hxxps://scard50[.]ru/r

Analysis

max time kernel
21s
max time network
33s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-01-2025 20:09

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://scard50.ru/r

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1672	chrome.exe
1672	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	2952	firefox.exe
Token: SeDebugPrivilege	2952	firefox.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe
Token: SeShutdownPrivilege	1672	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2952	firefox.exe
2952	firefox.exe
2952	firefox.exe
2952	firefox.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
2952	firefox.exe
2952	firefox.exe
2952	firefox.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe
1672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 976 wrote to memory of 2952	976	firefox.exe	31
PID 2952 wrote to memory of 2720	2952	firefox.exe	32
PID 2952 wrote to memory of 2720	2952	firefox.exe	32
PID 2952 wrote to memory of 2720	2952	firefox.exe	32
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2940	2952	firefox.exe	33
PID 2952 wrote to memory of 2736	2952	firefox.exe	34
PID 2952 wrote to memory of 2736	2952	firefox.exe	34
PID 2952 wrote to memory of 2736	2952	firefox.exe	34
PID 2952 wrote to memory of 2736	2952	firefox.exe	34
PID 2952 wrote to memory of 2736	2952	firefox.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://scard50.ru/r"
1⤵
- Suspicious use of WriteProcessMemory
PID:976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://scard50.ru/r
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.0.156129013\552427906" -parentBuildID 20221007134813 -prefsHandle 1244 -prefMapHandle 1236 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74996688-4e1e-472c-9f96-f8425b2e774a} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 1344 3fcf558 gpu
    3⤵
    PID:2720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.1.2116490419\933984698" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b95f0e65-b347-4788-99d5-6adda46b3f62} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 1524 d71958 socket
    3⤵
    - Checks processor information in registry
    PID:2940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.2.191061472\1432207623" -childID 1 -isForBrowser -prefsHandle 2064 -prefMapHandle 2060 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {891a4404-6162-4fa5-8664-893f53b6d96a} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 2076 1a8b3f58 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.3.393025609\196962813" -childID 2 -isForBrowser -prefsHandle 2508 -prefMapHandle 2504 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ec6e45c-0766-464a-a1df-c019cf69ebc7} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 2520 1be47a58 tab
    3⤵
    PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.4.633714592\1858117556" -childID 3 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d0db63-a6ea-404a-8acc-f102830a09e8} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 3960 210e0558 tab
    3⤵
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.5.335073032\1702275432" -childID 4 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65ad0381-6fd9-4c6d-92a4-a6eaa5947b36} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 4056 210e2358 tab
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2952.6.1999739687\469096234" -childID 5 -isForBrowser -prefsHandle 4136 -prefMapHandle 4140 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09a64aa8-fee7-4e10-b1e5-e0459434311a} 2952 "\\.\pipe\gecko-crash-server-pipe.2952" 4124 210e0258 tab
    3⤵
    PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74c9758,0x7fef74c9768,0x7fef74c9778
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1128,i,3574105553361231399,15762398830198407190,131072 /prefetch:2
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 --field-trial-handle=1128,i,3574105553361231399,15762398830198407190,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1472 --field-trial-handle=1128,i,3574105553361231399,15762398830198407190,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1128,i,3574105553361231399,15762398830198407190,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1128,i,3574105553361231399,15762398830198407190,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1128,i,3574105553361231399,15762398830198407190,131072 /prefetch:2
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2176 --field-trial-handle=1128,i,3574105553361231399,15762398830198407190,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1128,i,3574105553361231399,15762398830198407190,131072 /prefetch:8
  2⤵
  PID:2724

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3064

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1816

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\636c648d-3694-4323-aa74-331fcf90c5d4.tmp

Filesize
343KB

MD5
771574b69aec827accb053ba53840038

SHA1
a2eb315e1f3a913b470b0ac8352c61d797233f08

SHA256
b2cd13bb5833818fbfd50e1fbd4653aab1d3f27a0d7622259b172527389ddd07

SHA512
4ff5878a2f5e23742af623b808287e4f9c6dd46d95f20b569e4dbb78ed18a83fd4efbfbdc08fdd73c98653f454018de36c7627b129f8f43122db3205469bc2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
e48308d72766e9df34615396d61ca5eb

SHA1
05019059edd07632ee2be81aa423f428d632b2ad

SHA256
2a75c4eb3e2089a082637e11b2e5c4787c461befdbb5bcf2fd5322a588a998b2

SHA512
3d49a5235180938aa09f2097fdaa154225922340f93e3fee90027aee3a2f0937ab6fa3a8f63495c865b1b601a1167c29b9ac824e0643b61295a50d988c07ad98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
74a18f6e77a936e29b1a3a1b11d4790f

SHA1
f5d6a86d7017c89dba187049af5011901318ae7d

SHA256
176e6be7f9f2184e0465ed3fc7c32be542eb148b6cb939d9b1f22f4ec7332737

SHA512
8c70d19955b19b53ea203a7358ee30135522ba1d480c4f3fee8f8f43411770c3b6abcc4abb6e122492ad1bbe930e3afdc6d43638d8084b4927e9979296cc8cbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\6db718cf-6a62-4a08-849d-d9f36e9cb6c3

Filesize
745B

MD5
c89c75173cf1efca1705abc68ebe0847

SHA1
f741ff029c5f3cb09b2e3575bbc4ef1e7f03de8c

SHA256
bd18c6ceee41950f1c5246872f7341aed28c837d7d47e3c072f7144381c509d4

SHA512
13327916e3532288d7e038f9d4ecd99b92d56fbe058b3ec75880faeddefc03446f9038555cab235b7c611d13ae7ec024292cb9e8a938588ae9becdcaedf4a99c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\7620cc77-c795-4749-a003-296c29991b2d

Filesize
12KB

MD5
da1a1d578a8456c107c90125ea7764fa

SHA1
cb70c51a27bd50d87c5a5457a76f3384e98e4a9f

SHA256
34227de4ffd86d21da5d7a6972f8c983112451a9d6ec2cfc8161ce573a50b695

SHA512
d6ab4cc855581de852ffa2108fa9432c151d15e388fd73e2ff341e5bca75fcf5e3d72f2fba3e52f10c96b90dec6b7db00090fbec3de825e48762f288b527aa5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js

Filesize
6KB

MD5
1b34eed36b39774efa9427042def7396

SHA1
9a5540f7a1b6ad161b9e08f2d5d2a53576543af3

SHA256
abede3f0da410d4a8001cc95205407133b1198f744618ef468665b74bf019bd9

SHA512
54d4eec2247fd8c96fb1a20bd73db42cb11d647ef7f45f88ddac3723cc6eadfdb2ec2a5f4ceb70f1597671f05131ad176f352d395553f6987fb8d226e3e54a4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js

Filesize
6KB

MD5
3b59e7a41cee6155595624f6b0e9a630

SHA1
ae2a0f56b000574a553136bdff3146e3046e7811

SHA256
de382b281cbeb3716977ad3547deb7e92075c23d9586940ef61aad121a7ef8bd

SHA512
2635f7508038a912ac610d4ef4ccd4bf3d96b1fcf1ed385ca1576f6ae2d59996ae7fe31a860a29a1114fc3f2604dd4356dd361349b7fa64618bafaa94f7b7cfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\sessionstore.jsonlz4

Filesize
39KB

MD5
101bc0b7ea4c1ba000deb840bf39d8e6

SHA1
53c374d5aede5945ac3469738c05b3ac02437c63

SHA256
ded43058bb26e5f34d43b3d2a58b56d07494b6cceaa820650a000fbbda818c46

SHA512
5730d50e1ed4fbfd984af72cbf1f545c997fd8c9f29fa92fa93fa8299116c49500fe69dca9d9ebd705ff531606bf78f60762aadc2a08cbae5ac4b9942c59ac11

Download Submit
memory/1356-377-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/1816-376-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads