750d02fcadf7a35668869139f2166bb21137e582abfe0603e5f3812340f55ebb

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 15:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html
Size

14KB
MD5

01f4f45ac5a689c0e417697eb8323e1d
SHA1

c455648d4965da61bbd6f36837d5cb5685ccda91
SHA256

750d02fcadf7a35668869139f2166bb21137e582abfe0603e5f3812340f55ebb
SHA512

2b002f72d97e36f4cedf4d4ce54ed54935475d45d5c92dabaf8e990950b2c1b57c47324b7057aa1fa7334d79871921eb121a1eebb5d486233b32c22c56881dfc
SSDEEP

384:gjDQ6xuCq8nLuwYWrSaMnoKPUt5mR3tQ/B8yvzrBC8BWOLSFoQ:g46xxTLdFC8BWOLSFoQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
2232	msedge.exe
2232	msedge.exe
1284	identity_helper.exe
1284	identity_helper.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4888	2232	msedge.exe	82
PID 2232 wrote to memory of 4888	2232	msedge.exe	82
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 1236	2232	msedge.exe	83
PID 2232 wrote to memory of 4000	2232	msedge.exe	84
PID 2232 wrote to memory of 4000	2232	msedge.exe	84
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85
PID 2232 wrote to memory of 4908	2232	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7afd46f8,0x7ffe7afd4708,0x7ffe7afd4718
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,990166022636253482,12640147398702626563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

Network

DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

school-shop.su

msedge.exe

Remote address:

8.8.8.8:53

Request

school-shop.su

IN A

Response

school-shop.su

IN A

185.72.146.162
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

93.158.134.119

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

87.250.250.119
GET

http://school-shop.su/f/js/jquery.favicon.js

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /f/js/jquery.favicon.js HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
Last-Modified: Fri, 24 Sep 2010 10:32:04 GMT
ETag: W/"1379-490fee3c0d100"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
GET

http://school-shop.su/f/i/detsad.jpg

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /f/i/detsad.jpg HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: image/jpeg
Content-Length: 9164
Connection: keep-alive
Keep-Alive: timeout=30
Last-Modified: Mon, 21 Jan 2013 18:58:16 GMT
ETag: "23cc-4d3d10b2d8200"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
GET

http://school-shop.su/f/i/school.jpg

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /f/i/school.jpg HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: image/jpeg
Content-Length: 7218
Connection: keep-alive
Keep-Alive: timeout=30
Last-Modified: Mon, 21 Jan 2013 18:55:08 GMT
ETag: "1c32-4d3d0fff8db00"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
GET

http://school-shop.su/f/i/xls.png

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /f/i/xls.png HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:22 GMT
Content-Type: image/png
Content-Length: 3550
Connection: keep-alive
Keep-Alive: timeout=30
Last-Modified: Wed, 09 Jan 2013 15:51:45 GMT
ETag: "dde-4d2dd0a0be640"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
GET

http://school-shop.su/f/js/jquery.favicon.run.js

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /f/js/jquery.favicon.run.js HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
Last-Modified: Sat, 26 Jan 2013 11:30:10 GMT
ETag: W/"5e-4d42f5dda9480"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
GET

http://school-shop.su/f/i/prof.jpg

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /f/i/prof.jpg HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: image/jpeg
Content-Length: 7266
Connection: keep-alive
Keep-Alive: timeout=30
Last-Modified: Mon, 21 Jan 2013 19:00:31 GMT
ETag: "1c62-4d3d1133971c0"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
GET

http://school-shop.su/f/js/jquery-1.7.2.min.js

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /f/js/jquery-1.7.2.min.js HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Vary: Accept-Encoding
Last-Modified: Fri, 23 Mar 2012 08:05:36 GMT
ETag: W/"17278-4bbe47d4d5400"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
GET

http://school-shop.su/f/i/logo2.png

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /f/i/logo2.png HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: image/png
Content-Length: 8622
Connection: keep-alive
Keep-Alive: timeout=30
Last-Modified: Mon, 21 Jan 2013 18:39:22 GMT
ETag: "21ae-4d3d0c7960a80"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
GET

http://school-shop.su/4.gif

msedge.exe

Remote address:

185.72.146.162:80

Request

GET /4.gif HTTP/1.1
Host: school-shop.su
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Mon, 30 Sep 2024 15:03:43 GMT
Content-Type: image/gif
Content-Length: 1058
Connection: keep-alive
Keep-Alive: timeout=30
Last-Modified: Fri, 25 Jan 2013 21:24:48 GMT
ETag: "422-4d4238e964800"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
DNS

counter.rambler.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

counter.rambler.ru

IN A

Response

counter.rambler.ru

IN A

81.19.89.16

counter.rambler.ru

IN A

81.19.89.18

counter.rambler.ru

IN A

81.19.89.17
GET

http://counter.rambler.ru/top100.jcn?2870985

msedge.exe

Remote address:

81.19.89.16:80

Request

GET /top100.jcn?2870985 HTTP/1.1
Host: counter.rambler.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 307 Temporary Redirect

Server: nginx
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://counter.rambler.ru/top100.jcn?2870985
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Credentials: true
DNS

site.yandex.net

msedge.exe

Remote address:

8.8.8.8:53

Request

site.yandex.net

IN A

Response

site.yandex.net

IN CNAME

static.yandex.net

static.yandex.net

IN CNAME

cdnruntyf7lllogy6adk.svc.cdn.yandex.net

cdnruntyf7lllogy6adk.svc.cdn.yandex.net

IN CNAME

cloud.cdn.yandex.net

cloud.cdn.yandex.net

IN A

37.9.64.225
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

172.217.169.46:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
Date: Mon, 30 Sep 2024 13:37:06 GMT
Expires: Mon, 30 Sep 2024 15:37:06 GMT
Cache-Control: public, max-age=7200
Age: 5175
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

https://counter.rambler.ru/top100.jcn?2870985

msedge.exe

Remote address:

81.19.89.16:443

Request

GET /top100.jcn?2870985 HTTP/2.0
host: counter.rambler.ru
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:22 GMT
content-type: application/javascript
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
x-amz-request-id: 00000192432C1055A8041FF514D32F89
etag: W/"992f9bac25fec316365533404b6e34d9"
last-modified: Fri, 27 Sep 2024 10:57:18 GMT
x-amz-meta-s3cmd-attrs: atime:1727434505/ctime:1727434504/gid:0/gname:root/md5:992f9bac25fec316365533404b6e34d9/mode:33188/mtime:1727434503/uid:0/uname:root
x-amz-tagging-count: 0
x-amz-content-sha256: 8c02daa739c422c7e17056502bb96be8957f130376f23d96f59cd9858da91844
x-amz-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
content-encoding: gzip
x-cdn-request-id: 71bfe76fa5810a2f88617e6293969c05
x-cdn-edge-id: 1173
x-cdn-edge-cache: HIT
expires: Mon, 30 Sep 2024 16:03:22 GMT
cache-control: max-age=3600
POST

https://kraken.rambler.ru/cnt/v2/

msedge.exe

Remote address:

81.19.89.16:443

Request

POST /cnt/v2/ HTTP/2.0
host: kraken.rambler.ru
content-length: 1250
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:22 GMT
content-type: image/gif
content-length: 43
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
set-cookie: ruid=1CIAALq9+mYBAIprAxBD1wB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly,; Secure
set-cookie: proto_uid=1CIAALq9+mYBAIprAxBD1wB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly; Secure
strict-transport-security: max-age=31536000; includeSubDomains
x-sca-elb: nginx-top100-ext-dedicated
POST

https://kraken.rambler.ru/cnt/v2/

msedge.exe

Remote address:

81.19.89.16:443

Request

POST /cnt/v2/ HTTP/2.0
host: kraken.rambler.ru
content-length: 1258
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:23 GMT
content-type: image/gif
content-length: 43
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
set-cookie: ruid=1CIAALu9+mYBAMulAySbpwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly,; Secure
set-cookie: proto_uid=1CIAALu9+mYBAMulAySbpwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly; Secure
strict-transport-security: max-age=31536000; includeSubDomains
x-sca-elb: nginx-top100-ext-dedicated
POST

https://kraken.rambler.ru/cnt/v2/

msedge.exe

Remote address:

81.19.89.16:443

Request

POST /cnt/v2/ HTTP/2.0
host: kraken.rambler.ru
content-length: 1258
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:23 GMT
content-type: image/gif
content-length: 43
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
set-cookie: ruid=1CIAALu9+mYBAFq2A0wjnwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly,; Secure
set-cookie: proto_uid=1CIAALu9+mYBAFq2A0wjnwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly; Secure
strict-transport-security: max-age=31536000; includeSubDomains
x-sca-elb: nginx-top100-ext-dedicated
POST

https://kraken.rambler.ru/cnt/v2/

msedge.exe

Remote address:

81.19.89.16:443

Request

POST /cnt/v2/ HTTP/2.0
host: kraken.rambler.ru
content-length: 1258
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:24 GMT
content-type: image/gif
content-length: 43
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
set-cookie: ruid=1CIAALy9+mYBACkQA0iTvwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly,; Secure
set-cookie: proto_uid=1CIAALy9+mYBACkQA0iTvwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly; Secure
strict-transport-security: max-age=31536000; includeSubDomains
x-sca-elb: nginx-top100-ext-dedicated
POST

https://kraken.rambler.ru/cnt/v2/

msedge.exe

Remote address:

81.19.89.16:443

Request

POST /cnt/v2/ HTTP/2.0
host: kraken.rambler.ru
content-length: 1258
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:25 GMT
content-type: image/gif
content-length: 43
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
set-cookie: ruid=1CIAAL29+mYBAK7GA9efpwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly,; Secure
set-cookie: proto_uid=1CIAAL29+mYBAK7GA9efpwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly; Secure
strict-transport-security: max-age=31536000; includeSubDomains
x-sca-elb: nginx-top100-ext-dedicated
POST

https://kraken.rambler.ru/cnt/v2/

msedge.exe

Remote address:

81.19.89.16:443

Request

POST /cnt/v2/ HTTP/2.0
host: kraken.rambler.ru
content-length: 1258
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:27 GMT
content-type: image/gif
content-length: 43
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
set-cookie: ruid=1CIAAL+9+mYBAK7GAx8vqwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly,; Secure
set-cookie: proto_uid=1CIAAL+9+mYBAK7GAx8vqwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly; Secure
strict-transport-security: max-age=31536000; includeSubDomains
x-sca-elb: nginx-top100-ext-dedicated
POST

https://kraken.rambler.ru/cnt/v2/

msedge.exe

Remote address:

81.19.89.16:443

Request

POST /cnt/v2/ HTTP/2.0
host: kraken.rambler.ru
content-length: 1258
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:57 GMT
content-type: image/gif
content-length: 43
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
set-cookie: ruid=1CIAAN29+mYBAMulAz9n3wB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly,; Secure
set-cookie: proto_uid=1CIAAN29+mYBAMulAz9n3wB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly; Secure
strict-transport-security: max-age=31536000; includeSubDomains
x-sca-elb: nginx-top100-ext-dedicated
POST

https://kraken.rambler.ru/cnt/v2/

msedge.exe

Remote address:

81.19.89.16:443

Request

POST /cnt/v2/ HTTP/2.0
host: kraken.rambler.ru
content-length: 1258
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:04:57 GMT
content-type: image/gif
content-length: 43
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:01 GMT
pragma: no-cache
set-cookie: ruid=1CIAABm++mYBACkQA1gjVwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly,; Secure
set-cookie: proto_uid=1CIAABm++mYBACkQA1gjVwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/; HttpOnly; Secure
strict-transport-security: max-age=31536000; includeSubDomains
x-sca-elb: nginx-top100-ext-dedicated
GET

http://site.yandex.net/v2.0/js/all.js

msedge.exe

Remote address:

37.9.64.225:80

Request

GET /v2.0/js/all.js HTTP/1.1
Host: site.yandex.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 30 Sep 2024 15:03:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=216013
Etag: W/"f7635abc3bcad1a251f1d35c2fbe002e"
Expires: Thu, 26 Sep 2024 12:15:31 GMT
Last-Modified: Thu, 14 Mar 2024 10:20:57 GMT
NEL: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
Report-To: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
Strict-Transport-Security: max-age=43200000; includeSubDomains;
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Robots-Tag: noindex, noarchive, nofollow
X-Request-Id: fa5c6a443ee163e8
Cache-Host: cloudcdn-std-43.cdn.yandex.net
Cache-Status: HIT
Content-Encoding: gzip
DNS

83.210.23.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.210.23.2.in-addr.arpa

IN PTR

Response

83.210.23.2.in-addr.arpa

IN PTR

a2-23-210-83deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

162.146.72.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.146.72.185.in-addr.arpa

IN PTR

Response

162.146.72.185.in-addr.arpa

IN PTR

sn003 fullspaceru
DNS

16.89.19.81.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.89.19.81.in-addr.arpa

IN PTR

Response

16.89.19.81.in-addr.arpa

IN PTR

krakenramblerru
DNS

46.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.169.217.172.in-addr.arpa

IN PTR

Response

46.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f141e100net
DNS

225.64.9.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.64.9.37.in-addr.arpa

IN PTR

Response

225.64.9.37.in-addr.arpa

IN PTR

cloudcdnyandexnet
DNS

yastatic.net

msedge.exe

Remote address:

8.8.8.8:53

Request

yastatic.net

IN A

Response

yastatic.net

IN A

178.154.131.215

yastatic.net

IN A

178.154.131.217
GET

https://yastatic.net/jquery/1.6.2/jquery.min.js

msedge.exe

Remote address:

178.154.131.215:443

Request

GET /jquery/1.6.2/jquery.min.js HTTP/2.0
host: yastatic.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.17.9
date: Mon, 30 Sep 2024 15:03:22 GMT
content-type: application/x-javascript
content-length: 28368
access-control-allow-origin: *
cache-control: public, max-age=31556952
content-encoding: br
etag: "57f5e4ce99f95e1eb0f18d52b65b6769"
expires: Thu, 14 Aug 2025 20:44:15 GMT
last-modified: Mon, 12 Nov 2018 13:13:42 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 4f863fe047210134
accept-ranges: bytes
DNS

kraken.rambler.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

kraken.rambler.ru

IN A

Response

kraken.rambler.ru

IN A

81.19.89.18

kraken.rambler.ru

IN A

81.19.89.17

kraken.rambler.ru

IN A

81.19.89.16

kraken.rambler.ru

IN A

46.243.143.140
DNS

counter.yadro.ru

msedge.exe

Remote address:

8.8.8.8:53

Request

counter.yadro.ru

IN A

Response

counter.yadro.ru

IN A

88.212.201.204

counter.yadro.ru

IN A

88.212.202.52

counter.yadro.ru

IN A

88.212.201.198
DNS

widget.siteheart.com

msedge.exe

Remote address:

8.8.8.8:53

Request

widget.siteheart.com

IN A

Response
GET

https://site.yandex.net/v2.0/i/yandex-hint-rb.png

msedge.exe

Remote address:

37.9.64.225:443

Request

GET /v2.0/i/yandex-hint-rb.png HTTP/2.0
host: site.yandex.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:22 GMT
content-type: image/png
content-length: 425
access-control-allow-origin: *
cache-control: public, max-age=216013
etag: "fbe624b4939c4538e386beffac5861f6"
expires: Tue, 23 Jul 2024 06:52:22 GMT
last-modified: Thu, 14 Mar 2024 10:20:57 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
x-request-id: 4220f2c1dfc7935c
cache-host: cloudcdn-m9-11.cdn.yandex.net
cache-status: HIT
accept-ranges: bytes
GET

https://site.yandex.net/v2.0/js/suggest.js

msedge.exe

Remote address:

37.9.64.225:443

Request

GET /v2.0/js/suggest.js HTTP/2.0
host: site.yandex.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:22 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=216013
etag: W/"7b6f38e40b4c5677b862a187cb8b3e24"
expires: Sat, 14 Sep 2024 21:26:35 GMT
last-modified: Thu, 14 Mar 2024 10:20:57 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
content-encoding: br
x-request-id: e73b05b13db7c1e7
cache-host: cloudcdn-m9-11.cdn.yandex.net
cache-status: HIT
GET

https://site.yandex.net/v2.0/js/opensearch.js

msedge.exe

Remote address:

37.9.64.225:443

Request

GET /v2.0/js/opensearch.js HTTP/2.0
host: site.yandex.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:22 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=216013
etag: W/"d12257f87644c4e89830f47705dee860"
expires: Sat, 14 Sep 2024 21:26:35 GMT
last-modified: Thu, 14 Mar 2024 10:20:57 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
content-encoding: br
x-request-id: 7b47db4176197070
cache-host: cloudcdn-m9-11.cdn.yandex.net
cache-status: HIT
GET

https://site.yandex.net/v2.0/js/punycode.js

msedge.exe

Remote address:

37.9.64.225:443

Request

GET /v2.0/js/punycode.js HTTP/2.0
host: site.yandex.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Mon, 30 Sep 2024 15:03:23 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=216013
etag: W/"0fb20dc655bce6eec71e5cee38b400fe"
expires: Sat, 14 Sep 2024 21:26:55 GMT
last-modified: Thu, 14 Mar 2024 10:20:57 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-robots-tag: noindex, noarchive, nofollow
content-encoding: br
x-request-id: 7775cfb2f49fa7cf
cache-host: cloudcdn-m9-11.cdn.yandex.net
cache-status: HIT
GET

http://counter.yadro.ru/hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114

msedge.exe

Remote address:

88.212.201.204:80

Request

GET /hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114 HTTP/1.1
Host: counter.yadro.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Date: Mon, 30 Sep 2024 15:03:22 GMT
Server: 0W/0.8c
Content-Type: text/html
Location: https://counter.yadro.ru/hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114
Content-Length: 32
Expires: Sat, 30 Sep 2023 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
GET

https://counter.yadro.ru/hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114

msedge.exe

Remote address:

88.212.201.204:443

Request

GET /hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114 HTTP/1.1
Host: counter.yadro.ru
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.17.9
Date: Mon, 30 Sep 2024 15:03:23 GMT
Content-Type: image/gif
Content-Length: 177
Connection: keep-alive
Expires: Sat, 30 Sep 2023 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
DNS

215.131.154.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.131.154.178.in-addr.arpa

IN PTR

Response

215.131.154.178.in-addr.arpa

IN PTR

staticyandexnet
DNS

204.201.212.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.201.212.88.in-addr.arpa

IN PTR

Response

204.201.212.88.in-addr.arpa

IN CNAME

204.192/26.201.212.88.in-addr.arpa

204.192/26.201.212.88.in-addr.arpa

IN PTR

host204raxru
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

87.250.250.119

mc.yandex.ru

IN A

93.158.134.119
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

98.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.117.19.2.in-addr.arpa

IN PTR

Response

98.117.19.2.in-addr.arpa

IN PTR

a2-19-117-98deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

77.88.21.119:445

mc.yandex.ru

260 B
5
185.72.146.162:80

http://school-shop.su/f/i/xls.png

http

msedge.exe

2.2kB
23.9kB
18
25

HTTP Request

GET http://school-shop.su/f/js/jquery.favicon.js

HTTP Response

200

HTTP Request

GET http://school-shop.su/f/i/detsad.jpg

HTTP Response

200

HTTP Request

GET http://school-shop.su/f/i/school.jpg

HTTP Response

200

HTTP Request

GET http://school-shop.su/f/i/xls.png

HTTP Response

200
185.72.146.162:80

http://school-shop.su/f/i/prof.jpg

http

msedge.exe

1.3kB
8.5kB
13
12

HTTP Request

GET http://school-shop.su/f/js/jquery.favicon.run.js

HTTP Response

200

HTTP Request

GET http://school-shop.su/f/i/prof.jpg

HTTP Response

200
185.72.146.162:80

http://school-shop.su/4.gif

http

msedge.exe

2.5kB
51.4kB
31
44

HTTP Request

GET http://school-shop.su/f/js/jquery-1.7.2.min.js

HTTP Response

200

HTTP Request

GET http://school-shop.su/f/i/logo2.png

HTTP Response

200

HTTP Request

GET http://school-shop.su/4.gif

HTTP Response

200
81.19.89.16:80

http://counter.rambler.ru/top100.jcn?2870985

http

msedge.exe

593 B
724 B
6
5

HTTP Request

GET http://counter.rambler.ru/top100.jcn?2870985

HTTP Response

307
185.72.146.162:80

school-shop.su

msedge.exe

288 B
184 B
6
4
185.72.146.162:80

school-shop.su

msedge.exe

288 B
184 B
6
4
172.217.169.46:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.8kB
13
19

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
81.19.89.16:443

https://kraken.rambler.ru/cnt/v2/

tls, http2

msedge.exe

14.6kB
53.8kB
60
69

HTTP Request

GET https://counter.rambler.ru/top100.jcn?2870985

HTTP Response

200

HTTP Request

POST https://kraken.rambler.ru/cnt/v2/

HTTP Response

200

HTTP Request

POST https://kraken.rambler.ru/cnt/v2/

HTTP Response

200

HTTP Request

POST https://kraken.rambler.ru/cnt/v2/

HTTP Response

200

HTTP Request

POST https://kraken.rambler.ru/cnt/v2/

HTTP Response

200

HTTP Request

POST https://kraken.rambler.ru/cnt/v2/

HTTP Response

200

HTTP Request

POST https://kraken.rambler.ru/cnt/v2/

HTTP Response

200

HTTP Request

POST https://kraken.rambler.ru/cnt/v2/

HTTP Response

200

HTTP Request

POST https://kraken.rambler.ru/cnt/v2/

HTTP Response

200
37.9.64.225:80

http://site.yandex.net/v2.0/js/all.js

http

msedge.exe

1.0kB
22.4kB
15
23

HTTP Request

GET http://site.yandex.net/v2.0/js/all.js

HTTP Response

200
178.154.131.215:443

https://yastatic.net/jquery/1.6.2/jquery.min.js

tls, http2

msedge.exe

2.3kB
35.1kB
28
40

HTTP Request

GET https://yastatic.net/jquery/1.6.2/jquery.min.js

HTTP Response

200
93.158.134.119:445

mc.yandex.ru

260 B
5
87.250.251.119:445

mc.yandex.ru

260 B
5
87.250.250.119:445

mc.yandex.ru

260 B
5
37.9.64.225:443

site.yandex.net

tls

msedge.exe

1.0kB
5.8kB
9
10
37.9.64.225:443

https://site.yandex.net/v2.0/js/punycode.js

tls, http2

msedge.exe

2.6kB
23.4kB
28
34

HTTP Request

GET https://site.yandex.net/v2.0/i/yandex-hint-rb.png

HTTP Request

GET https://site.yandex.net/v2.0/js/suggest.js

HTTP Request

GET https://site.yandex.net/v2.0/js/opensearch.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://site.yandex.net/v2.0/js/punycode.js

HTTP Response

200
37.9.64.225:443

site.yandex.net

tls

msedge.exe

977 B
5.1kB
10
8
88.212.201.204:80

http://counter.yadro.ru/hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114

http

msedge.exe

766 B
600 B
6
4

HTTP Request

GET http://counter.yadro.ru/hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114

HTTP Response

302
88.212.201.204:443

https://counter.yadro.ru/hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114

tls, http

msedge.exe

1.7kB
4.0kB
11
9

HTTP Request

GET https://counter.yadro.ru/hit?t14.11;r;s1280*720*24;ufile%3A///C%3A/Users/Admin/AppData/Local/Temp/01f4f45ac5a689c0e417697eb8323e1d_JaffaCakes118.html;0.5807951734303114

HTTP Response

200

8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

school-shop.su

dns

msedge.exe

60 B
76 B
1
1

DNS Request

school-shop.su

DNS Response

185.72.146.162
8.8.8.8:53

mc.yandex.ru

dns

58 B
122 B
1
1

DNS Request

mc.yandex.ru

DNS Response

77.88.21.119

93.158.134.119

87.250.251.119

87.250.250.119
8.8.8.8:53

counter.rambler.ru

dns

msedge.exe

64 B
112 B
1
1

DNS Request

counter.rambler.ru

DNS Response

81.19.89.16

81.19.89.18

81.19.89.17
8.8.8.8:53

site.yandex.net

dns

msedge.exe

61 B
161 B
1
1

DNS Request

site.yandex.net

DNS Response

37.9.64.225
8.8.8.8:53

83.210.23.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

83.210.23.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

162.146.72.185.in-addr.arpa

dns

73 B
105 B
1
1

DNS Request

162.146.72.185.in-addr.arpa
8.8.8.8:53

16.89.19.81.in-addr.arpa

dns

70 B
101 B
1
1

DNS Request

16.89.19.81.in-addr.arpa
8.8.8.8:53

46.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

46.169.217.172.in-addr.arpa
8.8.8.8:53

225.64.9.37.in-addr.arpa

dns

70 B
104 B
1
1

DNS Request

225.64.9.37.in-addr.arpa
8.8.8.8:53

yastatic.net

dns

msedge.exe

58 B
90 B
1
1

DNS Request

yastatic.net

DNS Response

178.154.131.215

178.154.131.217
8.8.8.8:53

kraken.rambler.ru

dns

msedge.exe

63 B
127 B
1
1

DNS Request

kraken.rambler.ru

DNS Response

81.19.89.18

81.19.89.17

81.19.89.16

46.243.143.140
8.8.8.8:53

counter.yadro.ru

dns

msedge.exe

62 B
110 B
1
1

DNS Request

counter.yadro.ru

DNS Response

88.212.201.204

88.212.202.52

88.212.201.198
8.8.8.8:53

widget.siteheart.com

dns

msedge.exe

66 B
144 B
1
1

DNS Request

widget.siteheart.com
8.8.8.8:53

215.131.154.178.in-addr.arpa

dns

74 B
105 B
1
1

DNS Request

215.131.154.178.in-addr.arpa
8.8.8.8:53

204.201.212.88.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

204.201.212.88.in-addr.arpa
8.8.8.8:53

mc.yandex.ru

dns

58 B
122 B
1
1

DNS Request

mc.yandex.ru

DNS Response

87.250.251.119

77.88.21.119

87.250.250.119

93.158.134.119
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
224.0.0.251:5353

msedge.exe

522 B
8
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

98.117.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

98.117.19.2.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
329B

MD5
6050b694806f4bf336f1ac57f427036a

SHA1
86e8a7fff2a16526df1ec384586e0fdd4f79b1a9

SHA256
46465be3da43dac88df24df3d16e61b86a72470ac60b9213f8f8a549a0b4fe1c

SHA512
e54bd0e0f56b279b5ce13455b895dea48cb69f0a4970a9bd38a6ef3d2ad8c8db77b7c53c15acf6cbd4ca37dd73f9c28b4985201ae387c330bb374e97c503fe51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be2d2656df5bd77ceb1d571a41e272f5

SHA1
7ed920c5d1ce0957448ace2eef4b0b395e97a099

SHA256
e216e1896b79a8aa52203127b536b2d233c2874290bddcaa65fca8c01b45f8b6

SHA512
140d474df806cf1b91017f2e75d24e7bba3733046a950d21bd93f3b426ed0a7a3ffcbbe9adb0b1447c57b39946349eb991bfe06a92be253ff110daaabeb4eacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9fd4aac9099a266b885aed3e3e17ba93

SHA1
79e91cf59a104deac8dbdceaf4a5bd1889a861d9

SHA256
ed5671cb143830dc14c001e091cf468036e2b13ab289919002306d5fd05cdc41

SHA512
4267184df74d6484d7a1e07cd11f6f683ade0af350f900160dc981bf67def2a968c8d56346baa1fdce0138c27ee84756b4298030259bd0a355de30b07433a559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
528dd34d8c0ae62a6c8878c0fc8ef1d7

SHA1
2c9ee53dd65370adab79a05a0e744b3d4b73d4d8

SHA256
4726ac658889a4b4dbd6ebca9ce1a379e919552690a631b68174a30408960350

SHA512
2de72c82e5f412cfd1193ccca8a1a19155f1af6e5b17b457a8703abf53fa8a0f8fc13ec7773632b632d3ba16a75298370ff11e8c349037b9dc18ba54c3920caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
47f792d2ee2bb3c1cbab2dffb5f976f5

SHA1
10e25e77fb6ef5d1bf1569f571aeec69ccaab79a

SHA256
3562b760eebbeaa3bc580d126cdd55e9d18496a0164dd89a27176ad29a2b79a2

SHA512
612e898ad2a7a6a705a8a4faa55f7af1feef3b5e9e2e7a239be109da1a35298930ae2285c8c5ded73f51f49b635a0a7427a44413ef7538eb2c176fdeafdcb8eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587b65.TMP

Filesize
705B

MD5
07e04fdced6e4996c1c3398a8cc418e6

SHA1
bcf5192962f3a2b5e6a7136e0e1b59408907ed48

SHA256
22df996ef29fb05e7749988af093bfb61d3de6a43714c6c20d4e172739b641cb

SHA512
eace56bb2474039272fe1a09eb3bd4639ada008c6b0b58a7be30b52d1252b2bf9775c017d5fe228a7620efd68cc835aad158f0f6f8aac8eca58569f16cf928fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cc5b7b36-cefa-47c1-adf6-209c23e5c927.tmp

Filesize
6KB

MD5
82c1f6adbe1ed729f9a838db6287002f

SHA1
1e91819a5fc6f49bce992803f499db08f45c19f9

SHA256
0af9c11336c0cbbed8a572e0fadbd6fc22c1e398e27f7d940b3d32290220fcbb

SHA512
f7fa8e26dacbf613033369e9c29b3f831302bacc7e10c9360d61a986826fbc7499b3c3674034216d4dc1da1a63bd06f1fd05d6e7a22a3a0771225e5e7f59043f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2585c18c778e4f51bf85654ad3ced75

SHA1
ddf3c2d7abc3bcc7f3c68e40ae6166615c233a25

SHA256
e3ed34a0c992a4de886b1d9780dc1d97a70c7844d8fc856e35f6bc537b59b0f7

SHA512
2e7a28f13d80f71da18f5de7171c95afdea7f4736d5c2b511153c46beb96e153363e960ef4cf5a8376711246759e411a513caf45f28b9f3573405e9375d9861a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response