bc6226de6d5ffbc3124ad8a06673879f64a2fce9ac36cc7ca9b6c7a584e78768

Analysis

max time kernel
148s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 01:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html
Size

201KB
MD5

d33a43dfbdedd71b8aa72ab6e17411ff
SHA1

2ca6f06105969182ce1dfa8e85182e54f7b5a8f9
SHA256

bc6226de6d5ffbc3124ad8a06673879f64a2fce9ac36cc7ca9b6c7a584e78768
SHA512

1d788673481b062021e28ccce7a8eeb5346a6ee8f941e2002a05734aae354a6a1f0f4f1d39a046a4c958d13c25491f3c0b5f1381180076fbaebc75f922aec442
SSDEEP

1536:kaWHDcYUoe8dA+gdq1MwHNnXs2O7v0jviXdPyERfR4UGvM:dWBnXl2p

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3752	msedge.exe
3752	msedge.exe
2040	identity_helper.exe
2040	identity_helper.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 3688	3752	msedge.exe	83
PID 3752 wrote to memory of 3688	3752	msedge.exe	83
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 4336	3752	msedge.exe	84
PID 3752 wrote to memory of 3452	3752	msedge.exe	85
PID 3752 wrote to memory of 3452	3752	msedge.exe	85
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86
PID 3752 wrote to memory of 5048	3752	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0b8e46f8,0x7ffc0b8e4708,0x7ffc0b8e4718
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17380406834366011370,17366751213037734765,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

Network

DNS

ads.serveuser.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ads.serveuser.com

IN A

Response

ads.serveuser.com

IN A

41.212.227.208
DNS

razgovorchik.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

razgovorchik.ru

IN A

Response

razgovorchik.ru

IN A

31.31.205.163
DNS

bs.yandex.ru

Remote address:

8.8.8.8:53

Request

bs.yandex.ru

IN A

Response

bs.yandex.ru

IN A

87.250.250.90

bs.yandex.ru

IN A

213.180.193.90

bs.yandex.ru

IN A

93.158.134.90

bs.yandex.ru

IN A

213.180.204.90

bs.yandex.ru

IN A

77.88.21.90
DNS

masterhost.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

masterhost.ru

IN A

Response

masterhost.ru

IN A

90.156.132.125
DNS

counter.yadro.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

counter.yadro.ru

IN A

Response

counter.yadro.ru

IN A

88.212.201.204

counter.yadro.ru

IN A

88.212.202.52

counter.yadro.ru

IN A

88.212.201.198
DNS

dd.cb.b0.a1.top.list.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

dd.cb.b0.a1.top.list.ru

IN A

Response

dd.cb.b0.a1.top.list.ru

IN CNAME

top-fwz1.mail.ru

top-fwz1.mail.ru

IN A

95.163.52.67
GET

http://razgovorchik.ru/style_images/razgovorchik/menu/faq.gif

msedge.exe

Remote address:

31.31.205.163:80

Request

GET /style_images/razgovorchik/menu/faq.gif HTTP/1.1
Host: razgovorchik.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Content-Length: 1468
Date: Sun, 08 Sep 2024 01:22:36 GMT
Server: lighttpd/1.4.45
GET

http://razgovorchik.ru/style_images/razgovorchik/menu/find.gif

msedge.exe

Remote address:

31.31.205.163:80

Request

GET /style_images/razgovorchik/menu/find.gif HTTP/1.1
Host: razgovorchik.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Content-Length: 1468
Date: Sun, 08 Sep 2024 01:22:36 GMT
Server: lighttpd/1.4.45
GET

http://razgovorchik.ru/style_images/razgovorchik/menu/users.gif

msedge.exe

Remote address:

31.31.205.163:80

Request

GET /style_images/razgovorchik/menu/users.gif HTTP/1.1
Host: razgovorchik.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Content-Length: 1468
Date: Sun, 08 Sep 2024 01:22:36 GMT
Server: lighttpd/1.4.45
GET

http://razgovorchik.ru/style_images/razgovorchik/menu/lb.gif

msedge.exe

Remote address:

31.31.205.163:80

Request

GET /style_images/razgovorchik/menu/lb.gif HTTP/1.1
Host: razgovorchik.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Content-Length: 1468
Date: Sun, 08 Sep 2024 01:22:36 GMT
Server: lighttpd/1.4.45
GET

http://razgovorchik.ru/style_images/razgovorchik/menu/foto1.gif

msedge.exe

Remote address:

31.31.205.163:80

Request

GET /style_images/razgovorchik/menu/foto1.gif HTTP/1.1
Host: razgovorchik.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Content-Length: 1468
Date: Sun, 08 Sep 2024 01:22:36 GMT
Server: lighttpd/1.4.45
GET

http://razgovorchik.ru/style_images/razgovorchik/menu/dn.gif

msedge.exe

Remote address:

31.31.205.163:80

Request

GET /style_images/razgovorchik/menu/dn.gif HTTP/1.1
Host: razgovorchik.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Content-Length: 1468
Date: Sun, 08 Sep 2024 01:22:36 GMT
Server: lighttpd/1.4.45
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

142.250.27.139:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Sun, 08 Sep 2024 01:10:59 GMT
Expires: Sun, 08 Sep 2024 03:10:59 GMT
Cache-Control: public, max-age=7200
Age: 697
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

http://counter.yadro.ru/hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412

msedge.exe

Remote address:

88.212.201.204:80

Request

GET /hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412 HTTP/1.1
Host: counter.yadro.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Date: Sun, 08 Sep 2024 01:22:36 GMT
Server: 0W/0.8c
Content-Type: text/html
Location: https://counter.yadro.ru/hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412
Content-Length: 32
Expires: Fri, 08 Sep 2023 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
GET

http://masterhost.ru/client/buttons/88x31/15.gif

msedge.exe

Remote address:

90.156.132.125:80

Request

GET /client/buttons/88x31/15.gif HTTP/1.1
Host: masterhost.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: ddos-guard
Date: Sun, 08 Sep 2024 01:22:36 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://masterhost.ru/client/buttons/88x31/15.gif
Content-Type: text/html; charset=utf-8
Content-Length: 568
GET

http://dd.cb.b0.a1.top.list.ru/counter?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984

msedge.exe

Remote address:

95.163.52.67:80

Request

GET /counter?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984 HTTP/1.1
Host: dd.cb.b0.a1.top.list.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Server: nginx
Date: Sun, 08 Sep 2024 01:22:36 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://top-fwz1.mail.ru/counter?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, HEAD, PUT, OPTIONS
Access-Control-Allow-Headers: *
AMP-Access-Control-Allow-Source-Origin: *
Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: private, no-cache, no-store, max-age=0
Pragma: no-cache
Accept-CH: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
Accept-CH-Lifetime: 86400
GET

http://razgovorchik.ru/style_images/razgovorchik/menu/info.gif

msedge.exe

Remote address:

31.31.205.163:80

Request

GET /style_images/razgovorchik/menu/info.gif HTTP/1.1
Host: razgovorchik.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Content-Type: text/html
Content-Length: 1468
Date: Sun, 08 Sep 2024 01:22:36 GMT
Server: lighttpd/1.4.45
GET

https://counter.yadro.ru/hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412

msedge.exe

Remote address:

88.212.201.204:443

Request

GET /hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412 HTTP/1.1
Host: counter.yadro.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.17.9
Date: Sun, 08 Sep 2024 01:22:36 GMT
Content-Type: image/gif
Content-Length: 185
Connection: keep-alive
Expires: Fri, 08 Sep 2023 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
GET

https://masterhost.ru/client/buttons/88x31/15.gif

msedge.exe

Remote address:

90.156.132.125:443

Request

GET /client/buttons/88x31/15.gif HTTP/2.0
host: masterhost.ru
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=PzLYn2pwOuzClNxh9qAr; Domain=.masterhost.ru; HttpOnly; Path=/; Expires=Mon, 08-Sep-2025 01:22:37 GMT
date: Sun, 08 Sep 2024 01:22:37 GMT
content-type: image/gif
content-length: 2777
last-modified: Thu, 05 Sep 2024 09:10:17 GMT
etag: "66d97579-ad9"
expires: Sun, 08 Sep 2024 01:37:37 GMT
cache-control: max-age=900
accept-ranges: bytes
age: 0
ddg-cache-status: MISS
DNS

top-fwz1.mail.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

top-fwz1.mail.ru

IN A

Response

top-fwz1.mail.ru

IN A

95.163.52.67
GET

https://top-fwz1.mail.ru/counter?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30

msedge.exe

Remote address:

95.163.52.67:443

Request

GET /counter?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30 HTTP/2.0
host: top-fwz1.mail.ru
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx
date: Sun, 08 Sep 2024 01:22:37 GMT
content-length: 0
location: https://top-fwz1.mail.ru/counter2?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30
set-cookie: FTID=32RWr62COA2R:1725758557:1097164:::; path=/; expires=Tue, 09-Sep-25 01:22:37 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
GET

https://top-fwz1.mail.ru/counter2?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30

msedge.exe

Remote address:

95.163.52.67:443

Request

GET /counter2?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30 HTTP/2.0
host: top-fwz1.mail.ru
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 08 Sep 2024 01:22:37 GMT
content-type: image/gif
content-length: 917
set-cookie: FTID=32RWr62COA2R:1725758557:1097164:::; path=/; expires=Tue, 09-Sep-25 01:22:37 GMT; domain=.mail.ru; HttpOnly; SameSite=None; Secure
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
access-control-allow-headers: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
timing-allow-origin: *
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
cache-control: private, no-cache, no-store, max-age=0
pragma: no-cache
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
accept-ch-lifetime: 86400
DNS

139.27.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.27.250.142.in-addr.arpa

IN PTR

Response

139.27.250.142.in-addr.arpa

IN PTR

ra-in-f1391e100net
DNS

163.205.31.31.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.205.31.31.in-addr.arpa

IN PTR

Response

163.205.31.31.in-addr.arpa

IN PTR

ns1 domainparkingintregru
DNS

125.132.156.90.in-addr.arpa

Remote address:

8.8.8.8:53

Request

125.132.156.90.in-addr.arpa

IN PTR

Response

125.132.156.90.in-addr.arpa

IN PTR

masterhostru
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

67.52.163.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.52.163.95.in-addr.arpa

IN PTR

Response

67.52.163.95.in-addr.arpa

IN PTR

top-fwz1mailru
DNS

204.201.212.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.201.212.88.in-addr.arpa

IN PTR

Response

204.201.212.88.in-addr.arpa

IN CNAME

204.192/26.201.212.88.in-addr.arpa

204.192/26.201.212.88.in-addr.arpa

IN PTR

host204raxru
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR
DNS

bs.yandex.ru

Remote address:

8.8.8.8:53

Request

bs.yandex.ru

IN A

Response

bs.yandex.ru

IN A

213.180.193.90

bs.yandex.ru

IN A

93.158.134.90

bs.yandex.ru

IN A

77.88.21.90

bs.yandex.ru

IN A

87.250.250.90

bs.yandex.ru

IN A

213.180.204.90
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

87.250.250.119

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

93.158.134.119
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

93.158.134.119

mc.yandex.ru

IN A

87.250.250.119

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

77.88.21.119
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response

41.212.227.208:80

ads.serveuser.com

msedge.exe

260 B
5
87.250.250.90:445

bs.yandex.ru

260 B
5
31.31.205.163:80

http://razgovorchik.ru/style_images/razgovorchik/menu/faq.gif

http

msedge.exe

706 B
1.8kB
7
5

HTTP Request

GET http://razgovorchik.ru/style_images/razgovorchik/menu/faq.gif

HTTP Response

404
31.31.205.163:80

http://razgovorchik.ru/style_images/razgovorchik/menu/find.gif

http

msedge.exe

661 B
1.8kB
6
5

HTTP Request

GET http://razgovorchik.ru/style_images/razgovorchik/menu/find.gif

HTTP Response

404
31.31.205.163:80

http://razgovorchik.ru/style_images/razgovorchik/menu/users.gif

http

msedge.exe

708 B
1.8kB
7
5

HTTP Request

GET http://razgovorchik.ru/style_images/razgovorchik/menu/users.gif

HTTP Response

404
31.31.205.163:80

http://razgovorchik.ru/style_images/razgovorchik/menu/lb.gif

http

msedge.exe

659 B
1.8kB
6
5

HTTP Request

GET http://razgovorchik.ru/style_images/razgovorchik/menu/lb.gif

HTTP Response

404
31.31.205.163:80

http://razgovorchik.ru/style_images/razgovorchik/menu/foto1.gif

http

msedge.exe

662 B
1.8kB
6
5

HTTP Request

GET http://razgovorchik.ru/style_images/razgovorchik/menu/foto1.gif

HTTP Response

404
31.31.205.163:80

http://razgovorchik.ru/style_images/razgovorchik/menu/dn.gif

http

msedge.exe

659 B
1.8kB
6
5

HTTP Request

GET http://razgovorchik.ru/style_images/razgovorchik/menu/dn.gif

HTTP Response

404
142.250.27.139:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.4kB
13
18

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
88.212.201.204:80

http://counter.yadro.ru/hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412

http

msedge.exe

858 B
600 B
8
4

HTTP Request

GET http://counter.yadro.ru/hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412

HTTP Response

302
90.156.132.125:80

http://masterhost.ru/client/buttons/88x31/15.gif

http

msedge.exe

693 B
1.1kB
7
6

HTTP Request

GET http://masterhost.ru/client/buttons/88x31/15.gif

HTTP Response

301
95.163.52.67:80

http://dd.cb.b0.a1.top.list.ru/counter?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984

http

msedge.exe

758 B
1.2kB
7
5

HTTP Request

GET http://dd.cb.b0.a1.top.list.ru/counter?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984

HTTP Response

302
41.212.227.208:80

ads.serveuser.com

msedge.exe

260 B
5
31.31.205.163:80

http://razgovorchik.ru/style_images/razgovorchik/menu/info.gif

http

msedge.exe

1.1kB
1.8kB
8
5

HTTP Request

GET http://razgovorchik.ru/style_images/razgovorchik/menu/info.gif

HTTP Response

404
88.212.201.204:443

https://counter.yadro.ru/hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412

tls, http

msedge.exe

2.2kB
4.0kB
11
9

HTTP Request

GET https://counter.yadro.ru/hit?t14.1;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/d33a43dfbdedd71b8aa72ab6e17411ff_JaffaCakes118.html;0.20508006172448412

HTTP Response

200
90.156.132.125:443

https://masterhost.ru/client/buttons/88x31/15.gif

tls, http2

msedge.exe

3.3kB
8.8kB
20
21

HTTP Request

GET https://masterhost.ru/client/buttons/88x31/15.gif

HTTP Response

200
95.163.52.67:443

https://top-fwz1.mail.ru/counter2?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30

tls, http2

msedge.exe

2.0kB
8.0kB
17
19

HTTP Request

GET https://top-fwz1.mail.ru/counter?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30

HTTP Response

302

HTTP Request

GET https://top-fwz1.mail.ru/counter2?id=1097164;t=211;js=13;r=;j=false;s=1280*720;d=24;rand=0.38573975521371984;ver=30

HTTP Response

200
95.163.52.67:443

top-fwz1.mail.ru

tls, http2

msedge.exe

1.1kB
5.3kB
11
14
213.180.193.90:445

bs.yandex.ru

260 B
5
93.158.134.90:445

bs.yandex.ru

260 B
5
213.180.204.90:445

bs.yandex.ru

260 B
5
77.88.21.90:445

bs.yandex.ru

260 B
5
77.88.21.119:445

mc.yandex.ru

260 B
5
87.250.250.119:445

mc.yandex.ru

260 B
5
87.250.251.119:445

mc.yandex.ru

260 B
5
93.158.134.119:445

mc.yandex.ru

260 B
5

8.8.8.8:53

ads.serveuser.com

dns

msedge.exe

63 B
79 B
1
1

DNS Request

ads.serveuser.com

DNS Response

41.212.227.208
8.8.8.8:53

razgovorchik.ru

dns

msedge.exe

61 B
77 B
1
1

DNS Request

razgovorchik.ru

DNS Response

31.31.205.163
8.8.8.8:53

bs.yandex.ru

dns

58 B
138 B
1
1

DNS Request

bs.yandex.ru

DNS Response

87.250.250.90

213.180.193.90

93.158.134.90

213.180.204.90

77.88.21.90
8.8.8.8:53

masterhost.ru

dns

msedge.exe

59 B
75 B
1
1

DNS Request

masterhost.ru

DNS Response

90.156.132.125
8.8.8.8:53

counter.yadro.ru

dns

msedge.exe

62 B
110 B
1
1

DNS Request

counter.yadro.ru

DNS Response

88.212.201.204

88.212.202.52

88.212.201.198
8.8.8.8:53

dd.cb.b0.a1.top.list.ru

dns

msedge.exe

69 B
113 B
1
1

DNS Request

dd.cb.b0.a1.top.list.ru

DNS Response

95.163.52.67
8.8.8.8:53

top-fwz1.mail.ru

dns

msedge.exe

62 B
78 B
1
1

DNS Request

top-fwz1.mail.ru

DNS Response

95.163.52.67
8.8.8.8:53

139.27.250.142.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

139.27.250.142.in-addr.arpa
8.8.8.8:53

163.205.31.31.in-addr.arpa

dns

72 B
114 B
1
1

DNS Request

163.205.31.31.in-addr.arpa
8.8.8.8:53

125.132.156.90.in-addr.arpa

dns

73 B
100 B
1
1

DNS Request

125.132.156.90.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

67.52.163.95.in-addr.arpa

dns

71 B
101 B
1
1

DNS Request

67.52.163.95.in-addr.arpa
8.8.8.8:53

204.201.212.88.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

204.201.212.88.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

240.221.184.93.in-addr.arpa

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

144 B
134 B
2
1

DNS Request

226.21.18.104.in-addr.arpa

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

bs.yandex.ru

dns

58 B
138 B
1
1

DNS Request

bs.yandex.ru

DNS Response

213.180.193.90

93.158.134.90

77.88.21.90

87.250.250.90

213.180.204.90
224.0.0.251:5353

msedge.exe

523 B
8
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

210 B
144 B
3
1

DNS Request

58.55.71.13.in-addr.arpa

DNS Request

58.55.71.13.in-addr.arpa

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

mc.yandex.ru

dns

58 B
122 B
1
1

DNS Request

mc.yandex.ru

DNS Response

77.88.21.119

87.250.250.119

87.250.251.119

93.158.134.119
8.8.8.8:53

mc.yandex.ru

dns

232 B
122 B
4
1

DNS Request

mc.yandex.ru

DNS Request

mc.yandex.ru

DNS Request

mc.yandex.ru

DNS Request

mc.yandex.ru

DNS Response

93.158.134.119

87.250.250.119

87.250.251.119

77.88.21.119
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
84b28e8ffed9fa0b8f6a91b5b31b308d

SHA1
efaf4dff37c34966c481eef0caf7dacee9e2a78c

SHA256
cf81f066b1ba1e869f5551bbc61c497d91035e2afcb750c3e63d5c7644b0b29c

SHA512
a838f81d13c5ecf02aedcdc60159f4b3f6e22e1f14c566ee3b2765e5645fe0eebabe24124ac018ea64986261c904e5bb50512708babe39bde76d7a5ab9280ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af9f72099e7631b44875be9b6b80c4fc

SHA1
a208bf7cfd2201c5186e6fd069a9678568dedb6b

SHA256
4f1aaf634a6f6648eea74cee5b5e25c890fd5a89c8f14e4b69a0bf2f7f52a4bb

SHA512
8b94004a95856ad85d7d44a400a4e74518f0ca8fae5e66b471c44b1ee303941b15d8710a47d8a564151f094d36468ce48ead70f29bd2506dc2dbb97708338882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
270468e2188a5344663b35714c33e575

SHA1
e66f4a9bf1f5364fea971de939d66155c2f1ac4d

SHA256
a2c438e0afc63ffd948e3b996abebfeecb533849ac3666aa55dd0e5f022739db

SHA512
f327480b71fa7ee478072ce2715874ab027d7b6258819560157d2f1f94f8562aadf8dde544b0bcce1de13c29631097b68deb972a2a945d0aad9849e078819839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ca62d41758a234d4da37aca74c84e1f4

SHA1
cbf00435a6e4c7122bc0b9419bc1011636143c9d

SHA256
cb5994cbbddfa81145d84ccfdbf13647d5f842618191fdb7b1d0f3e7ba47685b

SHA512
f195895b463b017d7947ca23c50a6f67ac4d6a272f27598148ba231484de6998cb455facd652d1eebae792eb152395f2cc6194b3d4162fbab89199b9ef4cdbea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request