Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://disk.yandex.kz/d/bKNrMM6SukgYOw was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies registry class
NTFS ADS
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-13 20:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 20:30
Reported
2024-06-13 20:32
Platform
win11-20240611-en
Max time kernel
97s
Max time network
99s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\очиститель.bat:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 558859.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\whoami.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://disk.yandex.kz/d/bKNrMM6SukgYOw
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbb75b3cb8,0x7ffbb75b3cc8,0x7ffbb75b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6408 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\очиститель.bat" "
C:\Windows\system32\chcp.com
CHCP 866
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c bcdedit
C:\Windows\system32\bcdedit.exe
bcdedit
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,17129023138041075250,17967987603215531997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\очиститель.bat
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU" /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags" /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU" /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags" /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU" /f
C:\Windows\system32\reg.exe
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU"
C:\Windows\system32\reg.exe
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCompatCache" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications" /f
C:\Windows\system32\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c whoami /user /fo table /nh
C:\Windows\system32\whoami.exe
whoami /user /fo table /nh
C:\Windows\system32\reg.exe
REG DELETE "HKEY_USERS\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps" /f
C:\Windows\system32\reg.exe
REG ADD "HKEY_USERS\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps"
C:\Windows\system32\reg.exe
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1560405787-796225086-678739705-1000" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\UserSettings\S-1-5-21-1560405787-796225086-678739705-1000" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_USERS\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /va /f
C:\Windows\system32\reg.exe
REG DELETE "HKEY_USERS\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f
C:\Windows\system32\reg.exe
REG ADD "HKEY_USERS\S-1-5-21-1560405787-796225086-678739705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | disk.yandex.kz | udp |
| RU | 87.250.250.50:443 | disk.yandex.kz | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| RU | 87.250.250.50:443 | disk.yandex.kz | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| RU | 87.250.247.183:443 | avatars.mds.yandex.net | tcp |
| RU | 213.180.204.90:443 | an.yandex.ru | tcp |
| RU | 213.180.204.90:443 | an.yandex.ru | tcp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| RU | 87.250.250.36:443 | favicon.yandex.net | tcp |
| RU | 77.88.21.127:443 | downloader.disk.yandex.ru | tcp |
| RU | 77.88.33.248:443 | s320vla.storage.yandex.net | tcp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| RU | 87.250.250.104:443 | csp.yandex.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 52.111.243.30:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 196eaa9f7a574c29bd419f9d8c2d9349 |
| SHA1 | 19982d15d1e2688903b0a3e53a8517ab537b68ed |
| SHA256 | df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412 |
| SHA512 | e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7 |
\??\pipe\LOCAL\crashpad_1156_ORPTYDAGUFNYTPGM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f717f56b5d8e2e057c440a5a81043662 |
| SHA1 | 0ad6c9bbd28dab5c9664bad04db95fd50db36b3f |
| SHA256 | 4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945 |
| SHA512 | 61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e31d158fee7a0523c64124e9f1e9b519 |
| SHA1 | 7e6273225ab98712e061e20a8d7083f2153c0658 |
| SHA256 | a395858942fb037befb70e2917afa243611e08bbce7899f5cc25c8e1a62a0b86 |
| SHA512 | 0fd25de1879504de52305f12c93a75eef8caeafcfb503e1147b31cc96f6bae06fb90ca5bd38bed5531eb2a2a3809de0e943e7bd343b8f1ac7e40c63e4ed1b080 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 04b46dd7b8f437825e4b2892ccd3bd1e |
| SHA1 | 3d7b28c828e39e88baa05c54ce2d0ad9c183236d |
| SHA256 | 65cd73f30109c4a68734de37e5e15ff3209351c327fc4cc262b548c024adb05b |
| SHA512 | 7494460c41b34a798ac29657ffbbc5170819ce54f423d48eec5627fad3fdfae8914c3ab822ead6bda2c432d1811f6db40a10857aa8176c5aca5024381b626b67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\Downloads\Unconfirmed 558859.crdownload
| MD5 | 8bb47bc15412d726a038cff591aa5933 |
| SHA1 | 8768216458761909c94bf544e1acd250099a4465 |
| SHA256 | bb279a32dd1bc418a72d80553859d64f2f0fceb3e5c40c8c09e9bdbf4080710b |
| SHA512 | 56251138791ab720dd835e3a7903f93a8b3a8553384d406a52f32ea854951beeb4286f42cc483b7f5d6b4398bd2d1fab8f4b9a3891c57e65116efe6ec6fe3a17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 494bee6d4e8d6741c24b9ff64eb52dde |
| SHA1 | a19724e5b79af30de0e592399de8a4df9faf3249 |
| SHA256 | 2446ee8f827e99e5615b01487d381a3119b59238416572cabaf5b116955b36b1 |
| SHA512 | 222f86c09ebad34a5fecd0b73b8af696d9fa00bf00dcf02fefb2d3f3ca63decb55dbc2d5237196310f81728531803dd0df3f405eb07adffbbbf86cfcf8870cdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 35eacb1d3247f874021879cfb554f3e2 |
| SHA1 | a1db71a7f74b130aa23b02aa198bfb3b023b950a |
| SHA256 | 55337047ec0d1a227ee3d3d08a10e3baec3ceeac52256b0635ae292690bd1031 |
| SHA512 | d40412bce7bc3cc70f5ef0cef8d232a654640ab1362935a4c32072063e2c79472eb23a3ec76a1204df262c6b3a90ce57724fd881555ae0f253b5d62e9c39b0ca |
C:\Users\Admin\Downloads\очиститель.bat:Zone.Identifier
| MD5 | 1b2bdcde0204ef3854be4eee633aecf7 |
| SHA1 | 9eef90e638b6d418fcf44f5eaf0a39e2af4261ca |
| SHA256 | c54a8cb5b10951b7c735bcc9f6efca7c2a6c796e8ac22e45632e1f43ad088f22 |
| SHA512 | 1165572d705352374d98c9f1beb7fb284939a2d469da812f91aa3fda0667c43c31ba37d3e8bb1f1b50463ac922686b8d9e1dcfc321f48df2d3c9218b5b384682 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 34f3715c3bd29c2948740fd43b79193d |
| SHA1 | 8bb927417962499963407200b7f0fa5ee69f985d |
| SHA256 | 589ac6ddbbcf44b77bc3a62a62f52cfb27db86679ef7f4f9a290109e026bd641 |
| SHA512 | 96c2d7cff72ab3e716f1f7a7694c48b39ed86737f43a28fcbf8a16151311f77ccc1e8f39f109c186957de8d4b84ee18bca7a0b0fc6ae559f2f44e06922acf9e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e84d.TMP
| MD5 | 9b44548aab769b59ac462d2b92bc9792 |
| SHA1 | cc6abcff31720529056ae525985f685f3969fa58 |
| SHA256 | 100b7e87f811b5a326cb89db4957c060c7c898fb5dcc20c1f9ee8bd78f7da38c |
| SHA512 | 69193c68d409bba1d061f031391168746fb88d80282618a4efa45f04f464008c4e05df050ce7e54ab9e20c074001002c6cf54f3a108a5367023fc120d3241cbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\16b1e57e-7ee7-425b-878f-2b6cfc7beeb5.tmp
| MD5 | fbe3c78c4e4c2e46080a5e97e7b7daa3 |
| SHA1 | 08992ca1d7764a7ef5d5033643984618479eab62 |
| SHA256 | a49fa7145e1b463abeea078c5b73aab7f6e0ef972eaeb0609a77ef8726c7685e |
| SHA512 | ccaaf1c9e01542fc22674135acff0b1b1e7e30a4453b251f1c50b34331dc525d345ef887d393cb3e59ff448cc8ecfb21e2034411e26cfbc1850f583b50b3e488 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d6548f3ffc2f939e8117dcf9cd0c5d5 |
| SHA1 | d46575e32a99131c374f191fb03c3d547846cc92 |
| SHA256 | aba9ecce631f819ce34b718a104ecd0ee7cff1eac77133f87f24dd3090bb1415 |
| SHA512 | d8bbee3d4e40bb1e787ed5e0d5354deaee4383a1e65be4f7fc23edc0549c63b98b0508e8da761fda7465618cee85b38bd1f3dc3ea61ca9989d71bb5c1ba224d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4ab7474b6e1830f5915b0386a6bde9b3 |
| SHA1 | fce8b3576005b9aa74d940c0e0cf1f7c7b84273c |
| SHA256 | 3b0bdefd642b984035296f176605a37e6c4fd046df3509820ce966f07664992b |
| SHA512 | 0357bed0a44c31148884ae9716f03b0e5ecfb0212b28ba1262e3cce3c1d28f69b8d41fa8c2bfaea0a9850648dd4829fe7a583600d0ab84ab8627cfb638887881 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0f5e83d1461465ee3d8b4915f101224a |
| SHA1 | fa8241ca713e14ede3bed9e2e8dced60d6293b21 |
| SHA256 | c3f36db0c776e31945b686c0abf32b8e0ed4dd6e9f6dd98cb9c55655cb183a94 |
| SHA512 | 2e9add765dcabae8169e4e722c9fa3f4fb83bfa8fcaed5a567fc4f33d4fcbff1040b9cbd22c00fa4d2e1693142e6a17426bfaea9a99b9e4beec5b728aa831c26 |