Техническая информация
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\~sfx004571db3c\ganteng.dll
- %TEMP%\~sfx004571db3c\point white v.16.exe
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-699fb863-508.pma
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-699fb865-b74.pma
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000002
- %LOCALAPPDATA%\microsoft\edge\user data\default\000002.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\index
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_2
- %LOCALAPPDATA%\microsoft\edge\user data\default\gpucache\data_3
- %LOCALAPPDATA%\microsoft\edge\user data\default\cookies-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\cookies
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\index
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_2
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\data_3
- %LOCALAPPDATA%\microsoft\edge\user data\default\reporting and nel-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\reporting and nel
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\manifest-000004
- %LOCALAPPDATA%\microsoft\edge\user data\default\data_reduction_proxy_leveldb\000004.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\shortcuts-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\shortcuts
- %LOCALAPPDATA%\microsoft\edge\user data\default\network action predictor-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\network action predictor
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000002
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\068bde0bfc9841eb_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000003
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000004
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000005
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\0410e4c08287d7ab_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000006
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000007
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000008
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\a4b5f6f7910a6b5a_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\e61f62036491eef4_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000009
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\796ce0e1347b4b91_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\8fffe67b881703f9_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00000a
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00000b
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\63ae3dbb095e3c48_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00000c
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00000d
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00000e
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00000f
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000010
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\5191513d77df0d67_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000011
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\edd610b82b9bae7a_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000012
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\8adcae65f50dbb1f_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\b96a0447d6b428c0_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\06d6248b93c1351c_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\a57409b48ea1a004_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\df2e8ed570aff1b6_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\efbe7e870bacd311_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\3e53a5203ada0934_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\dfe47e0bfa791e60_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000013
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\6be1fc6871498bba_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000014
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\e831cb81d18d09fc_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\694b7242f35287af_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000015
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000016
- %TEMP%\6a39ddb3-56bd-40b7-912d-a08484cd3f1b.tmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000017
- %LOCALAPPDATA%\microsoft\edge\user data\default\videodecodestats\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\default\videodecodestats\000001.dbtmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\videodecodestats\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000018
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000019
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00001a
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00001b
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00001c
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\bfc0b4ccbf82cb60_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\489b044e38e2c176_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00001d
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00001e
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\4eea2223433373cc_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\08f71efd2bb0522f_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_00001f
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000020
- %TEMP%\7085b707-6242-4be1-a339-cbb6d4452395.tmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000021
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\69a901c0af962064_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\5338ec722a288398_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\35ad5c641145810d_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\e3966bdd7b1d8023_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\edbfcf2fb9ee1f82_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\f2b5c7cdc6e2a616_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\36afb459346c2d91_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000022
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000023
- %LOCALAPPDATA%\microsoft\edge\user data\default\cache\f_000024
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\18c777febafc76e7_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\06c7f112e18483b8_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\a0e8adaa8b537114_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\b833f5432747c0ea_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\c9d9c89e8d64eac1_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\95b49f02b03fcbd6_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\811b85c3ac3541b1_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\9e61f130299b5ea5_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\4ab04384a621efa1_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\c9c4ab9064c07376_0
- %TEMP%\1b1879ca-f5c5-49be-94d6-e52e795b2eb7.tmp
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\335e69ddec2b9ac6_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\c8e3d243213c2816_0
- %LOCALAPPDATA%\microsoft\edge\user data\functional data-wal
- %LOCALAPPDATA%\microsoft\edge\user data\functional san data-wal
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\index-dir\temp-index
Удаляет файлы, которые сам же создал
- %LOCALAPPDATA%\microsoft\edge\user data\default\manifest-000001
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-699fb863-508.pma
- %LOCALAPPDATA%\microsoft\edge\user data\browsermetrics\browsermetrics-699fb865-b74.pma
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\e61f62036491eef4_0
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\c8e3d243213c2816_0
- %TEMP%\edge_bits_2932_1552043929\dde93974-5cbc-4ecc-898f-436e62207c34
Перемещает следующие файлы
- %LOCALAPPDATA%\microsoft\edge\user data\default\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\session storage\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\eventdb\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\feature engagement tracker\availabilitydb\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\autofillstrikedatabase\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\extension state\current
- %LOCALAPPDATA%\microsoft\edge\user data\default\videodecodestats\000001.dbtmp в %LOCALAPPDATA%\microsoft\edge\user data\default\videodecodestats\current
Изменяет следующие файлы
- %LOCALAPPDATA%\microsoft\edge\user data\last version
- %LOCALAPPDATA%\microsoft\edge\user data\default\sync data\leveldb\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\site characteristics database\log
- %LOCALAPPDATA%\microsoft\edge\user data\default\sync data\leveldb\000003.log
- %LOCALAPPDATA%\microsoft\edge\user data\default\web data-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\web data
- %LOCALAPPDATA%\microsoft\tokenbroker\cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
- %LOCALAPPDATA%\microsoft\edge\user data\last browser
- %LOCALAPPDATA%\microsoft\edge\user data\default\history-journal
- %LOCALAPPDATA%\microsoft\edge\user data\default\visited links
- %LOCALAPPDATA%\microsoft\edge\user data\default\history
- %LOCALAPPDATA%\microsoft\edge\user data\default\favicons-journal
- %TEMP%\.ses
- %LOCALAPPDATA%\microsoft\edge\user data\default\favicons
Подменяет следующие файлы
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\Platform Notifications\LOG
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
- %LOCALAPPDATA%\Microsoft\Edge\User Data\Default\BudgetDatabase\LOG
- %LOCALAPPDATA%\microsoft\edge\user data\default\code cache\js\c8e3d243213c2816_0
Сетевая активность
Подключается к
- 'co####.edge.skype.com':443
- 'kr#####4.blogspot.com':80
- 'kr#####4.blogspot.com':443
- 'bl##ger.com':443
- 'aj##.#oogleapis.com':443
- 'ne####.bootstrapcdn.com':443
- 'cd#.adf.ly':443
- 'ad.##ads.com':443
- 'yo##ube.com':443
- 'fo###.#oogleapis.com':443
- 'st####.a-ads.com':443
- 'apis.google.com':443
- 'fo###.gstatic.com':443
- 'i.##img.com':443
- 'bl#####.#oogleusercontent.com':443
- '2.##.#logspot.com':443
- 'pa####objects.com':443
- 'fa###ay.co.id':443
- 'pa#####.#ooglesyndication.com':443
- 'lh#.####leusercontent.com':443
- 'a.###.#loudflare.com':443
- 'ss#.#static.com':443
- 'go######s.g.doubleclick.net':443
- 'st####.doubleclick.net':443
- 'jn####.googleapis.com':443
TCP
Запросы HTTP GET
- http://kr#####4.blogspot.com/
Другие
- 'co####.edge.skype.com':443
- 'kr#####4.blogspot.com':443
- 'bl##ger.com':443
- 'aj##.#oogleapis.com':443
- 'li###ertise.com':443
- 'ad#.ly':443
- 'ad.##ads.com':443
- 'yo##ube.com':443
- 'fo###.#oogleapis.com':443
- 'apis.google.com':443
- 'fo###.gstatic.com':443
- 'i.##img.com':443
- 'bl#####.#oogleusercontent.com':443
- '1.##.#logspot.com':443
- 'pa####objects.com':443
- 'fa###ay.co.id':443
- 'pa#####.#ooglesyndication.com':443
- 'a.###.#loudflare.com':443
- 'go######s.g.doubleclick.net':443
- 'st####.doubleclick.net':443
- 'google.com':443
- 'play.google.com':443
- 'jn####.googleapis.com':443
UDP
- DNS ASK kr#####4.blogspot.com
- DNS ASK co####.edge.skype.com
- DNS ASK bl##ger.com
- DNS ASK aj##.#oogleapis.com
- DNS ASK cd#.adf.ly
- DNS ASK ne####.bootstrapcdn.com
- DNS ASK ad.##ads.com
- DNS ASK yo##ube.com
- DNS ASK fo###.#oogleapis.com
- DNS ASK st####.a-ads.com
- DNS ASK apis.google.com
- DNS ASK fo###.gstatic.com
- DNS ASK xs##.alexa.com
- DNS ASK i.##img.com
- DNS ASK 2.##.#logspot.com
- DNS ASK bl#####.#oogleusercontent.com
- DNS ASK lh#.####leusercontent.com
- DNS ASK pa####objects.com
- DNS ASK fa###ay.co.id
- DNS ASK ad#.ly
- DNS ASK pa#####.#ooglesyndication.com
- DNS ASK pu######r.linkvertise.com
- DNS ASK li###ertise.com
- DNS ASK gs##tic.com
- DNS ASK a.###.#loudflare.com
- DNS ASK ss#.#static.com
- DNS ASK 3.##.#logspot.com
- DNS ASK 1.##.#logspot.com
- DNS ASK go######s.g.doubleclick.net
- DNS ASK st####.doubleclick.net
- DNS ASK google.com
- DNS ASK play.google.com
- DNS ASK jn####.googleapis.com
Другое
Ищет следующие окна
- ClassName: '' WindowName: 'HSUpdate'
- ClassName: 'Chrome_MessageWindow' WindowName: '%LOCALAPPDATA%\Microsoft\Edge\User Data'
Создает и запускает на исполнение
- '%TEMP%\~sfx004571db3c\point white v.16.exe'
Запускает на исполнение
- '%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe' --single-argument http://kress-k4.blogspot.com/
- '%ProgramFiles(x86)%\microsoft\edge\application\msedge.exe' --flag-switches-begin --flag-switches-end --do-not-de-elevate http://kress-k4.blogspot.com/ (со скрытым окном)
- '%ProgramFiles(x86)%\microsoft\edge\application\89.0.774.68\identity_helper.exe' --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,13377791396102582583,15758174030534063066,131072 --lang=en-US --service-sandbox-type=none --mojo...
