Malware Analysis Report

2025-01-22 14:18

Sample ID 240224-pxa8esbh48
Target https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/
Tags
warzonerat infostealer persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/ was found to be: Known bad.

Malicious Activity Summary

warzonerat infostealer persistence rat

WarzoneRat, AveMaria

Warzone RAT payload

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-24 12:42

Signatures

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-02-24 12:42

Reported

2024-02-24 12:44

Platform

win11-20240221-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca91d3cb8,0x7ffca91d3cc8,0x7ffca91d3cd8

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4480 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca91d3cb8,0x7ffca91d3cc8,0x7ffca91d3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5628 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,10371387347859615288,4589021322434649342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4700 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 rutube.ru udp
RU 178.248.233.148:443 rutube.ru tcp
US 8.8.8.8:53 148.233.248.178.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
RU 77.88.55.88:443 yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
RU 87.250.247.181:443 avatars.mds.yandex.net tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
US 8.8.8.8:53 179.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 216.131.154.178.in-addr.arpa udp
RU 87.240.129.133:443 vk.com tcp
RU 193.17.93.93:443 cdn.uxfeedback.ru tcp
GB 96.17.179.205:80 apps.identrust.com tcp
RU 51.250.15.190:443 api.expf.ru tcp
N/A 224.0.0.251:5353 udp
RU 178.248.234.78:443 log.rutube.ru tcp
RU 178.248.234.78:443 log.rutube.ru tcp
RU 91.220.120.21:443 pretarg.adhigh.net tcp
RU 193.17.93.93:443 cdn.uxfeedback.ru tcp
RU 87.250.251.15:443 log.strm.yandex.ru tcp
RU 193.106.95.138:443 tracking.datadrivenpromotion.com tcp
US 104.22.40.74:443 data.24smi.net tcp
RU 194.226.130.226:443 tns-counter.ru tcp
US 188.114.96.2:443 widget-api.uxfeedback.ru tcp
US 8.8.8.8:53 226.130.226.194.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 pic.rutube.ru udp
US 8.8.8.8:53 goya.rutube.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 193.232.148.144:443 px.adhigh.net tcp
RU 193.232.148.144:443 px.adhigh.net tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 5.188.105.100:443 api.vigo.one tcp
RU 178.248.233.148:443 bl.rutube.ru tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 5.188.105.100:443 api.vigo.one tcp
RU 185.62.100.8:443 river-1.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 89.248.230.8:443 pic.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 656bb397c72d15efa159441f116440a6
SHA1 5b57747d6fdd99160af6d3e580114dbbd351921f
SHA256 770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab
SHA512 5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

\??\pipe\LOCAL\crashpad_4480_RQOELMHIDBOPQANW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d459a8c16562fb3f4b1d7cadaca620aa
SHA1 7810bf83e8c362e0c69298e8c16964ed48a90d3a
SHA256 fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a
SHA512 35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d1115458e3d61098ebe62fc1fea585b
SHA1 824d4c67711dbd5f29d3f3c37afcb883ecb25f73
SHA256 5127879b1bfd7076b479a34bdb7953745204725cac82ffe7b2878736ccde5d1b
SHA512 84e191c5de83b92323a38741215075874d378ed256b75f98000399827f6c9ae3f22fb3efd4910fe162747969a8a2f57ea9e972f99377056fe1269ae34ed790c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 46beaf80881d8c0218590e44b0d5187c
SHA1 b167e1b5b63eedd536ff40207bb48cf40625bf22
SHA256 6c030eff6b1ca1a838b2476b9f1deb81ea9cfcd32cecdfdaa372c2675f05eda5
SHA512 b6496caa5b765e076fea092e17dc57b31b27a55b2d3e3ece0984de742fa77acc5ebc47f9ca0ee6aa82ef8356ca98eda7848f22cd5930b53e1780643e4bec15a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a40383a949a4f780dab0cd16f5096b6
SHA1 1a5dccf49a1db8f5c275872637198d0b7847d637
SHA256 a61e03b83446a89dda80417577acd7484553e96be4910f8b0510fb7a351c8676
SHA512 512a93693822bcf9c651e83db420c41cef2cec8d84189732c633fba099f21dac4ae7151249eea44ccdf495cc4786e18343304cb9a31a8f2452dc86b4bfbaf792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 bb35730aea8fb977109d4acaf13e623d
SHA1 b8c0bf99d63c332c70fa1462eda1b3dbf11fa4f3
SHA256 0e66b9615e3f05c6bf626b5a4be6d13b89718bfed2ec06273095821b40e4e734
SHA512 8c431e2d9b628196f7ddc916beff8317ba0c5600f329d98ab7e3613bd71e0193d79a1a73eb32b711c3283222c032b5199d9211c46e721df1ca4f6036708dad93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cb20.TMP

MD5 e6760399a9eae32d90f4b3395bcc588a
SHA1 fb3ae07b944887ced94144619138fcdf7a3ac262
SHA256 233882f00682a9f823081c413e1b8242686acf6e9ba455f4101430eafd4c06f9
SHA512 80bfd35d87f83d24738bec1b5517fcfcb00abc49309b1415dda3439ad5b8d283ca61385caf171caf004f33e4b6f1123768263451d6c6f3ec919cd52ba42df01d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt

MD5 a41b6a854ac1e06a8c9c4da343e06fcd
SHA1 fbe2a5e2ada545900637b4389d0a3a2ddb27965d
SHA256 cb0a4a34ead5c2b9db7f418c7c0a8286d408429202764301fe6d25da176c97e2
SHA512 d2126ae920b69269c82f28fb8fa5056c4f6e993e6b041a2756b020bb2f4add4605faddf77bd269c8d1654c96aecf469db0a82e53ec45f51684cf105379a3f72c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt

MD5 08309019b7d5782518974f16133b0fa6
SHA1 beb950c875e04f5f03772046dce489772012ef9f
SHA256 a1bb1a1729efc19eebeca40b3dce1dff32ee6e258f85a52a767b0bf62665318d
SHA512 261a2590b3a3363f4c28cd5d73a676aa815fa8822107ccf16acfcbf524d4b0f7aad6c4814fd4ae6f5f3b45f87ebe5f05d24e8deb8de9a54cbf8d9b26768a6006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fcc6faf34aeddf3ba113f0ac0eba1e86
SHA1 a4daf4295a2d1d9416a738432b3a568d084bb89e
SHA256 9687bee37289b04814335f2470ca0814189c47e6bf03df7fe87d5fdfaa64434c
SHA512 a32dd6c68e280b671a2a04a9f0de7808b439cb8b2c54551daf21b0d6134442b9ba815ab29f81e27ece9445595a946dcbfd545372ebbfcaa1e9c33079d093b6bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 20e2dbd1d481da818d614c6a0058f66a
SHA1 c2889dc3e29e37c7fe35b953f21815cbc97b2a48
SHA256 ff67c837d653df5a8a841195ec91a19fc88ce3672b830be85d59bca1b3b73e34
SHA512 6e633586cfb42b6e3a992c7bc862a79ddefec7aa4b117c2dafcffc16c2f9e86a101c46a32654deb5523e91c492416d075d6934a0f7e9c6d158fa54c34dd2e843

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 575b032fc894dec9474db48666bc4fb3
SHA1 162ab6245e7b3ccc13ad4e423e019f487b670908
SHA256 e62ce333fdc0abccb7c1c07a2c5b4ab0ad7f8697441f92052e92798c21fcdf29
SHA512 d6225db24e6729ba3e9e8c9f81aa09bacdf1317c7ff52df3ec0150e07cac8dc59f97914c7e9295e3454bb64cb375117f7dd4dd2809cf7ac040ec678a45d69725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831d9.TMP

MD5 b2cf3ad34910f714af1afcd4556bea85
SHA1 96752ccf96f0409f2edc5e04ffdda577d5c68feb
SHA256 0f274c859f769ab109325a8e7339d8c0d46382531c573149467344e104c0ac74
SHA512 f7c76bacc4405003be8d8ae48a8bf1834af8be53eb670b4ec74e78de3afa7281806668c7f557f011cbaa7fd288ca024488d7de56d2b65edfd17cafbef9c6a0cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 92b82ee24b6b961469494b74f929b946
SHA1 e81060fd782f47d3bf7f32b258077bac7958b2ec
SHA256 23220ecd19143e363a8a383f64fd0eb836c89f0e5a63d1d7d867985c1bec832b
SHA512 fbebf043805582c23cf3bbe57b3ec72fd5918682bb3a50ca40f67c031857b176bbfe81a09cdec39644e3b75f89541f4cde2d6d7452df0ed83abbfcd4e9cdd79d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 93d3342cb56b2119d2cfb7064e79e82c
SHA1 876499ccbae3e9d66feb4a8cd37f681f4074b56b
SHA256 ee7edad14f45fbd81c09361587cb675899a43dd7eab7705e01befc85a553296f
SHA512 2ce6a27990445070a6987b451e821901348b8ec86e44e1a07f7409c9355a28822f110bdb7ae3da01934e12db16f88153582816ca3b5ceb5840627f82adf8c835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1a5072d65d7a19427bb7b6bcf17da9b6
SHA1 d4379d4c20174b5478ea3c69fe7bd1a8ff92ecd3
SHA256 fa8b13d3fd57cd7b9caebfb1e2d0841f6d6bbc468cd24b47ca7c1dc8f7d96215
SHA512 0ce11b6ae537070d9128cf445d97d7b7651731acecb869de20cfc341951bcdce37574f70ec5502e29dd539933f14d13f4a9d0a592350a3473eeb7b170f349f8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 49b9b2580905738c46aade76e6bd7a7e
SHA1 bb35da1ef90984bf9ecc09ae785d8f9cf24564a6
SHA256 6290c8faa758b1f1f0d68e189a926e764fd8dda7fa75bbe75196a2c1e4daf7fd
SHA512 a4443ef082df1cb85c9d7fa83d7a63ba5903054030dc7aa2e97609b43302c0b3a13a0bdf5f634201c574d9802f30bad91245420e765d86091a57a74daa487947

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 51fc1e30779ba13c7b87dd0d120a122a
SHA1 dac77709ec006e1a5a4c8d1cbd737c5d3dd68647
SHA256 06d7414695cdf394f6b658baf761862475bda847189460d50f85d5e517076906
SHA512 b7a3fa00abb5ebd2a1d3e11b39a9188b0e3855b2b04e4cced66963507cc564688a582d7e39fda7b7bec299b295fc86b8d5620707de914a597ea995010b8c251e

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-24 12:42

Reported

2024-02-24 12:44

Platform

win10v2004-20240221-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/

Signatures

WarzoneRat, AveMaria

rat infostealer warzonerat

Warzone RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe N/A
N/A N/A C:\ProgramData\WinDefend.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Defender SmartScreen = "C:\\ProgramData\\WinDefend.exe" C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3756 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 4140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3756 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eeb846f8,0x7ff9eeb84708,0x7ff9eeb84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x440 0x444

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5260 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Celesty\" -spe -an -ai#7zMap592:76:7zEvent22603

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Celesty\" -spe -an -ai#7zMap1012:76:7zEvent18191

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16728648591090411376,16944949105708561687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2

C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe

"C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe"

C:\ProgramData\WinDefend.exe

"C:\ProgramData\WinDefend.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 rutube.ru udp
RU 178.248.233.148:443 rutube.ru tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 148.233.248.178.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 static.rutube.ru udp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
US 8.8.8.8:53 8.230.248.89.in-addr.arpa udp
US 8.8.8.8:53 yandex.ru udp
RU 89.248.230.8:443 static.rutube.ru tcp
US 8.8.8.8:53 pic.rutubelist.ru udp
US 8.8.8.8:53 captcha-api.yandex.ru udp
RU 5.255.255.70:443 yandex.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
US 8.8.8.8:53 70.255.255.5.in-addr.arpa udp
US 8.8.8.8:53 121.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 static.rutubelist.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 ads.adfox.ru udp
RU 87.250.247.181:443 avatars.mds.yandex.net tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
RU 178.154.131.216:443 yastatic.net tcp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 181.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 216.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 179.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 cdn.uxfeedback.ru udp
RU 193.17.93.93:443 cdn.uxfeedback.ru tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 93.93.17.193.in-addr.arpa udp
US 8.8.8.8:53 vk.com udp
RU 87.240.137.164:443 vk.com tcp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
RU 193.17.93.93:443 cdn.uxfeedback.ru tcp
US 8.8.8.8:53 164.137.240.87.in-addr.arpa udp
US 8.8.8.8:53 widget-api.uxfeedback.ru udp
US 104.21.62.16:443 widget-api.uxfeedback.ru tcp
US 8.8.8.8:53 16.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 api.expf.ru udp
RU 51.250.15.190:443 api.expf.ru tcp
US 8.8.8.8:53 log.rutube.ru udp
US 8.8.8.8:53 190.15.250.51.in-addr.arpa udp
US 8.8.8.8:53 pretarg.adhigh.net udp
RU 91.220.120.21:443 pretarg.adhigh.net tcp
RU 178.248.234.78:443 log.rutube.ru tcp
RU 178.248.234.78:443 log.rutube.ru tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.120.220.91.in-addr.arpa udp
US 8.8.8.8:53 78.234.248.178.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 log.strm.yandex.ru udp
RU 87.250.251.15:443 log.strm.yandex.ru tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 pic.rutube.ru udp
US 8.8.8.8:53 goya.rutube.ru udp
US 8.8.8.8:53 tns-counter.ru udp
RU 194.226.130.227:443 tns-counter.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 data.24smi.net udp
US 8.8.8.8:53 tracking.datadrivenpromotion.com udp
US 8.8.8.8:53 px.adhigh.net udp
US 8.8.8.8:53 www.tns-counter.ru udp
US 104.22.41.74:443 data.24smi.net tcp
US 8.8.8.8:53 api.vigo.one udp
US 8.8.8.8:53 bl.rutube.ru udp
RU 5.188.105.100:443 api.vigo.one tcp
US 8.8.8.8:53 227.130.226.194.in-addr.arpa udp
US 8.8.8.8:53 74.41.22.104.in-addr.arpa udp
RU 5.188.105.100:443 api.vigo.one tcp
US 8.8.8.8:53 cdn-st.ritm.media udp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 5.188.105.100:443 api.vigo.one tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 5.188.105.100:443 api.vigo.one tcp
US 8.8.8.8:53 100.105.188.5.in-addr.arpa udp
RU 5.188.105.100:443 api.vigo.one tcp
RU 5.188.105.100:443 api.vigo.one tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.106.95.138:443 tracking.datadrivenpromotion.com tcp
RU 178.248.233.148:443 bl.rutube.ru tcp
RU 193.232.148.143:443 px.adhigh.net tcp
RU 193.232.148.143:443 px.adhigh.net tcp
RU 178.248.233.148:443 bl.rutube.ru tcp
RU 193.106.95.138:443 tracking.datadrivenpromotion.com tcp
RU 193.232.148.143:443 px.adhigh.net tcp
US 8.8.8.8:53 river-1.rutube.ru udp
US 8.8.8.8:53 143.148.232.193.in-addr.arpa udp
US 8.8.8.8:53 138.95.106.193.in-addr.arpa udp
RU 185.62.100.8:443 river-1.rutube.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 198.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 8.100.62.185.in-addr.arpa udp
RU 178.248.234.78:443 goya.rutube.ru tcp
US 8.8.8.8:53 931221.log.rutube.ru udp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 931221.log.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
US 8.8.8.8:53 941221.log.rutube.ru udp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
US 8.8.8.8:53 4.202.245.87.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 132.169.44.89.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 12.125.203.66.in-addr.arpa udp
LU 89.44.169.132:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 gfs270n447.userstorage.mega.co.nz udp
LU 31.216.148.17:443 gfs270n447.userstorage.mega.co.nz tcp
US 8.8.8.8:53 17.148.216.31.in-addr.arpa udp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6fbbaffc5a50295d007ab405b0885ab5
SHA1 518e87df81db1dded184c3e4e3f129cca15baba1
SHA256 b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

\??\pipe\LOCAL\crashpad_3756_BHUFQHMTFQAXKJFO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 360dd5debf8bf7b89c4d88d29e38446c
SHA1 65afff8c78aeb12c577a523cb77cd58d401b0f82
SHA256 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA512 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bdcab81d366bbf75339882ba36044618
SHA1 89aa0441cfff6ea49e67861c995b32807eaaed2d
SHA256 a418cc7d72c58cb328e914dff769805e0dd9e5bce7d40d4275aff7084bc1d01f
SHA512 43ff04ebcc25aceee2c039a78ffde21cd512312e092b0f7f4f634632f6486c1621b5ddc62c0ba10f1f7e603891333cbeee2ffc6639f5c9b6d7f479c9b0c0fecb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa549513b8b9415bc2124188e9595a91
SHA1 5d45a5dc09089657878a994dbb9e8a8e00b475f6
SHA256 7617157a753073b91e8bb0fa85686a63712c370ba5f70ac1722b174043325474
SHA512 f23754142008f1368bb507f744f4b0ab1f29fd4c3c44627f04cd291e0b43b69b0d37400abce1b15e6a0430ded06abd8b6104bb1b7eb6ed883766b071c29a9d5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b2e93ff7b2fc6b4c1a1ad5d15902c99c
SHA1 cbada9202847282b3f0a3538f1d75380b24d38a2
SHA256 199e7d03f6e13f2c85c26db7ca559e617488a9fcc1327bfc448f51d80e12daa7
SHA512 6605ff640cfb24df68de0a7649d531c8d166e83500d161dc8f627ec9e9d8b13b2af7cb3adcf0bc2d5930058fb7a3c83593de396c831c705a82d3f963285e8e4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37ca3c9563a98e805673fda3f553cada
SHA1 5ea8f3aa49198f14547fbcba723df61cbf045e77
SHA256 c4ea9391240b877198754b942e0e7cb25b6acd3e58509d8da5593ee2041ca47d
SHA512 945bd29c6d5e933d37a533e51661b5ccec1407c811dd98ab69ecab66d43b0f51457378922958c3081d6894c54d658f8748d24341fa6537bee1c4c31ba7c4c162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a2240b5a1b46faa612c3d30bfe019347
SHA1 c1f33cebfe63f5bb6403af86676eb50720234d75
SHA256 7252290c8665a21d6fa5f66475ff6df3c8def5245c55417bd2fa3f6f86788012
SHA512 302340332a67aa84333c3c9295cbf912f9ee22147b328179c932f6e2186ff7d772fd64c77102884b55967432cc0fcaaf7b90d847805bc86a54510170c1a821c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585b2b.TMP

MD5 ff8e83f01968103fcc4e4adf8f132328
SHA1 29e1db319e53911a69a4abf5f30680bc4bbdfcbb
SHA256 1fef5ebaefea88abd6d733472fe1438e8ab6662c2abb18e5efc790a6c6d865e9
SHA512 2eb590391125b18492a44cd912c5f3b1b28b50b37ec01fe19465ebf790b4fdb7f1877c3db4572ded8febd48b525bf3591e67f79fa36ff8ad63baf8ec0235b387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt

MD5 4c5e826fd41b29e570790311e5256ea9
SHA1 4f69082daa304ee6d12e85d4d24e54549892ba64
SHA256 a44429b0ea4e44705f5f1f8e6226c859d5e9417334ea6d7a44271cb3d86a6899
SHA512 d88ef6cb23007b36e9e794e0b08b74cd43c06ac6380210a33bdb3fe23d3c0fa93b3b5510295c7c30c9727dbbf2d14d33b9282b738edbc307881e301a32cec0c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt

MD5 875c8ee480eac6901e46beb1c3b040d5
SHA1 2f42852a0e7e7e83a30b9f6f8c4745241d10c06f
SHA256 9a1ac2ca0108d7e6cc77c689bfb1d9761a529f0d9189cb3ecfb9666bbee63f66
SHA512 0ef5e8dd531b8418fc7548e999685cdde581f59b9e2f51586d3667e72f5aaecdeb726b3baf627ef267d1020e9fd2740f246dcc1751c2a18d11d0f6a137c49cb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cae452b36bf6e4b1c08977f731104a28
SHA1 991cc8303846e8526e4edb038d93959e1fe071ee
SHA256 253bbae8a54a8c0c5fe4354cc0f8f539c2945033f0bb95917d4ea1a034913636
SHA512 44293ebbfb2399d96d6efe3fa934c6000819db87fc9148b81cb80b17d658969f9936de9152abe188de564ac9c26bb01504ef200f2aa2615f7700f347c3ccb5fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586d8a.TMP

MD5 a637ba6fd086378e6ed2d1733763bb0c
SHA1 f4bf1e43daf211422355f6c10d29774419f9ac84
SHA256 433815baefc2c6a4fc49a1d0401e304d3981e17ece52b078fa0d8e029fe4086c
SHA512 0b8b324b7c43f4df4fe99124fb4d02d1e8827f5268fc8f2ffdb42066ef6eaac3baa0cbb812cfd89694d49d693a75a0fb766fc171cd4eb70ead3651cbf276b910

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd90a9317311f9166232b05fc1dd5369
SHA1 c4cf24d55e25d6e74dcdfc768a5dabc5927e9383
SHA256 8087e49db7544fea60d6132b7a27a8c8d41cce8f794243c44e9a549cad1280e2
SHA512 a585e22a18183882c6f6684c14beb539f88e00b137575ed4973ac88867145ff9c083e8cdf6a36513601d0e2160dfc5d7b2e2efe524b14d3e3925464a027dc627

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e66f5643374b340e7e94b1ada29ba18b
SHA1 0afe5d5ca9d264afa1937ae04135155217ece35b
SHA256 f7cab48751ec1c185e209539cab2c72d676e00d8e02835d69c80f6c56bf1f990
SHA512 ac64cf6d3835baf4a86634a14e0afc98393d458e07b5496eeae332cc3ec7c842e160e386148c0008ba7001d1cb7ef3949759702e1581ecfdbf9fd3c12b71ef13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 867b34028ccd5258290fe7ea3af05519
SHA1 6d565bc9c1dc4c1359c209bd14459a8b8f1a249d
SHA256 687abddb4c8907016272a7d007a5458f607c9772846c7f655807275bc8a8bc58
SHA512 13be8075da2ff1cc406f4066b9634e2a8d5870de8777dbe4cd8ff95c069c298cd4b26a8685e50b87b3b1742059cc19897201ba2267443cf77ec2f093c34da6f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 273b41aca161f2787b618fa4b4c44781
SHA1 1db41d6959562197fe7b7e58f6f3a2e9c9c298a0
SHA256 23ee94184051c29562cbd919414dae77759826c899d8b87c80e31bd3ca564697
SHA512 b025b347cc72bb322df6576048c0002050a55ec4e8b6b98e0bcfc376e58c2a350c672461d4624ba188a340faf043a89ece23f5f9b49775f7752980bf29e6b990

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2124ef5a03b51ced02939af13f3e0bf6
SHA1 bb1a728c85c6657305d66ed6499ac543c5fa41d1
SHA256 a522919aeffada3273d24383e91fcb225aca9bae336a5d637f41cbbd5ddd1fb0
SHA512 c756f6d2a7b0b503a538e0190905ffd5e920b25e604d333d58f9d22f0356b3f995c39b4dfbe0c2f37f57967ab7ef830908a1101a5dff2e2f264e2f698387c6be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 453a301eb3f5e6f4686ad6e6223fac6a
SHA1 93152a743403c7c64b1dd9d74358b7646ece29ab
SHA256 b5049ac7deba5f2505361733197a6d07a22feef4ae202a19f70a5fd66f7f59da
SHA512 79ff48791fb47ed1c8729fa60a1f4e61d4725a5ce55a36c91ce66bf7a6b1bd26be027ba22197c10089acdfc11210e1bbd13de893fb0f0585944a0a856f877d83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c0e9fba4f55125013bcc5c51740bf55d
SHA1 ebd7a683b695b405be942767586e450343238297
SHA256 9b3a7af2064759d8492e3a84fee03158643c9ec45a501d20545ede0fdb9432e0
SHA512 73da4f61f076a956338a87887fbda22f1ba2bd56c9dc142ca6ee790d35862cb36fd4bba16c9762616974865880d4ff8a2b9b9849d0c2758c954b066d2076ac16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d4e9c654-eaba-4ab9-8d0f-9743535eca68.tmp

MD5 de3006e417ad04c68adeba41ec174322
SHA1 61f6e1c92021157fbf749fc62756599c5867c4bc
SHA256 4910aa3f453cf2e80ec3f4a59868eee9ef92a863db79f210588c19ef822b6753
SHA512 e21ec35e7a34d79860cc682992c63ad7b2e87614ccc32fbb5bdf2fc1d5338f71d10f54342b3565846a0e64bab60f4ca06862242e361136c643e532fd8e12a74c

C:\Users\Admin\Downloads\Celesty.zip

MD5 fedc3a27375f81cd890d658678e07058
SHA1 b08bf3e9df71d4b8c1f37843a122a205b16c52f5
SHA256 e2098968949c37b9ccdfe772dd68325316720840fc6c9e7b014fbf2ba51c7425
SHA512 dfabe2fcd27f091dccc9336d5e2a9ff587385332fce2e5244aa2f7dbe65f79f7d8007ee5bbfeca4948ef4e57200f3855b0d7f758774bc80d02abbd6585081344

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24f74d6d2fb6b27fdb9c3316c906f85b
SHA1 16503093687190bfe8b948f77418b4bafc0dab51
SHA256 4dd1be5ef67f922019b528efaaeb03507ed914aa5ba841c1ad4d879c0d92f9b1
SHA512 06ba4b4bdb69481bbc761c277ea491d8b4658f65b724871b0968c841045ee369939fdd8984a8d1d98673a422b2927acc0e458d8cb5a7fe169f98b4beba74aa47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c8264e38fe678632cac90e60ca335ef0
SHA1 41ef24f896e6a2f9575ac2770c1f3c686cfb1088
SHA256 e95e1f787109a43cd4d7cf81c2326a8e0e2ae8e4f08350247c762b18bd00aca6
SHA512 0733e800de59a257df704557285c067c2c3932f85d640660e3819c321884a5bee61460587615fc4f97c1afc104490e4af3d97904628438294beb5139f9d1cf59

C:\Users\Admin\Downloads\Celesty\Celesty Binder v1 0 .exe

MD5 48b8111a615d7c128bdbee812e202485
SHA1 18609579af28054974db5bb2ce48e931f662eb91
SHA256 7e6770f76a63eb2ab3cc1bdf182f051a17e906d26edb1a4749bb229d49d22711
SHA512 d6386be8e1958c6a8d7a000f19d3eec5a706e35137eed38e064a5e16b0036a6a4a948ff8495b25c44acd4d571dac8eea08405d68e0d592d128cefdbffe7ce183

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-24 12:42

Reported

2024-02-24 12:44

Platform

win7-20240221-en

Max time kernel

120s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000004899e93caa89df29770acd01ea67153aec0c2d1cb7491f5bddebf5b899f37e05000000000e8000000002000020000000e3c82a544c0f864b74a5b7182e10b5dc7e51fc6e0ed4c6dc0d25d3d96deec60c90000000a32f810ec1bb81f2c271ba944de67936d132346146078aa0b6869c46be543b365a90662e55fbf26a61eb82acc4e14d18ad6b1d1b45d6fed885bf5b587f45539255304534dd7129f742052a29893dda98f96f1fd5a30678239f173f74fcffbf135556031c14842195f22b49571e1c626b90572d722da1f9dc1cc6c02ee13084b4dceebd6f50b70866bea9331cf7da92df400000008a3086b19da0ea971eaba0942ec7987643c605124b33e1fc76ae19a87ec029b5cc7325d6c93d27011c66fd289507bff31194f4facc763ebf9f835b787cacdeca C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000007831358f27df1ac3c998123472968da7d4d3f4061946704351ce3cfcd9b12adf000000000e8000000002000020000000f3c283a2ee71a2feb709e72497a27fd1b87ec761108a9602486e5287da1e12cb2000000044edd013478adae52723cf593d00a44a8a221fafe560811e0f1fe143ec2ad99040000000a4ab3bbcad4738069082222e3c079f85649829f79aa15ca99db4f416a54fbf7575f8c1fcf03afeebfa147f48c8ae5a1f71474c8cddf70d0451372df362e5065a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414940407" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2567DD61-D312-11EE-B2DC-EA263619F6CB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c7f2fc1e67da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 rutube.ru udp
RU 178.248.233.148:443 rutube.ru tcp
RU 178.248.233.148:443 rutube.ru tcp
RU 178.248.233.148:443 rutube.ru tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab984B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar9949.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c1c6720347964e21454d4a76b6e816c
SHA1 2621e94120b7eed990a92bf096bbb2a049dda22d
SHA256 ac474ebe5adc5b8f79cf715a462544cdf26a8a8376d07b826a89bec3c2b404f3
SHA512 fd9e0f8dda381f0c487eec73e9f65fbc7bcdc3c17dde3c045b878d6b7b21ad55d0144f4327bcf093ddda77d97acd88f8c5da1c360cb069a1b388579b74f221c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 228bcdcaf060e4a24d387b6414279466
SHA1 83035cce206d229650e117828e5a52cdbcda5965
SHA256 83102c5e9e00c764cd7362969189bf572535059b1810f587a214a91173e8d3d9
SHA512 4cbf49f6ee485619063ed1abc6749b010adf820b92771a295af912ee55c1e6a7672a46f5b458e60a41058f3f94445a13faf62031ab4d7a33de702c4bb6d32036

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dacc48cea1254ae0d6838e7a3a724e12
SHA1 846dc4eb27cbbe684a8e0f4fbf5cddc10a0893a7
SHA256 269b67023c1534a5b90e433dc1ae9fbcfb3cd6920b119f5302f5549822f9afc8
SHA512 a09896974fade522dfb12022c913ff9df7981db617ebc82a1daf89166bbb6444c0063164e19a2750f2d1da00903bf572c2635fd6c39a8692f36ecaa83427571c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bf92f922bcb83de8e515ac9c89c9890
SHA1 45578a51279cf81ced22a9d6f7b32187a35bf41e
SHA256 a600589eb53f456939ce983da8ec50edf138f580b6919fcd05393418327af42e
SHA512 1526b2b62e2bdac7101d6b8e5c0a0bd42312817fc6a90e97434c7ce6f2e0d497213bc3868693c873ebaac8109cb8df8ee7531f80bf933146f0be4ac7011da169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8774ca34e69e6167861a0e91dac2377f
SHA1 7a5b3c31baaae52c2f0ebdb10f1e7159c08ab79e
SHA256 a32b4466026ed64ed52d08d4893e8c96b7f60178d5f321bd87291062c00e3daa
SHA512 158cfa29a5e62302125d88ec18cb5c3f664b9cdc355d87f694671d386a843a81d4b51b0ab532aa9c626fcb39872a662cc26cf5f873b9631247274b27e32e2e5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06772cbd295b6f746657aa57754b00e6
SHA1 01fd31ee27cef80ff2cb64a966f674c1efa8f588
SHA256 af6849b726e5297402bb3c3a47147779a11cae54fa6b3fbd1d84c5fe02b937b3
SHA512 b6c9288e395e7dc0be8dc8dd6a53f4387eb9d4eb35b44539206c48e7f85616da3993890abef737e79dee10a42cb5b212210ae8419c45ead9e96081b50f66f679

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 feeafa43df440476762c72a7d976746b
SHA1 081c387324c81dfe15448e950fd0cfd1cf3a6719
SHA256 de08e3594da4ff8d44061bb49dd6b16b5afd77e0da4de7fc692a801c804ea3c5
SHA512 9de16c013140ebf4e5cd66cb93273915fd79686b564ed25b9ce4a725aeb90e67b659a99222f2263f6da2ead49b20b67bfe01021c92dfb946be5c8bbd63c0a2af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3844813afb860597b54356842d12a97f
SHA1 e8caf7204a27ab85e8ebb4f8b72b51205429d886
SHA256 31a59ab3764deb0eefc6f0c3ee9889eccea69dc1cadc3e6aabc4638c224e1431
SHA512 531c1f29cf52309ed26ef046c65bfd1bf6b5c70d9649fb9d703ef75555c7a0dd4543ee1bae324169b58d9da90f5f7ed6e0d7800d5a4d777ea9a85599df416d56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d6d27e3fbb71ecd001c9e0aeba26e60
SHA1 7f34bc6b145f01995e815e8611e3079085ec326e
SHA256 c34241dcb2f7b5ae8e491b4a1477012008b79475d116b3dcd66c5a8ceaac1080
SHA512 0701b74e962d526909f19a8e55183b4be8fc9949828fb81b8641e5ee04546c063348a098f97b959b807131ddcfc15cff79b74bbbe9fbc6d40b421fc2fff00318

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d71bf52e7410cfb78b8521f26660b47
SHA1 5513786a09ae3d540cf43b3191a117d784d1ca19
SHA256 507c24f819ea52a0ba4fe9da84b587f5dfccf7521bce456c05cfd31db5b004f6
SHA512 7ccb5a3c8ec750a244eee77b35b83d272281f195821d2afcc6f951c102260e7d6c3f95f0d9651663b870cb435d6245f531af59eaef48f42102c46bdace190d59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a20875acd7463fbcf988232909ac932
SHA1 5f27f428d647a88cdbf587e5f20d902403e8c516
SHA256 e02a893a45357c62c1146f42f898a2d56758e3956ef5a11c79fa6126a5259e61
SHA512 08ab83c594e52c8805a9860f322b23a604191e09e85511088e3cda5a37a211ec71e43904f91e6e57a344b9e8533078d89b465af0b0034482bf780c6a86c905ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3fe2104bdcd8c5f72b075d3ef777bd1
SHA1 19c91ca73441d85ffc419233dc7bf0b5df88dcac
SHA256 1a9de420ecaa52b7a6871f6eb5340dd8b104b52a18436046561830a3b4e0917f
SHA512 f43dd591f82f64893f1fef6ade192606526e997d3800f956c8685a90665722f1af84810fc1e108c66eb8ac1a3316fa26217f1424fce6ce41e348eff2d873e34a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74bd8d4eec2355adc6b407ca08a0d814
SHA1 e5a42ddfd2c64537c862a1bde30742b489e776b5
SHA256 04ac7014bf7bde0758d58e62498687b747b229d1d1b90f3a015632015b856955
SHA512 5386cf775b76493793ea5a5cc952eacdd9e2f4398a3fa70c5a8ad07fdf4756e84971d7d33b780c30f93ff6c086c9dfa7f6fcfcab25f4cbf2dc8bb5b4dff0fcd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49c241ef0d669a1b3cb3f07923e29d9d
SHA1 2b0bef77101e0e3667a7acb861577188278818da
SHA256 f7c0d9dcb5619ea8a8a2bb355b7e94d5a72b69bbee34999eca98a199fa25c95c
SHA512 660dcc9bdeb256c3be4dbd9b6ff1a289c3f1b7fbf34c7cae54b3438321487e248b02dc18b312f29c2c7945673a44571c44d95522361e3dfb21a7438a2cefcf46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a27d85949bbbfbe82daaac93932706d
SHA1 8bf44f0ec87ac4fe3842fceade302b3ec87c121a
SHA256 8bcd940f47cef80cae90a81e8a8c486f339b1d66637c91e3518f88b057ed0fc0
SHA512 f3281ef457cd0da0e9d3226bb6f2d3cb2764c6bc1e03792669c06b543644ffabc7f1536c2d3c8261daf6414586eb9d550500dba466b14cbfc346d09da085f45d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7abff6cd00271772ac6fde706e64b4cf
SHA1 f40ae62ff62f2504286f855499a2e6755edb84ce
SHA256 5d70375ef287895eba38d1ce010208d3823ea690d137f603f696466041dcc1f8
SHA512 36cc89b5d2ee9c9535ed97c5a8e7a59beac82515d6f4fd7d1415f56ca51aa7c78939d1661e675c03d5123deecb8e7c2abac0168b574f8927ad7ca64a78d665a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e40994ff3e53323f4efc993073d5fd7
SHA1 af4552ca53bd8d619354875ce46a7060a9e3176f
SHA256 a97a05b841fde2f79103ac3d6247f874c71b6b0f9c07fae221654289e34a1d2e
SHA512 a5f0a4b982ff6064799b58b2e82b400967755401aba05a997496b63af3f67153c06ee743bf6c3179a0b4982778f726d0bbd8cf2990d6c08d36ee4391b482bc2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f183995af2acebae39533f72a05bbcae
SHA1 7aaa33f1e8e4319384549c8a04bb4b19f4d1fae0
SHA256 22de6147dd3fc03cab6b115dc7593d6b79d2b324ab4786f899d6e871ce2ec01e
SHA512 b7b56ec5c27d86abf6d8a821ca14c75c46162eb2cc593a5d2f450b19f4f001d0e8bc8af4127afc07cfad60269a1295a5d1a0e31930d0769742890b6d848e7a94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c393c238da47d7d425c09a89b43a98f4
SHA1 33fd16425c46c41f2f52a59c3f2be89a302638d2
SHA256 7e8509ec20e58aa40a46893a5b3fea65a5fffba325cbbf4f229f7f7e2ec4c287
SHA512 5920c3231911a2a43b6e73e0667583ea2948b348175efce8f9167362042e7cd2e11437519482a6dbdaa46def5ecd3f82d5ca533aba5f8cdc8eb86756c6f68dfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 191f2314dcf906bd1f6be47caa13c1bd
SHA1 df069996e602fce0d0257fd3fa197fe9ad64083f
SHA256 1d8fe80868297b95da4abf8199b8be33877881362a5013b74de1c06466d980a3
SHA512 ee8576af7645f8efdee220df630170a4fa4d17cabe5177128fd07d31d6b3549e9cafa91c9e13d2fee5147eafeb9d1352aff9ea77c17f667f87db9b4bb1a8a34c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0232ff4cadfdb164bb42020ba68bf9d9
SHA1 5f6b3c501f31c4f355ecd47ba99752e30c812fa5
SHA256 7ae4a40ccff047691f6e57005b1aae1ec90d0ae186b48c51eaf8769dd0fe6ff5
SHA512 4f2a9dfbdeeffb3c92368a1a13a3c51c8197ef07e9e3b3f51b93f5870fdda0c3d7208d0138d7266a22e7c8245f0017c509eb3e73963d438ba2b57597a964b61e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 152a4db424a67f78fb29828fd17095e0
SHA1 19472300e1e6d6f156e4992a4d83b7acedc9b445
SHA256 b8a2a96d4942cbaf251a65020b6bdb32312bd135c053bad26dbcc303dd4297bb
SHA512 e11a8e33e1a15b18d4501c04d8cd3181ce772498796b6f3a3cf8456fc706cb50fb19e72bf8947482be68f802c027cc4bb6c91e3145fe32db69ec2076b19a9587

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74ffb681d90cf2247e2aba7e215d44e2
SHA1 2c249fed8e6326f5677996a1762e80022e5390ed
SHA256 68b382c4cb4414ea4088276700d56e8f28a91706c1c456209f4e0baac41d6ea3
SHA512 b0cf799f7f87c81d4b2d61f46b4811a7ff48dbada67d3418d5a1d09090fad6dcab5a84875183cde96c108ec878a82480ae090141d23f02146990a880f8637d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 837d030937f512986df8101280497cb3
SHA1 b6dad2a5cbd388a20f8871b6f8d9b538373d153f
SHA256 e31d013df7ab3ed65f3de6ec67ab5c588c19d7984abe074aac7e802d8d309ff7
SHA512 d2b47cae0d20b2a9ebeb12316c28b377c79a069823e8b0944a759569a0a20ea4c24127f4dcc65b765021f473ecc8827b14811de038f70a632901d12cc6ef3ffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6a5a986d3cc91e7363ddfac30985d7f
SHA1 85090add26f3dd6d4cd5eaa2fff5646db8e5a774
SHA256 ebf5a18161b83f1cb63aefd230675ad7d1815d9867ba42b7595c4b5ee92aebef
SHA512 2ab99b7cfb393e685a4edda6e4e17d5a733bf96e3d9ac0018320ee052cc680a6887d76957f4d9dce05e253314906193e8e2669b981cec5a77a75138ca3b9a181

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb064f726f79d19366d3225f64a861d0
SHA1 93bd9c5ea8b06048358c06c087d28824caf4a24a
SHA256 af5bfb2396f18622e4da07821e356b452e542798d163ccc3345fca7cdbd292a7
SHA512 b18a1f45d4065076aec9e3a34199d25cfb6319a2b56a04ede6fe391b5c26741f43a38680ebcab9f18baa95df4f282b62437b025914314b8163afccd27f60d37c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 759099b328ed09879456cb09fc74290a
SHA1 f634ce13b62e4ad8e15928246bdbab5c6b6c5529
SHA256 9f69bc4aeafa595c19161f7208c15b536ecabf3c19bd190caa1498f1f30c3646
SHA512 b11c8cd792987f52dbd2f47ad4650967226ed06eac7cb7dffb5bbe77341d5a62b3a368d914558dac5fef8c78ce0cb35b9e38c0afb27ce18458840e8b474e4970

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdc2fd0600bb4927555dc2621796f596
SHA1 b4ca9d8c43c9002ef956ccd18ce65490917e2ea5
SHA256 0d09bb7fbb1d91e7ec38d228f89b235bd86737bb4112dcac9647d0157c7b5a72
SHA512 a2420ce94fb47a0c896d1fb4a366f10f6ccfa0ccfc5a660f2a8d047ac28cb4c4cbecad9a3c5341c2c66cf220b743f0a3f140d7a327d0f02869ef6ec5f042c01e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36e73edb105b8cbdd9a3af84ec7215f2
SHA1 e65e0728c4c33223fbe89fbeb790a39e5a6be542
SHA256 f509067b114c9823e27bc62592048ff3a76ba292ca2276337ab79c96e197ebfb
SHA512 6adf2b14550c13949d7ca0d37a021f4a7d923e2bf7af4843d17b6e0e56137871ec0dfbb8866f15a1ac03d660e7d1bea9a93eb7aed411f28022ae31f5ebb04295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a77e945fc2d11de15fbdeddca8e48366
SHA1 21fe68615dfaebbab2ccfc0c24f961606fd4b124
SHA256 6be625cdfcd668fda3981ed907053d081540818e901c0204c89099da5258cdcb
SHA512 f64267323cba75fcc81b386051cf11c32b6f1f3b494eacb935473d102243187ccebb9569ad5fb3c54c15fb72d78260fda91290d6477055f200f7b3ad87b5d748

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-24 12:42

Reported

2024-02-24 12:44

Platform

win10-20240214-en

Max time kernel

149s

Max time network

143s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\rutube.ru\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000004042d2a402d808b2a2e275cb955e2c9600178022b669cfe39ffdf1a9ed9d884208a9395ca9c37737ccbfb9741e8001502945dac0aa2d8bac1509 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "415558859" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\rutube.ru\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2857f5e61e67da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = c0d556fc1e67da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{A1CBBA9F-E88D-4FBF-B7B4-C8A66F0FC387} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\rutube.ru\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0f3bcbed1e67da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2180 wrote to memory of 1936 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 rutube.ru udp
RU 178.248.233.148:443 rutube.ru tcp
RU 178.248.233.148:443 rutube.ru tcp
US 8.8.8.8:53 148.233.248.178.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 static.rutube.ru udp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 captcha-api.yandex.ru udp
US 8.8.8.8:53 pic.rutubelist.ru udp
RU 77.88.55.88:443 yandex.ru tcp
RU 77.88.55.88:443 yandex.ru tcp
US 8.8.8.8:53 static.rutubelist.ru udp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
US 8.8.8.8:53 8.230.248.89.in-addr.arpa udp
US 8.8.8.8:53 88.55.88.77.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 121.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
US 8.8.8.8:53 217.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.171:443 www.bing.com tcp
GB 92.123.128.171:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 171.128.123.92.in-addr.arpa udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 195.98.74.40.in-addr.arpa udp

Files

memory/4052-0-0x0000027817A20000-0x0000027817A30000-memory.dmp

memory/4052-16-0x0000027818200000-0x0000027818210000-memory.dmp

memory/4052-35-0x0000027817B70000-0x0000027817B72000-memory.dmp

memory/1936-61-0x000001F9C8D50000-0x000001F9C8D52000-memory.dmp

memory/1936-64-0x000001F9C8D80000-0x000001F9C8D82000-memory.dmp

memory/1936-66-0x000001F9C8DA0000-0x000001F9C8DA2000-memory.dmp

memory/1936-89-0x000001F9DA7A0000-0x000001F9DA7C0000-memory.dmp

memory/1936-93-0x000001F9DA650000-0x000001F9DA652000-memory.dmp

memory/1936-101-0x000001F9DA7E0000-0x000001F9DA7E2000-memory.dmp

memory/1936-105-0x000001F9DB2B0000-0x000001F9DB2B2000-memory.dmp

memory/1936-103-0x000001F9DB290000-0x000001F9DB292000-memory.dmp

memory/1936-107-0x000001F9DB2D0000-0x000001F9DB2D2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_96EEC010953ED454BBCDFA69FC071E7C

MD5 db8971f02d453ed728d80055bfd1887e
SHA1 31d2fafce0d79b7c264ab7c7ca49acc7ee9f418c
SHA256 75c9d9a7fca1f77b99c597c63ba99986caeca961fef22fe0bdfa2b5bb00bb86e
SHA512 c4d717bd57a9ee60476a55bc4669b8ef4c8c8b3d443f47a244c29b4cf914791dd2dec0eb49e3a1bf82c511bef4c99d7ae77a6a8dfd112f6f8b15341a607fb9d0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_96EEC010953ED454BBCDFA69FC071E7C

MD5 2b2df41ea506d099dae660dea260bac0
SHA1 23cc402cb320018dd9b5b8caca7c76df495f0bdf
SHA256 1fcc43487ee1bfa0a9aa178338d7da0e4b88f46183a0ef5dac582c143e1aa185
SHA512 de586d41180b7be605b21cd4c316cb54e3ec0439730d6cfcf2f0ef09558db90c27068c3d8999e7166a34bd891485e5e3f5780be75c2fd7323679b2c6a756fad1

memory/1936-198-0x000001F9D9900000-0x000001F9D9A00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C60LALFB\rutube[1].xml

MD5 fe5102f260746c7a079debba2277f1a1
SHA1 3f136582b7e7f2b0bce95697d69662a9edcfc17e
SHA256 40d371c19dd70be6fc42463f5273e7997f18d5f2c2d17ad3b12c1e2da08b28be
SHA512 4594b09f12ab65883ab03b4c2e66d56013f1b8fbf04e378fad07c2b9d252d7041da44f740acfc7e5a5df8dfe9b99f1d7f41be4e7188e0bfc3e63ef6fc8fc8b73

memory/1936-258-0x000001F9DA7C0000-0x000001F9DA7E0000-memory.dmp

memory/4052-300-0x000002781E0C0000-0x000002781E0C1000-memory.dmp

memory/4052-299-0x000002781E0A0000-0x000002781E0A1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DQXTSAGS\favicon[1].ico

MD5 d599f34da55144e04727c361220eda92
SHA1 c47550e02b17b4272d0f4813cb5c190a6661b81d
SHA256 fc1f3d14e9a9ec6f41c6d1c2472a0c714c0a2a60f4c615139f248ef95d23f1cd
SHA512 0f5e2d9bccefe351b8e66eb4fa81a1f0ef7b35b18303005fa2105f3e6083480f3b038a8a75b2dca0a175ff3548b70aa58b60fee110fae25fa04655733c4ce366

memory/1936-327-0x000001F9C8C00000-0x000001F9C8C02000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3MEJIBA7\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VRFXOC48\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral4

Detonation Overview

Submitted

2024-02-24 12:42

Reported

2024-02-24 12:44

Platform

win10v2004-20240221-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3872 wrote to memory of 3680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 3680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3872 wrote to memory of 1212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rutube.ru/video/a13eccd706653d911c9bfc7cf470ea2f/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff917c746f8,0x7ff917c74708,0x7ff917c74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3dc 0x2ec

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,10968138169832891988,408000673582735542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 rutube.ru udp
RU 178.248.233.148:443 rutube.ru tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
RU 178.248.233.148:443 rutube.ru tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 148.233.248.178.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 static.rutube.ru udp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 pic.rutubelist.ru udp
US 8.8.8.8:53 8.230.248.89.in-addr.arpa udp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
US 8.8.8.8:53 yandex.ru udp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
US 8.8.8.8:53 captcha-api.yandex.ru udp
RU 5.255.255.70:443 yandex.ru tcp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
RU 5.255.255.70:443 yandex.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
US 8.8.8.8:53 static.rutubelist.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
RU 89.248.230.8:443 static.rutubelist.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 cdn.uxfeedback.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 vk.com udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 yastatic.net udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 ads.adfox.ru udp
RU 87.250.247.181:443 avatars.mds.yandex.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 193.17.93.93:443 cdn.uxfeedback.ru tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 121.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 70.255.255.5.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 67.132.240.87.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 217.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 181.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 93.93.17.193.in-addr.arpa udp
US 8.8.8.8:53 179.21.88.77.in-addr.arpa udp
RU 193.17.93.93:443 cdn.uxfeedback.ru tcp
US 8.8.8.8:53 api.expf.ru udp
US 8.8.8.8:53 log.rutube.ru udp
RU 51.250.15.190:443 api.expf.ru tcp
RU 178.248.234.78:443 log.rutube.ru tcp
RU 178.248.234.78:443 log.rutube.ru tcp
US 8.8.8.8:53 pretarg.adhigh.net udp
RU 91.220.120.9:443 pretarg.adhigh.net tcp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 190.15.250.51.in-addr.arpa udp
US 8.8.8.8:53 78.234.248.178.in-addr.arpa udp
US 8.8.8.8:53 widget-api.uxfeedback.ru udp
US 8.8.8.8:53 log.strm.yandex.ru udp
US 104.21.62.16:443 widget-api.uxfeedback.ru tcp
RU 87.250.251.15:443 log.strm.yandex.ru tcp
US 8.8.8.8:53 tns-counter.ru udp
RU 194.226.130.229:443 tns-counter.ru tcp
US 8.8.8.8:53 tracking.datadrivenpromotion.com udp
RU 193.106.95.138:443 tracking.datadrivenpromotion.com tcp
US 8.8.8.8:53 data.24smi.net udp
US 104.22.41.74:443 data.24smi.net tcp
US 8.8.8.8:53 pic.rutube.ru udp
US 8.8.8.8:53 goya.rutube.ru udp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.120.220.91.in-addr.arpa udp
US 8.8.8.8:53 16.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 229.130.226.194.in-addr.arpa udp
US 8.8.8.8:53 138.95.106.193.in-addr.arpa udp
US 8.8.8.8:53 74.41.22.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 www.tns-counter.ru udp
US 8.8.8.8:53 px.adhigh.net udp
RU 194.190.76.45:443 px.adhigh.net tcp
RU 194.190.76.45:443 px.adhigh.net tcp
US 8.8.8.8:53 api.vigo.one udp
US 8.8.8.8:53 bl.rutube.ru udp
RU 5.188.105.100:443 api.vigo.one tcp
RU 178.248.233.148:443 bl.rutube.ru tcp
US 8.8.8.8:53 cdn-st.ritm.media udp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:443 counter.yadro.ru tcp
RU 5.188.105.100:443 api.vigo.one tcp
US 8.8.8.8:53 river-1.rutube.ru udp
RU 185.62.100.8:443 river-1.rutube.ru tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 45.76.190.194.in-addr.arpa udp
US 8.8.8.8:53 100.105.188.5.in-addr.arpa udp
US 8.8.8.8:53 204.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 8.100.62.185.in-addr.arpa udp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
US 8.8.8.8:53 931221.log.rutube.ru udp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 931221.log.rutube.ru tcp
US 8.8.8.8:53 4.202.245.87.in-addr.arpa udp
US 8.8.8.8:53 941221.log.rutube.ru udp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
RU 178.248.234.78:443 goya.rutube.ru tcp
RU 87.245.202.4:443 941221.log.rutube.ru tcp
US 8.8.8.8:53 yast.rutube.ru udp
RU 89.248.230.8:443 pic.rutube.ru tcp
RU 178.248.234.78:443 yast.rutube.ru tcp
RU 178.248.234.78:443 yast.rutube.ru tcp
US 8.8.8.8:53 951221.log.rutube.ru udp
RU 178.248.234.78:443 yast.rutube.ru tcp
RU 87.245.202.4:443 951221.log.rutube.ru tcp
RU 178.248.234.78:443 yast.rutube.ru tcp
RU 178.248.234.78:443 yast.rutube.ru tcp
RU 178.248.234.78:443 yast.rutube.ru tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d4c957a0a66b47d997435ead0940becf
SHA1 1aed2765dd971764b96455003851f8965e3ae07d
SHA256 53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163
SHA512 19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

\??\pipe\LOCAL\crashpad_3872_WQDOPUZZZXGUNRZY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 343e73b39eb89ceab25618efc0cd8c8c
SHA1 6a5c7dcfd4cd4088793de6a3966aa914a07faf4c
SHA256 6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223
SHA512 54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0a3c8eaf-a163-4fea-8f60-831c71dc9181.tmp

MD5 4ecad95117c1f83f7e131135c7a1a07a
SHA1 2ad019a7d90485fb84379cb149ea5981851ef8fd
SHA256 bf785f1ba034344a4e13fda6316e2f82543aa0e25706fe960cac030a79032c4d
SHA512 cdf460ddce905dfb071e6f92e6b8afb14a821d7d4fd83b2d3cd93f8db86b95caf6f4665de1b79b33c751d89bc4bc9c7a40db89a790aa79a54c456437498ee8bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9a0adcbfd1ad966d8ffa92f2885969c
SHA1 ba964c9c9c006830429a8287f8f2b405e0b49461
SHA256 7a9a1be4a81ab816c062954e1b8044f548bede4796be67e43fefe2b3c3d14701
SHA512 85d562a39829d91c3236436c0d384e6e72ad2d69f9c86e41431908c065fe538055b11d730688e6ad579985a62be177ad7f8fd638b595bd0732bd7ac6a162d209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f74b0da8-baa0-48e3-8740-e96ad44e2391.tmp

MD5 9737acae1cddfc956deada7621dc92a5
SHA1 8a05dd1b3fb81217f2c092732d6ab7c89e094e17
SHA256 628730b02631235d17c8b5d74f77d1c47861cc2991f6c29da0b5d878ff08fd13
SHA512 311937ff77dbca4780fc97c95764687a35955fdfe95e7db5d0bdae909cc32605830d6c192c3f3564047acf4ab5aae2656d19de4d3beee6bb0c5d6fca64045dab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 587e2b41319bd631c7c189456f525b84
SHA1 77ca7edbb937b8da7d74b5e92791adfa8d87332f
SHA256 1fea752c1ff41c1b2e1c4b4f4b21cbc4f6a2b25e7fa1cab1caa5adeb631516ca
SHA512 a725e36bb14a96669d9694bfc33e071ac9c909622e2f211d64816dc33fa6ad1e4b36bf49813898df695c04b0db48debe373810b5162b1dd0d890cbd4f9643f27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 af7639766e401447577074e55b7b4e88
SHA1 b59ee18abcf7471c54a63f6a8ea1222598e8e9c5
SHA256 434ebada79f8f9b3a4a757ab549371ec768a2d7b9659c0251d480719e163a7f5
SHA512 12c777f03fa85f348dc0002a176a65620d8f8274136b6351687520559f3112612c7969fe272a39734a25c37ca2a866cca55659202ef832f085ff1fc05efc4f93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579a4c.TMP

MD5 2a897c872976a37ffb5b478f0d7e9e95
SHA1 8afae258218db5de220d14dd0a89fc90c11fc4d8
SHA256 4de59d7af74ad7e492cf72de2ad9096b4bc81eb61271a28e0da70027014d2504
SHA512 b70ad7746222135a312e88724f78bff4027444f7951364e41404c5cfb6a74771b0269490208628128c54b158d7434636f8f44fb3be3a502a60d164d73988c033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt

MD5 0b45d797a75a1433c8afde7ebc44f4b6
SHA1 af0201d77eed584ac0461a43af59dcea7748e050
SHA256 bde070e54621dced9634c01bcadf071f6a9429456f9a9ac4d44c4148682fb14e
SHA512 0dc0d53de814b8a7fb4440e43b7868d94a06cd3ca5b216ef6a9ec226bd65a23b8997afb460fe56e74771e5e749f56ff95cea89592b9cc03aa9721da40834260a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt

MD5 9adf88c68e343735b72ae3e0b3c6ef89
SHA1 ddb9e70171819a9eedb915d0a45c8aa1b68d5962
SHA256 8b8451030b9ba23bac6c47c1b1b9637dc5ae750341d2a46f6d3223d58b81e096
SHA512 28f428bb302c4146e27123a9c1a8e8a2a66b4fbdbfe14fe358fb46e83d7c8ad01a6731458370b2defcd1013160615831a01a45962573efe5fe76a4a52a925358

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32fd8b0bf822b161f40b3539e550f0a5
SHA1 a22df8317eff7c4f9ffc62862508c34456437c9b
SHA256 19798ca130260af3eac67cabe41f4c5d8c2aeb10b4c94cb7642c63fd79061b40
SHA512 6a706006d1fa28c8be74e960c5f130a1712b760ca76b34f0ca8f49deb49924962029fcdca53befdfe108c3f21c3ebc93fc3855694539b1f45d20fbbec520b9c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67e8a8fb0eac20c43049879e19325ffc
SHA1 91b9f2d786713a81daa111c47b89f8d76a7db889
SHA256 37590a214d98b5ae2dcce7de12bf1f0436d59bf0537e9c29b9555327e94f08cf
SHA512 4a0a0ea162fc87bf9a4adb70a09f387838e4d3ab0d959de12067cc0c792727cb8d17f0e433dde077e8dd01783350310ca5351b94b0ec3a1f982aa2ca0d63a8c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804dd.TMP

MD5 3bb94d83826f503f6f69efb7fd2f92b8
SHA1 22bd5f3399d37f950c2ba931c71c61567ce2ed19
SHA256 798109c27bfaa5af5ce0e748e11dfc074e22aa3a4d4d817eb606cdc578421276
SHA512 c23cedc6e97e575b791414ba43ad7d2818c93a3109456d7e74f7f403a3dc552bc35d5a5ef1fff006396b4219aa72f0062bd03029e41f0131a7c4a65ba62ecf33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cc5b21dd9f3a07ea7015e57b4cf20020
SHA1 731b17aee73d0e9ce7f93d516c35e3b8bf548e52
SHA256 e3f87721c97382f5b67b6c3fdbfc0b4ba07094646fb7e0a4563680fa514cb2d3
SHA512 18e2a614dad8e682001e26f3f8eaf4102514d27030154b1605424f98f85d19c51e37a54ff77e895e847c787ec3409cb5297fbc3a077363391625b0847885de57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c494002a569352048dbe7cca2a6a5e47
SHA1 9c609c29a956707b90184f7dae6f2ae19a05e965
SHA256 3b7c578d5dd4a695b26992666d68842e4420e735639714bd42c68250b9183386
SHA512 919a9f55d0215ff0617d847495b7a47f1bb44a8a788fa4e3962c7161dfbbb8c365c322660e2a0a0e8a695c8c39f750e6043fdf5d36c3af11bd8fa227c1897c09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 676b9ecee2b2901f1a90b1139c5b8f55
SHA1 431af37ea6db75c3992f0a9c3faf32c754fd82e6
SHA256 6abb52c1a3e49060162c6aea21c5cc26a3f1d8a76401f83c8fd3d21a52a9fbd3
SHA512 5cfc15ef8c97678ff4990d829df29f098acf7f20228dd0a79d9c8a2702577ade53da1fa6c3585fbc1bc2171b3f497f2bfebba8d4301ea1e2c3dc51e9a94212b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f627179daae1daef232e7fb7c8a297f
SHA1 62a15e58c90976798b83b36990e4bd479c73b7a8
SHA256 44abdf0d7e93a992abe32e5ae4eb06d8534b2ec9622f210966f10bccc2c223d9
SHA512 78e9c9168559eb7e90256f11a57b179f2ff704512ef5a2d760e75d1cb7568f4b33c2ab9fa66e228ae42d17254e117ecb25c68d78af088ec4f439f1c894b09269