Analysis Overview
Threat Level: Shows suspicious behavior
The file https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-4216-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-7539-yluh63018564&cm_type=link&cm_link=0da11854-d710-40c4-1845-bcd92bcc7ee9&cm_destination=//computalityit.com/wp-includes/facebook.com-wkipedia.com/6fob0medp65318/SGVsZW4uQmFkZ2VAYWN1LmVkdS5hdQ== was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Reads the content of photos stored on the user's device.
Checks memory information
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 01:50
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 01:50
Reported
2024-06-04 01:53
Platform
android-x86-arm-20240603-en
Max time kernel
117s
Max time network
177s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | contactmonkey.com | udp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 54.205.214.48:443 | contactmonkey.com | tcp |
| US | 1.1.1.1:53 | computalityit.com | udp |
| US | 192.185.142.83:443 | computalityit.com | tcp |
| US | 1.1.1.1:53 | ranvilh.com | udp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 1.1.1.1:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 1.1.1.1:53 | bristol-spray-tan.co.uk | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| US | 1.1.1.1:53 | cdn.socket.io | udp |
| US | 1.1.1.1:53 | 11cyclesforest.com | udp |
| GB | 143.204.194.23:443 | cdn.socket.io | tcp |
| US | 172.67.145.3:443 | 11cyclesforest.com | tcp |
| US | 1.1.1.1:53 | www.w3schools.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 192.229.133.221:443 | www.w3schools.com | tcp |
| US | 1.1.1.1:53 | aadcdn.msauth.net | udp |
| US | 1.1.1.1:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
Files
files/dom-0.html
| MD5 | 0beed7937b9be254f91a4590901105df |
| SHA1 | 3394ac248af83f547c02b77dd1aac941f99a5844 |
| SHA256 | e649853c9a4540dc9c57a766e7f5e66848e102549a555bae28ebfae8792a2140 |
| SHA512 | f0d37733d7234a59ce0d6ea1d14d1f5a07b22abfc8200c485d62339ab820f65348a9932f86103741814a031f20337f7e56cbd72d7e521ea805708a41744bf1ca |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-04 01:50
Reported
2024-06-04 01:53
Platform
android-x64-20240603-en
Max time kernel
117s
Max time network
162s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | contactmonkey.com | udp |
| US | 52.71.168.89:443 | contactmonkey.com | tcp |
| US | 52.71.168.89:443 | contactmonkey.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | computalityit.com | udp |
| US | 192.185.142.83:443 | computalityit.com | tcp |
| US | 1.1.1.1:53 | ranvilh.com | udp |
| US | 1.1.1.1:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 1.1.1.1:53 | ranvilh.com | udp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 1.1.1.1:53 | bristol-spray-tan.co.uk | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 142.250.200.46:443 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.226:443 | tcp |
Files
files/dom-0.html
| MD5 | ca8334585fb41d626aaff9601c196ed3 |
| SHA1 | 5f0e68e22fefd660cacfa341caf7e41655f487df |
| SHA256 | 038adbf3116ba04e2561b626519d3c8b99a55acb3a9d3cc9415a2c9df75b15b7 |
| SHA512 | 766bb6d7226208d404e1778c20048ca6f71f3582bb990aa3990162233e3dd57196854485308a3b7684c8a865da6b25c0944dc963af21c53413faf6dea6f06d7f |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-04 01:50
Reported
2024-06-04 01:53
Platform
android-x64-arm64-20240603-en
Max time kernel
131s
Max time network
164s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | contactmonkey.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.5.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | contactmonkey.com | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
| US | 52.71.168.89:443 | contactmonkey.com | tcp |
| US | 52.71.168.89:443 | contactmonkey.com | tcp |
| US | 1.1.1.1:53 | computalityit.com | udp |
| US | 192.185.142.83:443 | computalityit.com | tcp |
| US | 1.1.1.1:53 | ranvilh.com | udp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 1.1.1.1:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 1.1.1.1:53 | bristol-spray-tan.co.uk | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 142.250.187.206:443 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
Files
files/dom-0.html
| MD5 | ca8334585fb41d626aaff9601c196ed3 |
| SHA1 | 5f0e68e22fefd660cacfa341caf7e41655f487df |
| SHA256 | 038adbf3116ba04e2561b626519d3c8b99a55acb3a9d3cc9415a2c9df75b15b7 |
| SHA512 | 766bb6d7226208d404e1778c20048ca6f71f3582bb990aa3990162233e3dd57196854485308a3b7684c8a865da6b25c0944dc963af21c53413faf6dea6f06d7f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 01:50
Reported
2024-06-04 01:53
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://contactmonkey.com/api/v1/tracker?cm_session=6cb0d7b4-7514-49ed-a422-137958b36105&cs=d01410f1-e93a-498a-bdf9-aed95ac45c9b&cm_type=link&cm_link=c38d4278-31b3-4240-b05e-868db3a168a7&cm_destination=https://contactmonkey.com/api/v1/tracker?cm_session=78cba606-4216-447f-bc39-16d7e80cd3c0&cs=825ad42b-2c78-40c6-7539-yluh63018564&cm_type=link&cm_link=0da11854-d710-40c4-1845-bcd92bcc7ee9&cm_destination=//computalityit.com/wp-includes/facebook.com-wkipedia.com/6fob0medp65318/SGVsZW4uQmFkZ2VAYWN1LmVkdS5hdQ==
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb2aa46f8,0x7ffbb2aa4708,0x7ffbb2aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13043734908464661753,13358203022237799464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contactmonkey.com | udp |
| US | 3.220.205.231:443 | contactmonkey.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.205.220.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | computalityit.com | udp |
| US | 192.185.142.83:443 | computalityit.com | tcp |
| US | 8.8.8.8:53 | ranvilh.com | udp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 192.185.140.17:443 | ranvilh.com | tcp |
| US | 8.8.8.8:53 | 83.142.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.140.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | bristol-spray-tan.co.uk | udp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| GB | 146.70.23.90:443 | bristol-spray-tan.co.uk | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.23.70.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.socket.io | udp |
| US | 8.8.8.8:53 | 11cyclesforest.com | udp |
| US | 172.67.145.3:443 | 11cyclesforest.com | tcp |
| GB | 143.204.194.23:443 | cdn.socket.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 3.145.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.194.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.w3schools.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 192.229.133.221:443 | www.w3schools.com | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.133.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.145.3:443 | 11cyclesforest.com | tcp |
| US | 172.67.145.3:443 | 11cyclesforest.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_3168_XIJUOFUAMENYHRPU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e81da7e2a76f27ce56556f0a0929443a |
| SHA1 | 81bda18dc0f1871fc077db7e06c47f419a8eb5dd |
| SHA256 | e5fab7d6880345c068bfdeb2cc29466b51f2b5a076e84098561dd74e60148086 |
| SHA512 | a24720735ec387d0ad83bd640ce518dd0deda0eb79d5caf6812ccf2390bc76bfb292598c7ba3e1a041ec98dfce78b3713af7f4e831271c4ea0f585aaa2465f13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c31a4c21c924fbf4c0e9d72dc28bac44 |
| SHA1 | ab23dbc48b48ca7687ee2c2898990b030e022d7b |
| SHA256 | 0e1e9ef9d3113b41f6c6cb3a2542bed84473bfa0865874c71d15e99d1a2d4a22 |
| SHA512 | 050274f8704d517fc60ee8af34400609d4b1f698cba1e6d5066520095df481f1a7338f74b0b592d7c8cd8f38ea9405e0fa34b94cc3ac88526f23148c43dcbd50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df27e09cf56028b454d61438b4286b48 |
| SHA1 | cd624617bd8b4dbebfec88e8bc3046b13ac7fbe3 |
| SHA256 | de736c8ef9a44629f363c000da383da4faacfcbbedaaeefe5eed9800dc5db3c9 |
| SHA512 | 972d3a4ac07c403948982ed38e61c4a3a46acb9f03af07a8bb925bf8ee397b1992951af9cdb5ae32a3548e572f463ae9c9232dd185efaebf897781158d201166 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 60cf6cd5d243cad8c7ec3341860d5023 |
| SHA1 | ea9baf05860786d89f5b9fdf1f4d30f5fd6235e3 |
| SHA256 | 7e5091d48d9c625e35529f11423a6964197c3ebb08cb683c3dd36e0498e22383 |
| SHA512 | 22f6fd8860b297752c144b9cd3bda4710f60923a22474ab7d9db04ab97e22988e4609a11f1fa9062d599ea6a41d09f303552c7762b068a5ed2e0559da767de0c |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0b3d4c03fa38b64259839aeab61b5cec |
| SHA1 | 0b33ff5a11062047fd546cbf994b7281f1938dac |
| SHA256 | 3fe668d0d4cdbc05252abb4ef5c522c90c8939cfd2753d8b0ad78cecac15ab2f |
| SHA512 | fec3bd9770ce8e031ea01b5b81c6013955b034cde3b9021582715d85875f3ca9aaf3bb1debe5b522ad229bbf04b077cd972a9a81a8ad933fe36720996a552c6a |