155ca5bef45b0a5d31d597a67d1df391c106a871d26cd68746557f90db214040

General

Target

FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml
Size

25KB
MD5

bd5006c2f8ff0e041329a43fca52a3f9
SHA1

5d9050d3ac220dee62b4eb4e0486356afa670571
SHA256

155ca5bef45b0a5d31d597a67d1df391c106a871d26cd68746557f90db214040
SHA512

da9b3278aafa187a8334b25315c069cda29266f1228d5d49a6b23642d22db8185f44f4d83678ffcc64572db063d07e778776935c2b40f9b3b7c2467838869560
SSDEEP

768:nmNdm5UDX/fMO3V8NskjoAHZ4hvGPOwKOuOyFq8IqYqB7:nudmoX/uNxo

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

Processes:

cmd.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml:OECustomProperty	cmd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

1308 OpenWith.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 1508 firefox.exe
Token: SeDebugPrivilege 1508 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

1508 firefox.exe
1508 firefox.exe
1508 firefox.exe
1508 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1508 firefox.exe
1508 firefox.exe
1508 firefox.exe

description	pid	process
Token: SeDebugPrivilege	1508	firefox.exe
Token: SeDebugPrivilege	1508	firefox.exe

pid	process
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe

pid	process
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe

Suspicious use of SetWindowsHookEx 40 IoCs

Processes:

OpenWith.exefirefox.exe

pid	process
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1308	OpenWith.exe
1508	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1308 wrote to memory of 5112	1308	OpenWith.exe	firefox.exe
PID 1308 wrote to memory of 5112	1308	OpenWith.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 5112 wrote to memory of 1508	5112	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 3012	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 1724	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 1724	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 1724	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 1724	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 1724	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 1724	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 1724	1508	firefox.exe	firefox.exe
PID 1508 wrote to memory of 1724	1508	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
- Modifies registry class
- NTFS ADS
PID:2796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Suspicious use of WriteProcessMemory
PID:5112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.0.526021795\1029550114" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1532 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9f9f9b1-8a5b-4a83-95b1-f9b65d2f4d39} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 1852 160c7422358 gpu
4⤵
PID:3012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.1.1930130337\1655560777" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0daa23f3-613b-44fc-9c89-e6b5881244e4} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 2444 160ba691558 socket
4⤵
PID:1724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.2.1047089524\1109259683" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce9eb8b-c3db-4c4e-9663-c10114884589} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 3212 160ca340258 tab
4⤵
PID:4356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.3.451057603\521072792" -childID 2 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cadc0e3-f599-41ea-bf01-7cbd4c311dfb} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 3632 160cbd58e58 tab
4⤵
PID:2076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.4.454581648\532752867" -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5252 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f08dfeb-c904-4eb6-8aa0-81da8545d626} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 5264 160cc888658 tab
4⤵
PID:3216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.5.93766797\1207764628" -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5416 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5441b82-8a97-4f07-8572-843a69bca0f0} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 5432 160cdf8d058 tab
4⤵
PID:740

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1508.6.920714053\1431914278" -childID 5 -isForBrowser -prefsHandle 5612 -prefMapHandle 5608 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3466e035-aa1f-458f-927b-af9f7567c603} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" 5624 160cdf8c158 tab
4⤵
PID:4756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:3160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:4148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:4940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:1928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:1672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:3528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:3992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:3184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:1400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:4900

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:4472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:3800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:4528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:3340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:1048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
PID:4868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:1816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:2780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:4800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:2360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:4700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:3704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:3796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:1072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:1748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:2848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:3092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:3296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:2284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:1584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:1924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:3528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:1784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:3184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:3860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:4900

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:2124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:2864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:5004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:1448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:3800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:2980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:4660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
- Checks processor information in registry
PID:3580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
1⤵
PID:1896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml"
2⤵
PID:1392

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

2

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
Filesize
23KB

MD5
cb46565d31d82720f3b0fb70ecb7d5ec

SHA1
8ec49ec11f317a3a7e809cce53e3edd89ffa426e

SHA256
51f5aa751ad2d07ffad7d054957faa084da661b1c82d642260e08907544d3dc0

SHA512
8cc4094bc327f789d8a86965285de98f72e65745243687e5a6f80b106c31d0a3d2cdc3d558f568f07ec5c73459a12e3528efcd14d24ec314c7c534212858644f

Download Submit
C:\Users\Admin\AppData\Local\Temp\FW Review and Complete[Timesheet for Nationsroof_v80093] [ threadQ1m-K-3Hc3W1b-g4UhkhbD0 ].eml
Filesize
25KB

MD5
bd5006c2f8ff0e041329a43fca52a3f9

SHA1
5d9050d3ac220dee62b4eb4e0486356afa670571

SHA256
155ca5bef45b0a5d31d597a67d1df391c106a871d26cd68746557f90db214040

SHA512
da9b3278aafa187a8334b25315c069cda29266f1228d5d49a6b23642d22db8185f44f4d83678ffcc64572db063d07e778776935c2b40f9b3b7c2467838869560

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
Filesize
6KB

MD5
294c5002af416d213ac1e9973dcfbd0e

SHA1
219ee84f4bf5353789abe0822f7cdce14f2b7d61

SHA256
4e790d8431a2e0145a58b137bd5a9e12cb3bfad479c05c3301aee1a5517ec1ef

SHA512
df94285882d6371176a8a6579b8137d9475b1378fa46c01ca345189230a10a1f33d542480d646c10ab40c4ec338f6a5e5075c49185383ca7e8e1baa8fe740748

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
Filesize
6KB

MD5
05000d8be947e1339b1f89659c055bda

SHA1
b0d06374b8350aeca5f6a1cc0bffd76878288d30

SHA256
29a640e71304acb37e79f16cac1655576aa56b1d7f30ed53a0dc467c5ac4a1b2

SHA512
35884b56a57f87ab1b231295a0c33d7eeb4e6727b437fcfca3b352c75a936f77f60d5a2f8b36bafe1119afc16719749b5648752c686b53aa3a9e012f7ccfaa0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
f9457d096071854a5540a17eddf5fcb4

SHA1
5986c389382bb95199cc458f92ae499951b9b21b

SHA256
9b1db4dd3ed8539952ec598d4be39daaf6478ea5a02205948a49dbfae233ed12

SHA512
0f124dd9b9ce2ad0a0d45e20b2c27adb314f462d59d800c667f3685b6de782e2558a630e847978a8a6e373c8943e6cce1955b4921e6462a204e31d0be0c467ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore.jsonlz4
Filesize
1KB

MD5
4d431100519c24a54fec90df57368445

SHA1
a420d237bdcb112896929529af1775e943e35b91

SHA256
219e40e1bc9338c0e0b0882fffd721ccd468ec26aa94c51da272999e205e6471

SHA512
3a7c2835dc98e0a80585442335553eeae37955e28b90afd9501646a35738ff0dafe839af2979fd7e897fe9ed319fda919b5014b636d12ec22217fb2746897a92

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads