbf22d2a559f0a62c4ac8d6c9868dd956cf0d75d694d104eaf2f82d22c9427636a46ec82cc24e758ad1eaad75fab771ce843308c1b2fe57c6ddb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ace7e10dc5d5741b7b71fa5630f0b68a |
| SHA1 | d8963ab7e86221d21181fdcbd7982c50582d05cc |
| SHA256 | cac43bdc654639d88eeb2d5e9a4aa2c8ff3f5c8450202ed8584623b8fcfa2cc7 |
| SHA512 | c8e66fa225b534ade98cdd4bccee297d3ade36761c90847e48972ee19bb02f6f1de925cb34a6b57ae7b5652c21a7e2c9086bff39f9eeb6ce3d187ecd820234ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 956c46ebcb36cb8407b6b0b7e883fcc0 |
| SHA1 | 5b591f3ac4b8b35d7be9a1e2ab9577b9f57f1053 |
| SHA256 | ac1e3068940533b537027659402a0abc601fe1bc5ca36cee057a06d90f2de76e |
| SHA512 | c72c4ff39d789414fdd9dee3a63d10cac219a0b06abaf5b4b404036bcdef60acfd6473b00f3a7857e5a817caf50aff4a8cc3a83f609e35d9710cb02288465405 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 99b2f716285f104031d6eb4a4fc2d4be |
| SHA1 | 17ac45a5485c81f4d78d2e8f0ed3909e40743abe |
| SHA256 | 04551e97506c17becdd1b33a0923c6574244c907c4527681cea2aa6a1d97c47a |
| SHA512 | 18bf453f2727b4680ddb726e4c72ba3b1687b40f25d5a074588c872c7db8360993ada275f6808cbeffee2115958c8e8c75ca99acfe70f4a194aa219a67a5bd99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e4dc4406497794c18afd1725cb31ebd3 |
| SHA1 | 3e8e148b4ddcc36100437cf097201cdab90c293e |
| SHA256 | bca8dfd7f8c1e489673fc4490e0333462d76b5394072604de75587d75dd50eef |
| SHA512 | 4b7e44692472befc9f55055d3bf88386058b0374d2b81023a57b88caf99acd0aeeffd3655e2154c72334cf18df226bc8445155b9bef1af54247e7ebea9b6b81a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069
| MD5 | e81f849d22f556e1c55cbe982083221c |
| SHA1 | 5855dc7b3f8d5fc5de7ec52e32b3f910935573bb |
| SHA256 | 097b460749be89ca000ac3e9969d9876a3121f1a7356de857427c62634c8e5c4 |
| SHA512 | 3af35f7ded0591afa5dee60f5aa9cfd63b8878c274a8d95b1ee650b387b4216e3a91c2da8374b5db2cd7c357f30971d74a994f24f720bd37a194b917e2723312 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b
| MD5 | dda00247b36a9df775cb31aa96e96e53 |
| SHA1 | 36721b000add52f63c79d0c7fa4dec52e9fe8d3f |
| SHA256 | ba3097e039df81936d53218f598269278e54e63df9ab308bda2b4dbbf5cda1b5 |
| SHA512 | 0c598f73153722a18f8720d7473d03bd958d7bdd0316a4c7fe617efaac52690af8ca4d40b33814041a6e9eebfd6ef685b24713e186024af7508c6e3103c6fded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72fc5c497f184cef47447e9910ff476c |
| SHA1 | 13a7e35da0ed90d697f864c3f4caf370899a5a41 |
| SHA256 | 3701e82529677b60272a2f59cb5df82de1b508eb579eecfc566cf4056e9d72fc |
| SHA512 | 5b8641de3e4fcb5e0dd4d4c3bb3aa0f731d224252767f97d692aedd050ca2cf20be681e453daf40a0a77bf2f40c6c859232070e75975aa2baa194ad2724535ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 34cb984d29786586e74fd2432bf0f742 |
| SHA1 | f7918b4dc204bbdf49564e5d6ac0e6ad3afba659 |
| SHA256 | 20694838061b3dde4b099cb4dabafd4f3327a81197ff2b028ece91cb711e6701 |
| SHA512 | 06513c3005518284f21382f94276c7ad3d553ced64908f5107628388ed5020674598d6bbe857897d80a5f5c9390a2abbe12e966af449235542fb8388a804b230 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 9089c5095b3652de802473b664e4dde3 |
| SHA1 | b8d5159dd89ebb0f756f9b830331dba8e5f9b0b7 |
| SHA256 | a108ae19ee95045a05764bb3b9bd89f3ed06a4a89d4f9b16772391bac9f5a80f |
| SHA512 | 13356c4ea217c6d04957a5546e9df75867c3eca02c67a279f5adf14979320f1793bfde35c25123be06957bd1019c330415f7eb9eeef86106eb5b36ea0f2a9d41 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 79dc76c19d68c431ced16379545803fd |
| SHA1 | 0b0ec9c82b23ae5b078a59800289eb2d29a79c48 |
| SHA256 | 297959f4a97e1dc355dd6028f85bafa7a850dd7462d8857cd8f54b24b4db57e4 |
| SHA512 | 28dde3eaf638d8429fb21f229a5873f0d5ca6f5ed601ed69e0fa03f0d41034aa16373cce4d3f7520ee7186a5edc526bee51fd999ecff88b4394b05d187055a31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f1494f995fd36198dc8a76447bd860d2 |
| SHA1 | 175ed880a79bb84ec30f0e9615410b37e25f8981 |
| SHA256 | 2f9ca8cc476704d4a40493cca7916c8a5a8dadd97803d4c956b8fecb3ac31a81 |
| SHA512 | 22d108502c2166febf7baaec8351a5082a07420810bdc52d5ce93db20e44121b967a7656fe2dd30069c4367cd271199480bd2ba8f9c8875eafc9d363a2f18c2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6201070b99192dd63425d19b76469f81 |
| SHA1 | 4c0ed1ab102a9ac30213c750e56ccaf4063f333b |
| SHA256 | 615251d2f6aa69307817f7cc3b7f75498abef4a261fbe5e560af7f333ad4ed07 |
| SHA512 | adffb424eba8f5b7b93207969195d610388e7bcce46de05019e08eda66107d35ddfaa3ecb7151294095ef2aa2e881e9895917afc2396876809210756b9dd4df0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 55284f5d732d0c7bd4ce9a95686c7e17 |
| SHA1 | 0ce10a7c8470b08be743139e0a3e60e494082cca |
| SHA256 | b6d6e12a6a2e457b3c94edbeef2e9fd6e3499736b99401254056a26db98e2dd1 |
| SHA512 | 7c14c1724b6b72305e32c8c481f7aa3332a8154832b09932ec35a006b112057b43785bcd8c54f7c5d8e86b6f8ba5152aa6028adcde49322e9e9fef34884ebd13 |