Analysis Overview
Threat Level: Known bad
The file https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/ was found to be: Known bad.
Malicious Activity Summary
WarzoneRat, AveMaria
Warzone RAT payload
Executes dropped EXE
Adds Run key to start application
Drops file in Windows directory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-24 12:42
Signatures
Analysis: behavioral5
Detonation Overview
Submitted
2024-02-24 12:42
Reported
2024-02-24 12:44
Platform
win11-20240221-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca91d3cb8,0x7ffca91d3cc8,0x7ffca91d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4700 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rutube.ru | udp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| US | 8.8.8.8:53 | 148.233.248.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| US | 8.8.8.8:53 | 179.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.131.154.178.in-addr.arpa | udp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 193.17.93.93:443 | cdn.uxfeedback.ru | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| RU | 51.250.15.190:443 | api.expf.ru | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 178.248.234.78:443 | log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | log.rutube.ru | tcp |
| RU | 91.220.120.21:443 | pretarg.adhigh.net | tcp |
| RU | 193.17.93.93:443 | cdn.uxfeedback.ru | tcp |
| RU | 87.250.251.15:443 | log.strm.yandex.ru | tcp |
| RU | 193.106.95.138:443 | tracking.datadrivenpromotion.com | tcp |
| US | 104.22.40.74:443 | data.24smi.net | tcp |
| RU | 194.226.130.226:443 | tns-counter.ru | tcp |
| US | 188.114.96.2:443 | widget-api.uxfeedback.ru | tcp |
| US | 8.8.8.8:53 | 226.130.226.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pic.rutube.ru | udp |
| US | 8.8.8.8:53 | goya.rutube.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 193.232.148.144:443 | px.adhigh.net | tcp |
| RU | 193.232.148.144:443 | px.adhigh.net | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| RU | 178.248.233.148:443 | bl.rutube.ru | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| RU | 185.62.100.8:443 | river-1.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 656bb397c72d15efa159441f116440a6 |
| SHA1 | 5b57747d6fdd99160af6d3e580114dbbd351921f |
| SHA256 | 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab |
| SHA512 | 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c |
\??\pipe\LOCAL\crashpad_4480_RQOELMHIDBOPQANW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d459a8c16562fb3f4b1d7cadaca620aa |
| SHA1 | 7810bf83e8c362e0c69298e8c16964ed48a90d3a |
| SHA256 | fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a |
| SHA512 | 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d1115458e3d61098ebe62fc1fea585b |
| SHA1 | 824d4c67711dbd5f29d3f3c37afcb883ecb25f73 |
| SHA256 | 5127879b1bfd7076b479a34bdb7953745204725cac82ffe7b2878736ccde5d1b |
| SHA512 | 84e191c5de83b92323a38741215075874d378ed256b75f98000399827f6c9ae3f22fb3efd4910fe162747969a8a2f57ea9e972f99377056fe1269ae34ed790c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 46beaf80881d8c0218590e44b0d5187c |
| SHA1 | b167e1b5b63eedd536ff40207bb48cf40625bf22 |
| SHA256 | 6c030eff6b1ca1a838b2476b9f1deb81ea9cfcd32cecdfdaa372c2675f05eda5 |
| SHA512 | b6496caa5b765e076fea092e17dc57b31b27a55b2d3e3ece0984de742fa77acc5ebc47f9ca0ee6aa82ef8356ca98eda7848f22cd5930b53e1780643e4bec15a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a40383a949a4f780dab0cd16f5096b6 |
| SHA1 | 1a5dccf49a1db8f5c275872637198d0b7847d637 |
| SHA256 | a61e03b83446a89dda80417577acd7484553e96be4910f8b0510fb7a351c8676 |
| SHA512 | 512a93693822bcf9c651e83db420c41cef2cec8d84189732c633fba099f21dac4ae7151249eea44ccdf495cc4786e18343304cb9a31a8f2452dc86b4bfbaf792 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | bb35730aea8fb977109d4acaf13e623d |
| SHA1 | b8c0bf99d63c332c70fa1462eda1b3dbf11fa4f3 |
| SHA256 | 0e66b9615e3f05c6bf626b5a4be6d13b89718bfed2ec06273095821b40e4e734 |
| SHA512 | 8c431e2d9b628196f7ddc916beff8317ba0c5600f329d98ab7e3613bd71e0193d79a1a73eb32b711c3283222c032b5199d9211c46e721df1ca4f6036708dad93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cb20.TMP
| MD5 | e6760399a9eae32d90f4b3395bcc588a |
| SHA1 | fb3ae07b944887ced94144619138fcdf7a3ac262 |
| SHA256 | 233882f00682a9f823081c413e1b8242686acf6e9ba455f4101430eafd4c06f9 |
| SHA512 | 80bfd35d87f83d24738bec1b5517fcfcb00abc49309b1415dda3439ad5b8d283ca61385caf171caf004f33e4b6f1123768263451d6c6f3ec919cd52ba42df01d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt
| MD5 | a41b6a854ac1e06a8c9c4da343e06fcd |
| SHA1 | fbe2a5e2ada545900637b4389d0a3a2ddb27965d |
| SHA256 | cb0a4a34ead5c2b9db7f418c7c0a8286d408429202764301fe6d25da176c97e2 |
| SHA512 | d2126ae920b69269c82f28fb8fa5056c4f6e993e6b041a2756b020bb2f4add4605faddf77bd269c8d1654c96aecf469db0a82e53ec45f51684cf105379a3f72c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt
| MD5 | 08309019b7d5782518974f16133b0fa6 |
| SHA1 | beb950c875e04f5f03772046dce489772012ef9f |
| SHA256 | a1bb1a1729efc19eebeca40b3dce1dff32ee6e258f85a52a767b0bf62665318d |
| SHA512 | 261a2590b3a3363f4c28cd5d73a676aa815fa8822107ccf16acfcbf524d4b0f7aad6c4814fd4ae6f5f3b45f87ebe5f05d24e8deb8de9a54cbf8d9b26768a6006 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fcc6faf34aeddf3ba113f0ac0eba1e86 |
| SHA1 | a4daf4295a2d1d9416a738432b3a568d084bb89e |
| SHA256 | 9687bee37289b04814335f2470ca0814189c47e6bf03df7fe87d5fdfaa64434c |
| SHA512 | a32dd6c68e280b671a2a04a9f0de7808b439cb8b2c54551daf21b0d6134442b9ba815ab29f81e27ece9445595a946dcbfd545372ebbfcaa1e9c33079d093b6bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20e2dbd1d481da818d614c6a0058f66a |
| SHA1 | c2889dc3e29e37c7fe35b953f21815cbc97b2a48 |
| SHA256 | ff67c837d653df5a8a841195ec91a19fc88ce3672b830be85d59bca1b3b73e34 |
| SHA512 | 6e633586cfb42b6e3a992c7bc862a79ddefec7aa4b117c2dafcffc16c2f9e86a101c46a32654deb5523e91c492416d075d6934a0f7e9c6d158fa54c34dd2e843 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 575b032fc894dec9474db48666bc4fb3 |
| SHA1 | 162ab6245e7b3ccc13ad4e423e019f487b670908 |
| SHA256 | e62ce333fdc0abccb7c1c07a2c5b4ab0ad7f8697441f92052e92798c21fcdf29 |
| SHA512 | d6225db24e6729ba3e9e8c9f81aa09bacdf1317c7ff52df3ec0150e07cac8dc59f97914c7e9295e3454bb64cb375117f7dd4dd2809cf7ac040ec678a45d69725 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831d9.TMP
| MD5 | b2cf3ad34910f714af1afcd4556bea85 |
| SHA1 | 96752ccf96f0409f2edc5e04ffdda577d5c68feb |
| SHA256 | 0f274c859f769ab109325a8e7339d8c0d46382531c573149467344e104c0ac74 |
| SHA512 | f7c76bacc4405003be8d8ae48a8bf1834af8be53eb670b4ec74e78de3afa7281806668c7f557f011cbaa7fd288ca024488d7de56d2b65edfd17cafbef9c6a0cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 92b82ee24b6b961469494b74f929b946 |
| SHA1 | e81060fd782f47d3bf7f32b258077bac7958b2ec |
| SHA256 | 23220ecd19143e363a8a383f64fd0eb836c89f0e5a63d1d7d867985c1bec832b |
| SHA512 | fbebf043805582c23cf3bbe57b3ec72fd5918682bb3a50ca40f67c031857b176bbfe81a09cdec39644e3b75f89541f4cde2d6d7452df0ed83abbfcd4e9cdd79d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 93d3342cb56b2119d2cfb7064e79e82c |
| SHA1 | 876499ccbae3e9d66feb4a8cd37f681f4074b56b |
| SHA256 | ee7edad14f45fbd81c09361587cb675899a43dd7eab7705e01befc85a553296f |
| SHA512 | 2ce6a27990445070a6987b451e821901348b8ec86e44e1a07f7409c9355a28822f110bdb7ae3da01934e12db16f88153582816ca3b5ceb5840627f82adf8c835 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1a5072d65d7a19427bb7b6bcf17da9b6 |
| SHA1 | d4379d4c20174b5478ea3c69fe7bd1a8ff92ecd3 |
| SHA256 | fa8b13d3fd57cd7b9caebfb1e2d0841f6d6bbc468cd24b47ca7c1dc8f7d96215 |
| SHA512 | 0ce11b6ae537070d9128cf445d97d7b7651731acecb869de20cfc341951bcdce37574f70ec5502e29dd539933f14d13f4a9d0a592350a3473eeb7b170f349f8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 49b9b2580905738c46aade76e6bd7a7e |
| SHA1 | bb35da1ef90984bf9ecc09ae785d8f9cf24564a6 |
| SHA256 | 6290c8faa758b1f1f0d68e189a926e764fd8dda7fa75bbe75196a2c1e4daf7fd |
| SHA512 | a4443ef082df1cb85c9d7fa83d7a63ba5903054030dc7aa2e97609b43302c0b3a13a0bdf5f634201c574d9802f30bad91245420e765d86091a57a74daa487947 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 51fc1e30779ba13c7b87dd0d120a122a |
| SHA1 | dac77709ec006e1a5a4c8d1cbd737c5d3dd68647 |
| SHA256 | 06d7414695cdf394f6b658baf761862475bda847189460d50f85d5e517076906 |
| SHA512 | b7a3fa00abb5ebd2a1d3e11b39a9188b0e3855b2b04e4cced66963507cc564688a582d7e39fda7b7bec299b295fc86b8d5620707de914a597ea995010b8c251e |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-24 12:42
Reported
2024-02-24 12:44
Platform
win10v2004-20240221-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
WarzoneRat, AveMaria
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe | N/A |
| N/A | N/A | C:\ProgramData\WinDefend.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Defender SmartScreen = "C:\\ProgramData\\WinDefend.exe" | C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eeb846f8,0x7ff9eeb84708,0x7ff9eeb84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x440 0x444
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5260 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Celesty\" -spe -an -ai#7zMap592:76:7zEvent22603
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Celesty\" -spe -an -ai#7zMap1012:76:7zEvent18191
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe
"C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe"
C:\ProgramData\WinDefend.exe
"C:\ProgramData\WinDefend.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rutube.ru | udp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.233.248.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.rutube.ru | udp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| US | 8.8.8.8:53 | 8.230.248.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| US | 8.8.8.8:53 | pic.rutubelist.ru | udp |
| US | 8.8.8.8:53 | captcha-api.yandex.ru | udp |
| RU | 5.255.255.70:443 | yandex.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| US | 8.8.8.8:53 | 70.255.255.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.rutubelist.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | ads.adfox.ru | udp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| RU | 178.154.131.216:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.uxfeedback.ru | udp |
| RU | 193.17.93.93:443 | cdn.uxfeedback.ru | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 93.93.17.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| RU | 193.17.93.93:443 | cdn.uxfeedback.ru | tcp |
| US | 8.8.8.8:53 | 164.137.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget-api.uxfeedback.ru | udp |
| US | 104.21.62.16:443 | widget-api.uxfeedback.ru | tcp |
| US | 8.8.8.8:53 | 16.62.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.expf.ru | udp |
| RU | 51.250.15.190:443 | api.expf.ru | tcp |
| US | 8.8.8.8:53 | log.rutube.ru | udp |
| US | 8.8.8.8:53 | 190.15.250.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pretarg.adhigh.net | udp |
| RU | 91.220.120.21:443 | pretarg.adhigh.net | tcp |
| RU | 178.248.234.78:443 | log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | log.rutube.ru | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.120.220.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.234.248.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.strm.yandex.ru | udp |
| RU | 87.250.251.15:443 | log.strm.yandex.ru | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pic.rutube.ru | udp |
| US | 8.8.8.8:53 | goya.rutube.ru | udp |
| US | 8.8.8.8:53 | tns-counter.ru | udp |
| RU | 194.226.130.227:443 | tns-counter.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | data.24smi.net | udp |
| US | 8.8.8.8:53 | tracking.datadrivenpromotion.com | udp |
| US | 8.8.8.8:53 | px.adhigh.net | udp |
| US | 8.8.8.8:53 | www.tns-counter.ru | udp |
| US | 104.22.41.74:443 | data.24smi.net | tcp |
| US | 8.8.8.8:53 | api.vigo.one | udp |
| US | 8.8.8.8:53 | bl.rutube.ru | udp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| US | 8.8.8.8:53 | 227.130.226.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.41.22.104.in-addr.arpa | udp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| US | 8.8.8.8:53 | cdn-st.ritm.media | udp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| US | 8.8.8.8:53 | 100.105.188.5.in-addr.arpa | udp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.106.95.138:443 | tracking.datadrivenpromotion.com | tcp |
| RU | 178.248.233.148:443 | bl.rutube.ru | tcp |
| RU | 193.232.148.143:443 | px.adhigh.net | tcp |
| RU | 193.232.148.143:443 | px.adhigh.net | tcp |
| RU | 178.248.233.148:443 | bl.rutube.ru | tcp |
| RU | 193.106.95.138:443 | tracking.datadrivenpromotion.com | tcp |
| RU | 193.232.148.143:443 | px.adhigh.net | tcp |
| US | 8.8.8.8:53 | river-1.rutube.ru | udp |
| US | 8.8.8.8:53 | 143.148.232.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.95.106.193.in-addr.arpa | udp |
| RU | 185.62.100.8:443 | river-1.rutube.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 198.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.100.62.185.in-addr.arpa | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| US | 8.8.8.8:53 | 931221.log.rutube.ru | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 931221.log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| US | 8.8.8.8:53 | 941221.log.rutube.ru | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | 4.202.245.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.169.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 12.125.203.66.in-addr.arpa | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs270n447.userstorage.mega.co.nz | udp |
| LU | 31.216.148.17:443 | gfs270n447.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 17.148.216.31.in-addr.arpa | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
| US | 8.8.8.8:53 | su8z3r0.myvnc.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6fbbaffc5a50295d007ab405b0885ab5 |
| SHA1 | 518e87df81db1dded184c3e4e3f129cca15baba1 |
| SHA256 | b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6 |
| SHA512 | 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b |
\??\pipe\LOCAL\crashpad_3756_BHUFQHMTFQAXKJFO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 360dd5debf8bf7b89c4d88d29e38446c |
| SHA1 | 65afff8c78aeb12c577a523cb77cd58d401b0f82 |
| SHA256 | 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef |
| SHA512 | 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bdcab81d366bbf75339882ba36044618 |
| SHA1 | 89aa0441cfff6ea49e67861c995b32807eaaed2d |
| SHA256 | a418cc7d72c58cb328e914dff769805e0dd9e5bce7d40d4275aff7084bc1d01f |
| SHA512 | 43ff04ebcc25aceee2c039a78ffde21cd512312e092b0f7f4f634632f6486c1621b5ddc62c0ba10f1f7e603891333cbeee2ffc6639f5c9b6d7f479c9b0c0fecb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa549513b8b9415bc2124188e9595a91 |
| SHA1 | 5d45a5dc09089657878a994dbb9e8a8e00b475f6 |
| SHA256 | 7617157a753073b91e8bb0fa85686a63712c370ba5f70ac1722b174043325474 |
| SHA512 | f23754142008f1368bb507f744f4b0ab1f29fd4c3c44627f04cd291e0b43b69b0d37400abce1b15e6a0430ded06abd8b6104bb1b7eb6ed883766b071c29a9d5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2e93ff7b2fc6b4c1a1ad5d15902c99c |
| SHA1 | cbada9202847282b3f0a3538f1d75380b24d38a2 |
| SHA256 | 199e7d03f6e13f2c85c26db7ca559e617488a9fcc1327bfc448f51d80e12daa7 |
| SHA512 | 6605ff640cfb24df68de0a7649d531c8d166e83500d161dc8f627ec9e9d8b13b2af7cb3adcf0bc2d5930058fb7a3c83593de396c831c705a82d3f963285e8e4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37ca3c9563a98e805673fda3f553cada |
| SHA1 | 5ea8f3aa49198f14547fbcba723df61cbf045e77 |
| SHA256 | c4ea9391240b877198754b942e0e7cb25b6acd3e58509d8da5593ee2041ca47d |
| SHA512 | 945bd29c6d5e933d37a533e51661b5ccec1407c811dd98ab69ecab66d43b0f51457378922958c3081d6894c54d658f8748d24341fa6537bee1c4c31ba7c4c162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a2240b5a1b46faa612c3d30bfe019347 |
| SHA1 | c1f33cebfe63f5bb6403af86676eb50720234d75 |
| SHA256 | 7252290c8665a21d6fa5f66475ff6df3c8def5245c55417bd2fa3f6f86788012 |
| SHA512 | 302340332a67aa84333c3c9295cbf912f9ee22147b328179c932f6e2186ff7d772fd64c77102884b55967432cc0fcaaf7b90d847805bc86a54510170c1a821c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585b2b.TMP
| MD5 | ff8e83f01968103fcc4e4adf8f132328 |
| SHA1 | 29e1db319e53911a69a4abf5f30680bc4bbdfcbb |
| SHA256 | 1fef5ebaefea88abd6d733472fe1438e8ab6662c2abb18e5efc790a6c6d865e9 |
| SHA512 | 2eb590391125b18492a44cd912c5f3b1b28b50b37ec01fe19465ebf790b4fdb7f1877c3db4572ded8febd48b525bf3591e67f79fa36ff8ad63baf8ec0235b387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt
| MD5 | 4c5e826fd41b29e570790311e5256ea9 |
| SHA1 | 4f69082daa304ee6d12e85d4d24e54549892ba64 |
| SHA256 | a44429b0ea4e44705f5f1f8e6226c859d5e9417334ea6d7a44271cb3d86a6899 |
| SHA512 | d88ef6cb23007b36e9e794e0b08b74cd43c06ac6380210a33bdb3fe23d3c0fa93b3b5510295c7c30c9727dbbf2d14d33b9282b738edbc307881e301a32cec0c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt
| MD5 | 875c8ee480eac6901e46beb1c3b040d5 |
| SHA1 | 2f42852a0e7e7e83a30b9f6f8c4745241d10c06f |
| SHA256 | 9a1ac2ca0108d7e6cc77c689bfb1d9761a529f0d9189cb3ecfb9666bbee63f66 |
| SHA512 | 0ef5e8dd531b8418fc7548e999685cdde581f59b9e2f51586d3667e72f5aaecdeb726b3baf627ef267d1020e9fd2740f246dcc1751c2a18d11d0f6a137c49cb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cae452b36bf6e4b1c08977f731104a28 |
| SHA1 | 991cc8303846e8526e4edb038d93959e1fe071ee |
| SHA256 | 253bbae8a54a8c0c5fe4354cc0f8f539c2945033f0bb95917d4ea1a034913636 |
| SHA512 | 44293ebbfb2399d96d6efe3fa934c6000819db87fc9148b81cb80b17d658969f9936de9152abe188de564ac9c26bb01504ef200f2aa2615f7700f347c3ccb5fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586d8a.TMP
| MD5 | a637ba6fd086378e6ed2d1733763bb0c |
| SHA1 | f4bf1e43daf211422355f6c10d29774419f9ac84 |
| SHA256 | 433815baefc2c6a4fc49a1d0401e304d3981e17ece52b078fa0d8e029fe4086c |
| SHA512 | 0b8b324b7c43f4df4fe99124fb4d02d1e8827f5268fc8f2ffdb42066ef6eaac3baa0cbb812cfd89694d49d693a75a0fb766fc171cd4eb70ead3651cbf276b910 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dd90a9317311f9166232b05fc1dd5369 |
| SHA1 | c4cf24d55e25d6e74dcdfc768a5dabc5927e9383 |
| SHA256 | 8087e49db7544fea60d6132b7a27a8c8d41cce8f794243c44e9a549cad1280e2 |
| SHA512 | a585e22a18183882c6f6684c14beb539f88e00b137575ed4973ac88867145ff9c083e8cdf6a36513601d0e2160dfc5d7b2e2efe524b14d3e3925464a027dc627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e66f5643374b340e7e94b1ada29ba18b |
| SHA1 | 0afe5d5ca9d264afa1937ae04135155217ece35b |
| SHA256 | f7cab48751ec1c185e209539cab2c72d676e00d8e02835d69c80f6c56bf1f990 |
| SHA512 | ac64cf6d3835baf4a86634a14e0afc98393d458e07b5496eeae332cc3ec7c842e160e386148c0008ba7001d1cb7ef3949759702e1581ecfdbf9fd3c12b71ef13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 867b34028ccd5258290fe7ea3af05519 |
| SHA1 | 6d565bc9c1dc4c1359c209bd14459a8b8f1a249d |
| SHA256 | 687abddb4c8907016272a7d007a5458f607c9772846c7f655807275bc8a8bc58 |
| SHA512 | 13be8075da2ff1cc406f4066b9634e2a8d5870de8777dbe4cd8ff95c069c298cd4b26a8685e50b87b3b1742059cc19897201ba2267443cf77ec2f093c34da6f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 273b41aca161f2787b618fa4b4c44781 |
| SHA1 | 1db41d6959562197fe7b7e58f6f3a2e9c9c298a0 |
| SHA256 | 23ee94184051c29562cbd919414dae77759826c899d8b87c80e31bd3ca564697 |
| SHA512 | b025b347cc72bb322df6576048c0002050a55ec4e8b6b98e0bcfc376e58c2a350c672461d4624ba188a340faf043a89ece23f5f9b49775f7752980bf29e6b990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2124ef5a03b51ced02939af13f3e0bf6 |
| SHA1 | bb1a728c85c6657305d66ed6499ac543c5fa41d1 |
| SHA256 | a522919aeffada3273d24383e91fcb225aca9bae336a5d637f41cbbd5ddd1fb0 |
| SHA512 | c756f6d2a7b0b503a538e0190905ffd5e920b25e604d333d58f9d22f0356b3f995c39b4dfbe0c2f37f57967ab7ef830908a1101a5dff2e2f264e2f698387c6be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 453a301eb3f5e6f4686ad6e6223fac6a |
| SHA1 | 93152a743403c7c64b1dd9d74358b7646ece29ab |
| SHA256 | b5049ac7deba5f2505361733197a6d07a22feef4ae202a19f70a5fd66f7f59da |
| SHA512 | 79ff48791fb47ed1c8729fa60a1f4e61d4725a5ce55a36c91ce66bf7a6b1bd26be027ba22197c10089acdfc11210e1bbd13de893fb0f0585944a0a856f877d83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c0e9fba4f55125013bcc5c51740bf55d |
| SHA1 | ebd7a683b695b405be942767586e450343238297 |
| SHA256 | 9b3a7af2064759d8492e3a84fee03158643c9ec45a501d20545ede0fdb9432e0 |
| SHA512 | 73da4f61f076a956338a87887fbda22f1ba2bd56c9dc142ca6ee790d35862cb36fd4bba16c9762616974865880d4ff8a2b9b9849d0c2758c954b066d2076ac16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d4e9c654-eaba-4ab9-8d0f-9743535eca68.tmp
| MD5 | de3006e417ad04c68adeba41ec174322 |
| SHA1 | 61f6e1c92021157fbf749fc62756599c5867c4bc |
| SHA256 | 4910aa3f453cf2e80ec3f4a59868eee9ef92a863db79f210588c19ef822b6753 |
| SHA512 | e21ec35e7a34d79860cc682992c63ad7b2e87614ccc32fbb5bdf2fc1d5338f71d10f54342b3565846a0e64bab60f4ca06862242e361136c643e532fd8e12a74c |
C:\Users\Admin\Downloads\Celesty.zip
| MD5 | fedc3a27375f81cd890d658678e07058 |
| SHA1 | b08bf3e9df71d4b8c1f37843a122a205b16c52f5 |
| SHA256 | e2098968949c37b9ccdfe772dd68325316720840fc6c9e7b014fbf2ba51c7425 |
| SHA512 | dfabe2fcd27f091dccc9336d5e2a9ff587385332fce2e5244aa2f7dbe65f79f7d8007ee5bbfeca4948ef4e57200f3855b0d7f758774bc80d02abbd6585081344 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24f74d6d2fb6b27fdb9c3316c906f85b |
| SHA1 | 16503093687190bfe8b948f77418b4bafc0dab51 |
| SHA256 | 4dd1be5ef67f922019b528efaaeb03507ed914aa5ba841c1ad4d879c0d92f9b1 |
| SHA512 | 06ba4b4bdb69481bbc761c277ea491d8b4658f65b724871b0968c841045ee369939fdd8984a8d1d98673a422b2927acc0e458d8cb5a7fe169f98b4beba74aa47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c8264e38fe678632cac90e60ca335ef0 |
| SHA1 | 41ef24f896e6a2f9575ac2770c1f3c686cfb1088 |
| SHA256 | e95e1f787109a43cd4d7cf81c2326a8e0e2ae8e4f08350247c762b18bd00aca6 |
| SHA512 | 0733e800de59a257df704557285c067c2c3932f85d640660e3819c321884a5bee61460587615fc4f97c1afc104490e4af3d97904628438294beb5139f9d1cf59 |
C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe
| MD5 | 48b8111a615d7c128bdbee812e202485 |
| SHA1 | 18609579af28054974db5bb2ce48e931f662eb91 |
| SHA256 | 7e6770f76a63eb2ab3cc1bdf182f051a17e906d26edb1a4749bb229d49d22711 |
| SHA512 | d6386be8e1958c6a8d7a000f19d3eec5a706e35137eed38e064a5e16b0036a6a4a948ff8495b25c44acd4d571dac8eea08405d68e0d592d128cefdbffe7ce183 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-24 12:42
Reported
2024-02-24 12:44
Platform
win7-20240221-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000004899e93caa89df29770acd01ea67153aec0c2d1cb7491f5bddebf5b899f37e05000000000e8000000002000020000000e3c82a544c0f864b74a5b7182e10b5dc7e51fc6e0ed4c6dc0d25d3d96deec60c90000000a32f810ec1bb81f2c271ba944de67936d132346146078aa0b6869c46be543b365a90662e55fbf26a61eb82acc4e14d18ad6b1d1b45d6fed885bf5b587f45539255304534dd7129f742052a29893dda98f96f1fd5a30678239f173f74fcffbf135556031c14842195f22b49571e1c626b90572d722da1f9dc1cc6c02ee13084b4dceebd6f50b70866bea9331cf7da92df400000008a3086b19da0ea971eaba0942ec7987643c605124b33e1fc76ae19a87ec029b5cc7325d6c93d27011c66fd289507bff31194f4facc763ebf9f835b787cacdeca | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000007831358f27df1ac3c998123472968da7d4d3f4061946704351ce3cfcd9b12adf000000000e8000000002000020000000f3c283a2ee71a2feb709e72497a27fd1b87ec761108a9602486e5287da1e12cb2000000044edd013478adae52723cf593d00a44a8a221fafe560811e0f1fe143ec2ad99040000000a4ab3bbcad4738069082222e3c079f85649829f79aa15ca99db4f416a54fbf7575f8c1fcf03afeebfa147f48c8ae5a1f71474c8cddf70d0451372df362e5065a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414940407" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2567DD61-D312-11EE-B2DC-EA263619F6CB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c7f2fc1e67da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2860 wrote to memory of 1960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 1960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 1960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 1960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rutube.ru | udp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab984B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar9949.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c1c6720347964e21454d4a76b6e816c |
| SHA1 | 2621e94120b7eed990a92bf096bbb2a049dda22d |
| SHA256 | ac474ebe5adc5b8f79cf715a462544cdf26a8a8376d07b826a89bec3c2b404f3 |
| SHA512 | fd9e0f8dda381f0c487eec73e9f65fbc7bcdc3c17dde3c045b878d6b7b21ad55d0144f4327bcf093ddda77d97acd88f8c5da1c360cb069a1b388579b74f221c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 228bcdcaf060e4a24d387b6414279466 |
| SHA1 | 83035cce206d229650e117828e5a52cdbcda5965 |
| SHA256 | 83102c5e9e00c764cd7362969189bf572535059b1810f587a214a91173e8d3d9 |
| SHA512 | 4cbf49f6ee485619063ed1abc6749b010adf820b92771a295af912ee55c1e6a7672a46f5b458e60a41058f3f94445a13faf62031ab4d7a33de702c4bb6d32036 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dacc48cea1254ae0d6838e7a3a724e12 |
| SHA1 | 846dc4eb27cbbe684a8e0f4fbf5cddc10a0893a7 |
| SHA256 | 269b67023c1534a5b90e433dc1ae9fbcfb3cd6920b119f5302f5549822f9afc8 |
| SHA512 | a09896974fade522dfb12022c913ff9df7981db617ebc82a1daf89166bbb6444c0063164e19a2750f2d1da00903bf572c2635fd6c39a8692f36ecaa83427571c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bf92f922bcb83de8e515ac9c89c9890 |
| SHA1 | 45578a51279cf81ced22a9d6f7b32187a35bf41e |
| SHA256 | a600589eb53f456939ce983da8ec50edf138f580b6919fcd05393418327af42e |
| SHA512 | 1526b2b62e2bdac7101d6b8e5c0a0bd42312817fc6a90e97434c7ce6f2e0d497213bc3868693c873ebaac8109cb8df8ee7531f80bf933146f0be4ac7011da169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8774ca34e69e6167861a0e91dac2377f |
| SHA1 | 7a5b3c31baaae52c2f0ebdb10f1e7159c08ab79e |
| SHA256 | a32b4466026ed64ed52d08d4893e8c96b7f60178d5f321bd87291062c00e3daa |
| SHA512 | 158cfa29a5e62302125d88ec18cb5c3f664b9cdc355d87f694671d386a843a81d4b51b0ab532aa9c626fcb39872a662cc26cf5f873b9631247274b27e32e2e5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06772cbd295b6f746657aa57754b00e6 |
| SHA1 | 01fd31ee27cef80ff2cb64a966f674c1efa8f588 |
| SHA256 | af6849b726e5297402bb3c3a47147779a11cae54fa6b3fbd1d84c5fe02b937b3 |
| SHA512 | b6c9288e395e7dc0be8dc8dd6a53f4387eb9d4eb35b44539206c48e7f85616da3993890abef737e79dee10a42cb5b212210ae8419c45ead9e96081b50f66f679 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | feeafa43df440476762c72a7d976746b |
| SHA1 | 081c387324c81dfe15448e950fd0cfd1cf3a6719 |
| SHA256 | de08e3594da4ff8d44061bb49dd6b16b5afd77e0da4de7fc692a801c804ea3c5 |
| SHA512 | 9de16c013140ebf4e5cd66cb93273915fd79686b564ed25b9ce4a725aeb90e67b659a99222f2263f6da2ead49b20b67bfe01021c92dfb946be5c8bbd63c0a2af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3844813afb860597b54356842d12a97f |
| SHA1 | e8caf7204a27ab85e8ebb4f8b72b51205429d886 |
| SHA256 | 31a59ab3764deb0eefc6f0c3ee9889eccea69dc1cadc3e6aabc4638c224e1431 |
| SHA512 | 531c1f29cf52309ed26ef046c65bfd1bf6b5c70d9649fb9d703ef75555c7a0dd4543ee1bae324169b58d9da90f5f7ed6e0d7800d5a4d777ea9a85599df416d56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d6d27e3fbb71ecd001c9e0aeba26e60 |
| SHA1 | 7f34bc6b145f01995e815e8611e3079085ec326e |
| SHA256 | c34241dcb2f7b5ae8e491b4a1477012008b79475d116b3dcd66c5a8ceaac1080 |
| SHA512 | 0701b74e962d526909f19a8e55183b4be8fc9949828fb81b8641e5ee04546c063348a098f97b959b807131ddcfc15cff79b74bbbe9fbc6d40b421fc2fff00318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d71bf52e7410cfb78b8521f26660b47 |
| SHA1 | 5513786a09ae3d540cf43b3191a117d784d1ca19 |
| SHA256 | 507c24f819ea52a0ba4fe9da84b587f5dfccf7521bce456c05cfd31db5b004f6 |
| SHA512 | 7ccb5a3c8ec750a244eee77b35b83d272281f195821d2afcc6f951c102260e7d6c3f95f0d9651663b870cb435d6245f531af59eaef48f42102c46bdace190d59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a20875acd7463fbcf988232909ac932 |
| SHA1 | 5f27f428d647a88cdbf587e5f20d902403e8c516 |
| SHA256 | e02a893a45357c62c1146f42f898a2d56758e3956ef5a11c79fa6126a5259e61 |
| SHA512 | 08ab83c594e52c8805a9860f322b23a604191e09e85511088e3cda5a37a211ec71e43904f91e6e57a344b9e8533078d89b465af0b0034482bf780c6a86c905ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3fe2104bdcd8c5f72b075d3ef777bd1 |
| SHA1 | 19c91ca73441d85ffc419233dc7bf0b5df88dcac |
| SHA256 | 1a9de420ecaa52b7a6871f6eb5340dd8b104b52a18436046561830a3b4e0917f |
| SHA512 | f43dd591f82f64893f1fef6ade192606526e997d3800f956c8685a90665722f1af84810fc1e108c66eb8ac1a3316fa26217f1424fce6ce41e348eff2d873e34a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74bd8d4eec2355adc6b407ca08a0d814 |
| SHA1 | e5a42ddfd2c64537c862a1bde30742b489e776b5 |
| SHA256 | 04ac7014bf7bde0758d58e62498687b747b229d1d1b90f3a015632015b856955 |
| SHA512 | 5386cf775b76493793ea5a5cc952eacdd9e2f4398a3fa70c5a8ad07fdf4756e84971d7d33b780c30f93ff6c086c9dfa7f6fcfcab25f4cbf2dc8bb5b4dff0fcd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49c241ef0d669a1b3cb3f07923e29d9d |
| SHA1 | 2b0bef77101e0e3667a7acb861577188278818da |
| SHA256 | f7c0d9dcb5619ea8a8a2bb355b7e94d5a72b69bbee34999eca98a199fa25c95c |
| SHA512 | 660dcc9bdeb256c3be4dbd9b6ff1a289c3f1b7fbf34c7cae54b3438321487e248b02dc18b312f29c2c7945673a44571c44d95522361e3dfb21a7438a2cefcf46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a27d85949bbbfbe82daaac93932706d |
| SHA1 | 8bf44f0ec87ac4fe3842fceade302b3ec87c121a |
| SHA256 | 8bcd940f47cef80cae90a81e8a8c486f339b1d66637c91e3518f88b057ed0fc0 |
| SHA512 | f3281ef457cd0da0e9d3226bb6f2d3cb2764c6bc1e03792669c06b543644ffabc7f1536c2d3c8261daf6414586eb9d550500dba466b14cbfc346d09da085f45d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7abff6cd00271772ac6fde706e64b4cf |
| SHA1 | f40ae62ff62f2504286f855499a2e6755edb84ce |
| SHA256 | 5d70375ef287895eba38d1ce010208d3823ea690d137f603f696466041dcc1f8 |
| SHA512 | 36cc89b5d2ee9c9535ed97c5a8e7a59beac82515d6f4fd7d1415f56ca51aa7c78939d1661e675c03d5123deecb8e7c2abac0168b574f8927ad7ca64a78d665a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e40994ff3e53323f4efc993073d5fd7 |
| SHA1 | af4552ca53bd8d619354875ce46a7060a9e3176f |
| SHA256 | a97a05b841fde2f79103ac3d6247f874c71b6b0f9c07fae221654289e34a1d2e |
| SHA512 | a5f0a4b982ff6064799b58b2e82b400967755401aba05a997496b63af3f67153c06ee743bf6c3179a0b4982778f726d0bbd8cf2990d6c08d36ee4391b482bc2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f183995af2acebae39533f72a05bbcae |
| SHA1 | 7aaa33f1e8e4319384549c8a04bb4b19f4d1fae0 |
| SHA256 | 22de6147dd3fc03cab6b115dc7593d6b79d2b324ab4786f899d6e871ce2ec01e |
| SHA512 | b7b56ec5c27d86abf6d8a821ca14c75c46162eb2cc593a5d2f450b19f4f001d0e8bc8af4127afc07cfad60269a1295a5d1a0e31930d0769742890b6d848e7a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c393c238da47d7d425c09a89b43a98f4 |
| SHA1 | 33fd16425c46c41f2f52a59c3f2be89a302638d2 |
| SHA256 | 7e8509ec20e58aa40a46893a5b3fea65a5fffba325cbbf4f229f7f7e2ec4c287 |
| SHA512 | 5920c3231911a2a43b6e73e0667583ea2948b348175efce8f9167362042e7cd2e11437519482a6dbdaa46def5ecd3f82d5ca533aba5f8cdc8eb86756c6f68dfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 191f2314dcf906bd1f6be47caa13c1bd |
| SHA1 | df069996e602fce0d0257fd3fa197fe9ad64083f |
| SHA256 | 1d8fe80868297b95da4abf8199b8be33877881362a5013b74de1c06466d980a3 |
| SHA512 | ee8576af7645f8efdee220df630170a4fa4d17cabe5177128fd07d31d6b3549e9cafa91c9e13d2fee5147eafeb9d1352aff9ea77c17f667f87db9b4bb1a8a34c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0232ff4cadfdb164bb42020ba68bf9d9 |
| SHA1 | 5f6b3c501f31c4f355ecd47ba99752e30c812fa5 |
| SHA256 | 7ae4a40ccff047691f6e57005b1aae1ec90d0ae186b48c51eaf8769dd0fe6ff5 |
| SHA512 | 4f2a9dfbdeeffb3c92368a1a13a3c51c8197ef07e9e3b3f51b93f5870fdda0c3d7208d0138d7266a22e7c8245f0017c509eb3e73963d438ba2b57597a964b61e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 152a4db424a67f78fb29828fd17095e0 |
| SHA1 | 19472300e1e6d6f156e4992a4d83b7acedc9b445 |
| SHA256 | b8a2a96d4942cbaf251a65020b6bdb32312bd135c053bad26dbcc303dd4297bb |
| SHA512 | e11a8e33e1a15b18d4501c04d8cd3181ce772498796b6f3a3cf8456fc706cb50fb19e72bf8947482be68f802c027cc4bb6c91e3145fe32db69ec2076b19a9587 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74ffb681d90cf2247e2aba7e215d44e2 |
| SHA1 | 2c249fed8e6326f5677996a1762e80022e5390ed |
| SHA256 | 68b382c4cb4414ea4088276700d56e8f28a91706c1c456209f4e0baac41d6ea3 |
| SHA512 | b0cf799f7f87c81d4b2d61f46b4811a7ff48dbada67d3418d5a1d09090fad6dcab5a84875183cde96c108ec878a82480ae090141d23f02146990a880f8637d37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 837d030937f512986df8101280497cb3 |
| SHA1 | b6dad2a5cbd388a20f8871b6f8d9b538373d153f |
| SHA256 | e31d013df7ab3ed65f3de6ec67ab5c588c19d7984abe074aac7e802d8d309ff7 |
| SHA512 | d2b47cae0d20b2a9ebeb12316c28b377c79a069823e8b0944a759569a0a20ea4c24127f4dcc65b765021f473ecc8827b14811de038f70a632901d12cc6ef3ffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6a5a986d3cc91e7363ddfac30985d7f |
| SHA1 | 85090add26f3dd6d4cd5eaa2fff5646db8e5a774 |
| SHA256 | ebf5a18161b83f1cb63aefd230675ad7d1815d9867ba42b7595c4b5ee92aebef |
| SHA512 | 2ab99b7cfb393e685a4edda6e4e17d5a733bf96e3d9ac0018320ee052cc680a6887d76957f4d9dce05e253314906193e8e2669b981cec5a77a75138ca3b9a181 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb064f726f79d19366d3225f64a861d0 |
| SHA1 | 93bd9c5ea8b06048358c06c087d28824caf4a24a |
| SHA256 | af5bfb2396f18622e4da07821e356b452e542798d163ccc3345fca7cdbd292a7 |
| SHA512 | b18a1f45d4065076aec9e3a34199d25cfb6319a2b56a04ede6fe391b5c26741f43a38680ebcab9f18baa95df4f282b62437b025914314b8163afccd27f60d37c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 759099b328ed09879456cb09fc74290a |
| SHA1 | f634ce13b62e4ad8e15928246bdbab5c6b6c5529 |
| SHA256 | 9f69bc4aeafa595c19161f7208c15b536ecabf3c19bd190caa1498f1f30c3646 |
| SHA512 | b11c8cd792987f52dbd2f47ad4650967226ed06eac7cb7dffb5bbe77341d5a62b3a368d914558dac5fef8c78ce0cb35b9e38c0afb27ce18458840e8b474e4970 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdc2fd0600bb4927555dc2621796f596 |
| SHA1 | b4ca9d8c43c9002ef956ccd18ce65490917e2ea5 |
| SHA256 | 0d09bb7fbb1d91e7ec38d228f89b235bd86737bb4112dcac9647d0157c7b5a72 |
| SHA512 | a2420ce94fb47a0c896d1fb4a366f10f6ccfa0ccfc5a660f2a8d047ac28cb4c4cbecad9a3c5341c2c66cf220b743f0a3f140d7a327d0f02869ef6ec5f042c01e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36e73edb105b8cbdd9a3af84ec7215f2 |
| SHA1 | e65e0728c4c33223fbe89fbeb790a39e5a6be542 |
| SHA256 | f509067b114c9823e27bc62592048ff3a76ba292ca2276337ab79c96e197ebfb |
| SHA512 | 6adf2b14550c13949d7ca0d37a021f4a7d923e2bf7af4843d17b6e0e56137871ec0dfbb8866f15a1ac03d660e7d1bea9a93eb7aed411f28022ae31f5ebb04295 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a77e945fc2d11de15fbdeddca8e48366 |
| SHA1 | 21fe68615dfaebbab2ccfc0c24f961606fd4b124 |
| SHA256 | 6be625cdfcd668fda3981ed907053d081540818e901c0204c89099da5258cdcb |
| SHA512 | f64267323cba75fcc81b386051cf11c32b6f1f3b494eacb935473d102243187ccebb9569ad5fb3c54c15fb72d78260fda91290d6477055f200f7b3ad87b5d748 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-24 12:42
Reported
2024-02-24 12:44
Platform
win10-20240214-en
Max time kernel
149s
Max time network
143s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\rutube.ru\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000004042d2a402d808b2a2e275cb955e2c9600178022b669cfe39ffdf1a9ed9d884208a9395ca9c37737ccbfb9741e8001502945dac0aa2d8bac1509 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\MrtCache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "415558859" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\rutube.ru\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2857f5e61e67da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = c0d556fc1e67da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{A1CBBA9F-E88D-4FBF-B7B4-C8A66F0FC387} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\rutube.ru\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0f3bcbed1e67da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rutube.ru | udp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| US | 8.8.8.8:53 | 148.233.248.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.rutube.ru | udp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | captcha-api.yandex.ru | udp |
| US | 8.8.8.8:53 | pic.rutubelist.ru | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | static.rutubelist.ru | udp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| US | 8.8.8.8:53 | 8.230.248.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.55.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.128.123.92.in-addr.arpa | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | 195.98.74.40.in-addr.arpa | udp |
Files
memory/4052-0-0x0000027817A20000-0x0000027817A30000-memory.dmp
memory/4052-16-0x0000027818200000-0x0000027818210000-memory.dmp
memory/4052-35-0x0000027817B70000-0x0000027817B72000-memory.dmp
memory/1936-61-0x000001F9C8D50000-0x000001F9C8D52000-memory.dmp
memory/1936-64-0x000001F9C8D80000-0x000001F9C8D82000-memory.dmp
memory/1936-66-0x000001F9C8DA0000-0x000001F9C8DA2000-memory.dmp
memory/1936-89-0x000001F9DA7A0000-0x000001F9DA7C0000-memory.dmp
memory/1936-93-0x000001F9DA650000-0x000001F9DA652000-memory.dmp
memory/1936-101-0x000001F9DA7E0000-0x000001F9DA7E2000-memory.dmp
memory/1936-105-0x000001F9DB2B0000-0x000001F9DB2B2000-memory.dmp
memory/1936-103-0x000001F9DB290000-0x000001F9DB292000-memory.dmp
memory/1936-107-0x000001F9DB2D0000-0x000001F9DB2D2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_96EEC010953ED454BBCDFA69FC071E7C
| MD5 | db8971f02d453ed728d80055bfd1887e |
| SHA1 | 31d2fafce0d79b7c264ab7c7ca49acc7ee9f418c |
| SHA256 | 75c9d9a7fca1f77b99c597c63ba99986caeca961fef22fe0bdfa2b5bb00bb86e |
| SHA512 | c4d717bd57a9ee60476a55bc4669b8ef4c8c8b3d443f47a244c29b4cf914791dd2dec0eb49e3a1bf82c511bef4c99d7ae77a6a8dfd112f6f8b15341a607fb9d0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_96EEC010953ED454BBCDFA69FC071E7C
| MD5 | 2b2df41ea506d099dae660dea260bac0 |
| SHA1 | 23cc402cb320018dd9b5b8caca7c76df495f0bdf |
| SHA256 | 1fcc43487ee1bfa0a9aa178338d7da0e4b88f46183a0ef5dac582c143e1aa185 |
| SHA512 | de586d41180b7be605b21cd4c316cb54e3ec0439730d6cfcf2f0ef09558db90c27068c3d8999e7166a34bd891485e5e3f5780be75c2fd7323679b2c6a756fad1 |
memory/1936-198-0x000001F9D9900000-0x000001F9D9A00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C60LALFB\rutube[1].xml
| MD5 | fe5102f260746c7a079debba2277f1a1 |
| SHA1 | 3f136582b7e7f2b0bce95697d69662a9edcfc17e |
| SHA256 | 40d371c19dd70be6fc42463f5273e7997f18d5f2c2d17ad3b12c1e2da08b28be |
| SHA512 | 4594b09f12ab65883ab03b4c2e66d56013f1b8fbf04e378fad07c2b9d252d7041da44f740acfc7e5a5df8dfe9b99f1d7f41be4e7188e0bfc3e63ef6fc8fc8b73 |
memory/1936-258-0x000001F9DA7C0000-0x000001F9DA7E0000-memory.dmp
memory/4052-300-0x000002781E0C0000-0x000002781E0C1000-memory.dmp
memory/4052-299-0x000002781E0A0000-0x000002781E0A1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DQXTSAGS\favicon[1].ico
| MD5 | d599f34da55144e04727c361220eda92 |
| SHA1 | c47550e02b17b4272d0f4813cb5c190a6661b81d |
| SHA256 | fc1f3d14e9a9ec6f41c6d1c2472a0c714c0a2a60f4c615139f248ef95d23f1cd |
| SHA512 | 0f5e2d9bccefe351b8e66eb4fa81a1f0ef7b35b18303005fa2105f3e6083480f3b038a8a75b2dca0a175ff3548b70aa58b60fee110fae25fa04655733c4ce366 |
memory/1936-327-0x000001F9C8C00000-0x000001F9C8C02000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3MEJIBA7\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VRFXOC48\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral4
Detonation Overview
Submitted
2024-02-24 12:42
Reported
2024-02-24 12:44
Platform
win10v2004-20240221-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff917c746f8,0x7ff917c74708,0x7ff917c74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc 0x2ec
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rutube.ru | udp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| RU | 178.248.233.148:443 | rutube.ru | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.233.248.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.rutube.ru | udp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| RU | 89.248.230.8:443 | static.rutube.ru | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pic.rutubelist.ru | udp |
| US | 8.8.8.8:53 | 8.230.248.89.in-addr.arpa | udp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| US | 8.8.8.8:53 | captcha-api.yandex.ru | udp |
| RU | 5.255.255.70:443 | yandex.ru | tcp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| RU | 5.255.255.70:443 | yandex.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| RU | 89.248.230.8:443 | pic.rutubelist.ru | tcp |
| US | 8.8.8.8:53 | static.rutubelist.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 87.250.250.121:443 | captcha-api.yandex.ru | tcp |
| RU | 89.248.230.8:443 | static.rutubelist.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | cdn.uxfeedback.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | ads.adfox.ru | udp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 193.17.93.93:443 | cdn.uxfeedback.ru | tcp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 121.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.255.255.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.132.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.93.17.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.21.88.77.in-addr.arpa | udp |
| RU | 193.17.93.93:443 | cdn.uxfeedback.ru | tcp |
| US | 8.8.8.8:53 | api.expf.ru | udp |
| US | 8.8.8.8:53 | log.rutube.ru | udp |
| RU | 51.250.15.190:443 | api.expf.ru | tcp |
| RU | 178.248.234.78:443 | log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | log.rutube.ru | tcp |
| US | 8.8.8.8:53 | pretarg.adhigh.net | udp |
| RU | 91.220.120.9:443 | pretarg.adhigh.net | tcp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.15.250.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.234.248.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget-api.uxfeedback.ru | udp |
| US | 8.8.8.8:53 | log.strm.yandex.ru | udp |
| US | 104.21.62.16:443 | widget-api.uxfeedback.ru | tcp |
| RU | 87.250.251.15:443 | log.strm.yandex.ru | tcp |
| US | 8.8.8.8:53 | tns-counter.ru | udp |
| RU | 194.226.130.229:443 | tns-counter.ru | tcp |
| US | 8.8.8.8:53 | tracking.datadrivenpromotion.com | udp |
| RU | 193.106.95.138:443 | tracking.datadrivenpromotion.com | tcp |
| US | 8.8.8.8:53 | data.24smi.net | udp |
| US | 104.22.41.74:443 | data.24smi.net | tcp |
| US | 8.8.8.8:53 | pic.rutube.ru | udp |
| US | 8.8.8.8:53 | goya.rutube.ru | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.120.220.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.62.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.130.226.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.95.106.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.41.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | www.tns-counter.ru | udp |
| US | 8.8.8.8:53 | px.adhigh.net | udp |
| RU | 194.190.76.45:443 | px.adhigh.net | tcp |
| RU | 194.190.76.45:443 | px.adhigh.net | tcp |
| US | 8.8.8.8:53 | api.vigo.one | udp |
| US | 8.8.8.8:53 | bl.rutube.ru | udp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| RU | 178.248.233.148:443 | bl.rutube.ru | tcp |
| US | 8.8.8.8:53 | cdn-st.ritm.media | udp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| RU | 193.17.93.93:443 | cdn-st.ritm.media | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| RU | 5.188.105.100:443 | api.vigo.one | tcp |
| US | 8.8.8.8:53 | river-1.rutube.ru | udp |
| RU | 185.62.100.8:443 | river-1.rutube.ru | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.76.190.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.105.188.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.100.62.185.in-addr.arpa | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| US | 8.8.8.8:53 | 931221.log.rutube.ru | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 931221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | 4.202.245.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 941221.log.rutube.ru | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | goya.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 941221.log.rutube.ru | tcp |
| US | 8.8.8.8:53 | yast.rutube.ru | udp |
| RU | 89.248.230.8:443 | pic.rutube.ru | tcp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
| US | 8.8.8.8:53 | 951221.log.rutube.ru | udp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
| RU | 87.245.202.4:443 | 951221.log.rutube.ru | tcp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
| RU | 178.248.234.78:443 | yast.rutube.ru | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d4c957a0a66b47d997435ead0940becf |
| SHA1 | 1aed2765dd971764b96455003851f8965e3ae07d |
| SHA256 | 53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163 |
| SHA512 | 19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc |
\??\pipe\LOCAL\crashpad_3872_WQDOPUZZZXGUNRZY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 343e73b39eb89ceab25618efc0cd8c8c |
| SHA1 | 6a5c7dcfd4cd4088793de6a3966aa914a07faf4c |
| SHA256 | 6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223 |
| SHA512 | 54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0a3c8eaf-a163-4fea-8f60-831c71dc9181.tmp
| MD5 | 4ecad95117c1f83f7e131135c7a1a07a |
| SHA1 | 2ad019a7d90485fb84379cb149ea5981851ef8fd |
| SHA256 | bf785f1ba034344a4e13fda6316e2f82543aa0e25706fe960cac030a79032c4d |
| SHA512 | cdf460ddce905dfb071e6f92e6b8afb14a821d7d4fd83b2d3cd93f8db86b95caf6f4665de1b79b33c751d89bc4bc9c7a40db89a790aa79a54c456437498ee8bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9a0adcbfd1ad966d8ffa92f2885969c |
| SHA1 | ba964c9c9c006830429a8287f8f2b405e0b49461 |
| SHA256 | 7a9a1be4a81ab816c062954e1b8044f548bede4796be67e43fefe2b3c3d14701 |
| SHA512 | 85d562a39829d91c3236436c0d384e6e72ad2d69f9c86e41431908c065fe538055b11d730688e6ad579985a62be177ad7f8fd638b595bd0732bd7ac6a162d209 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f74b0da8-baa0-48e3-8740-e96ad44e2391.tmp
| MD5 | 9737acae1cddfc956deada7621dc92a5 |
| SHA1 | 8a05dd1b3fb81217f2c092732d6ab7c89e094e17 |
| SHA256 | 628730b02631235d17c8b5d74f77d1c47861cc2991f6c29da0b5d878ff08fd13 |
| SHA512 | 311937ff77dbca4780fc97c95764687a35955fdfe95e7db5d0bdae909cc32605830d6c192c3f3564047acf4ab5aae2656d19de4d3beee6bb0c5d6fca64045dab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 587e2b41319bd631c7c189456f525b84 |
| SHA1 | 77ca7edbb937b8da7d74b5e92791adfa8d87332f |
| SHA256 | 1fea752c1ff41c1b2e1c4b4f4b21cbc4f6a2b25e7fa1cab1caa5adeb631516ca |
| SHA512 | a725e36bb14a96669d9694bfc33e071ac9c909622e2f211d64816dc33fa6ad1e4b36bf49813898df695c04b0db48debe373810b5162b1dd0d890cbd4f9643f27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | af7639766e401447577074e55b7b4e88 |
| SHA1 | b59ee18abcf7471c54a63f6a8ea1222598e8e9c5 |
| SHA256 | 434ebada79f8f9b3a4a757ab549371ec768a2d7b9659c0251d480719e163a7f5 |
| SHA512 | 12c777f03fa85f348dc0002a176a65620d8f8274136b6351687520559f3112612c7969fe272a39734a25c37ca2a866cca55659202ef832f085ff1fc05efc4f93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579a4c.TMP
| MD5 | 2a897c872976a37ffb5b478f0d7e9e95 |
| SHA1 | 8afae258218db5de220d14dd0a89fc90c11fc4d8 |
| SHA256 | 4de59d7af74ad7e492cf72de2ad9096b4bc81eb61271a28e0da70027014d2504 |
| SHA512 | b70ad7746222135a312e88724f78bff4027444f7951364e41404c5cfb6a74771b0269490208628128c54b158d7434636f8f44fb3be3a502a60d164d73988c033 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt
| MD5 | 0b45d797a75a1433c8afde7ebc44f4b6 |
| SHA1 | af0201d77eed584ac0461a43af59dcea7748e050 |
| SHA256 | bde070e54621dced9634c01bcadf071f6a9429456f9a9ac4d44c4148682fb14e |
| SHA512 | 0dc0d53de814b8a7fb4440e43b7868d94a06cd3ca5b216ef6a9ec226bd65a23b8997afb460fe56e74771e5e749f56ff95cea89592b9cc03aa9721da40834260a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt
| MD5 | 9adf88c68e343735b72ae3e0b3c6ef89 |
| SHA1 | ddb9e70171819a9eedb915d0a45c8aa1b68d5962 |
| SHA256 | 8b8451030b9ba23bac6c47c1b1b9637dc5ae750341d2a46f6d3223d58b81e096 |
| SHA512 | 28f428bb302c4146e27123a9c1a8e8a2a66b4fbdbfe14fe358fb46e83d7c8ad01a6731458370b2defcd1013160615831a01a45962573efe5fe76a4a52a925358 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 32fd8b0bf822b161f40b3539e550f0a5 |
| SHA1 | a22df8317eff7c4f9ffc62862508c34456437c9b |
| SHA256 | 19798ca130260af3eac67cabe41f4c5d8c2aeb10b4c94cb7642c63fd79061b40 |
| SHA512 | 6a706006d1fa28c8be74e960c5f130a1712b760ca76b34f0ca8f49deb49924962029fcdca53befdfe108c3f21c3ebc93fc3855694539b1f45d20fbbec520b9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 67e8a8fb0eac20c43049879e19325ffc |
| SHA1 | 91b9f2d786713a81daa111c47b89f8d76a7db889 |
| SHA256 | 37590a214d98b5ae2dcce7de12bf1f0436d59bf0537e9c29b9555327e94f08cf |
| SHA512 | 4a0a0ea162fc87bf9a4adb70a09f387838e4d3ab0d959de12067cc0c792727cb8d17f0e433dde077e8dd01783350310ca5351b94b0ec3a1f982aa2ca0d63a8c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804dd.TMP
| MD5 | 3bb94d83826f503f6f69efb7fd2f92b8 |
| SHA1 | 22bd5f3399d37f950c2ba931c71c61567ce2ed19 |
| SHA256 | 798109c27bfaa5af5ce0e748e11dfc074e22aa3a4d4d817eb606cdc578421276 |
| SHA512 | c23cedc6e97e575b791414ba43ad7d2818c93a3109456d7e74f7f403a3dc552bc35d5a5ef1fff006396b4219aa72f0062bd03029e41f0131a7c4a65ba62ecf33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc5b21dd9f3a07ea7015e57b4cf20020 |
| SHA1 | 731b17aee73d0e9ce7f93d516c35e3b8bf548e52 |
| SHA256 | e3f87721c97382f5b67b6c3fdbfc0b4ba07094646fb7e0a4563680fa514cb2d3 |
| SHA512 | 18e2a614dad8e682001e26f3f8eaf4102514d27030154b1605424f98f85d19c51e37a54ff77e895e847c787ec3409cb5297fbc3a077363391625b0847885de57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c494002a569352048dbe7cca2a6a5e47 |
| SHA1 | 9c609c29a956707b90184f7dae6f2ae19a05e965 |
| SHA256 | 3b7c578d5dd4a695b26992666d68842e4420e735639714bd42c68250b9183386 |
| SHA512 | 919a9f55d0215ff0617d847495b7a47f1bb44a8a788fa4e3962c7161dfbbb8c365c322660e2a0a0e8a695c8c39f750e6043fdf5d36c3af11bd8fa227c1897c09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 676b9ecee2b2901f1a90b1139c5b8f55 |
| SHA1 | 431af37ea6db75c3992f0a9c3faf32c754fd82e6 |
| SHA256 | 6abb52c1a3e49060162c6aea21c5cc26a3f1d8a76401f83c8fd3d21a52a9fbd3 |
| SHA512 | 5cfc15ef8c97678ff4990d829df29f098acf7f20228dd0a79d9c8a2702577ade53da1fa6c3585fbc1bc2171b3f497f2bfebba8d4301ea1e2c3dc51e9a94212b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f627179daae1daef232e7fb7c8a297f |
| SHA1 | 62a15e58c90976798b83b36990e4bd479c73b7a8 |
| SHA256 | 44abdf0d7e93a992abe32e5ae4eb06d8534b2ec9622f210966f10bccc2c223d9 |
| SHA512 | 78e9c9168559eb7e90256f11a57b179f2ff704512ef5a2d760e75d1cb7568f4b33c2ab9fa66e228ae42d17254e117ecb25c68d78af088ec4f439f1c894b09269 |