8e24500c381c9abb77a1892a68e62f367852ff945e1bcbac379441e4fea772b1

General

Target

0-13.eml
Size

831KB
MD5

6db92808a0b24eb310faf7a5aa440ce6
SHA1

e96bf9b8ef57280a02c9d06a68ea8526c19ba431
SHA256

8e24500c381c9abb77a1892a68e62f367852ff945e1bcbac379441e4fea772b1
SHA512

531524e6ea3df525119d16b97418b9a64a0d2526561b6b251a70e3b8ae24d6d28fb0b9405dbad0232cf59b8260d6505064b361d1871ca85db03494c402f2478f
SSDEEP

24576:qQFbx4Egi43IFPNFnFSiO0DifiQXvohVV77b:aEgiX5v3+c77b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

Processes:

cmd.exe

description ioc process

File opened for modification C:\Users\Admin\AppData\Local\Temp\0-13.eml:OECustomProperty cmd.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

644 OpenWith.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4468 firefox.exe
Token: SeDebugPrivilege 4468 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4468 firefox.exe
4468 firefox.exe
4468 firefox.exe
4468 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4468 firefox.exe
4468 firefox.exe
4468 firefox.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\0-13.eml:OECustomProperty	cmd.exe

description	pid	process
Token: SeDebugPrivilege	4468	firefox.exe
Token: SeDebugPrivilege	4468	firefox.exe

pid	process
4468	firefox.exe
4468	firefox.exe
4468	firefox.exe
4468	firefox.exe

pid	process
4468	firefox.exe
4468	firefox.exe
4468	firefox.exe

Suspicious use of SetWindowsHookEx 35 IoCs

Processes:

OpenWith.exefirefox.exe

pid	process
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
644	OpenWith.exe
4468	firefox.exe
4468	firefox.exe
4468	firefox.exe
4468	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	process	target process
PID 644 wrote to memory of 2508	644	OpenWith.exe	firefox.exe
PID 644 wrote to memory of 2508	644	OpenWith.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 2508 wrote to memory of 4468	2508	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 2236	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 3400	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 3400	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 3400	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 3400	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 3400	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 3400	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 3400	4468	firefox.exe	firefox.exe
PID 4468 wrote to memory of 3400	4468	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\0-13.eml
1⤵
- Modifies registry class
- NTFS ADS
PID:3660

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
2⤵
- Suspicious use of WriteProcessMemory
PID:2508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.0.194720886\77896296" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05ef700b-42d4-4e48-a6b5-cbe4ddf11ad0} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 1852 1c365a0aa58 gpu
4⤵
PID:2236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.1.1121637251\709235503" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6993edc-2d85-4e47-bd2d-3c6760e595c5} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 2428 1c358c8ae58 socket
4⤵
- Checks processor information in registry
PID:3400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.2.242182188\558774841" -childID 1 -isForBrowser -prefsHandle 3276 -prefMapHandle 2828 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f451b768-daa0-44a4-b73c-c7ab6291cd80} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 2932 1c364a8d358 tab
4⤵
PID:2000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.3.1883812825\987518053" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {126d912f-5dcb-4f45-ab9f-d282c56161ef} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 2912 1c36a320258 tab
4⤵
PID:4932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.4.2075545054\785846118" -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5368 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62d5fbf3-7ad1-4094-9920-d94709097759} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 5380 1c36c78a858 tab
4⤵
PID:3568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.5.1984833346\546818373" -childID 4 -isForBrowser -prefsHandle 5608 -prefMapHandle 5604 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f85199f2-0176-4fda-877c-877c2b8a4d70} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 5616 1c36c78a258 tab
4⤵
PID:3004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4468.6.2089506050\2016657992" -childID 5 -isForBrowser -prefsHandle 5408 -prefMapHandle 5380 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28e56d29-50b3-406c-80c5-2fe75b2f0d5b} 4468 "\\.\pipe\gecko-crash-server-pipe.4468" 5508 1c36d0b6e58 tab
4⤵
PID:4616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:2784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:2012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:1776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:2784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:1576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:2480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:2232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:2312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:4948

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:3420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:3532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:4464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
- Checks processor information in registry
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\0-13.eml"
1⤵
PID:2724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\0-13.eml
2⤵
PID:1716

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

2

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp
Filesize
24KB

MD5
2cd1afe040341e698f7bd4ab4563a44a

SHA1
e204dcbb3b1e523b9dc28973535400db78b87150

SHA256
c865c42e88c38f79c369411e320f7558f0eb6d5cb6215ff52c913f2369ea9450

SHA512
0077aab05573842aa14c608f0d7326e636c092f1a344b2019bf2699c046a8436630fdc4b090ae1932f256e930caf8fbf363e9388bb904cafe3c88b622335cecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\0-13.eml
Filesize
831KB

MD5
6db92808a0b24eb310faf7a5aa440ce6

SHA1
e96bf9b8ef57280a02c9d06a68ea8526c19ba431

SHA256
8e24500c381c9abb77a1892a68e62f367852ff945e1bcbac379441e4fea772b1

SHA512
531524e6ea3df525119d16b97418b9a64a0d2526561b6b251a70e3b8ae24d6d28fb0b9405dbad0232cf59b8260d6505064b361d1871ca85db03494c402f2478f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
6KB

MD5
295e827eb17793af97005164915c264c

SHA1
cabaede405b997a0714065d7d0cee5e3d0c113ca

SHA256
168e22d460c1c332afd57fce8506ce513e450d5e54090b0f39069185bf85d214

SHA512
d8bedf0e72d5b0de45a571f2595805a03b2d012512f68d4a6505fec1a30c5fe1b28dcb14a2a6c4487be17557d2e6e96472e1360d8a8af7c7bb77979c6f30b828

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs.js
Filesize
6KB

MD5
717c30201a82627d76734a21d6a9c434

SHA1
13940a170e11afa51fb8858938846bff8f201904

SHA256
421c27a44f9287c6269840e2310fae9ddf85d2cf9a830d99e8b6810be74c4192

SHA512
01d399f8adf39525ca159a7f273d567b887e1841018690a827f4eb49f05403007cf61b5f7948fe7e14285fbc1b09ec5f4d69dd261108d80ffd594f441720f0fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionCheckpoints.json
Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
443b5c6cb66a7e90348c2b76fd3d6d60

SHA1
d8ea5082779d49607380f826251989b48ad6241c

SHA256
64908b83d01e4c363242f22003320104606f4c4a2873c882426b7529dbf8d3ac

SHA512
3a685a4e9bea91392cf1ea4571bcb5e8f9218ec177c802b3820701eab7585f3549e210ae004928d5c6da0ab8e8cb4ddeb42b04e13a648742f72689d3a57c991e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore.jsonlz4
Filesize
1KB

MD5
e2d5e5759edec64ef7b8b90381bd8dcb

SHA1
2da0f5b49aafdd16aa382e2e6d5df2ec1b102c4a

SHA256
bae2a153649efbd388e091bc53f166eee6b22da7a664da22c873db0fc3d011d6

SHA512
33e0d1169328bace81e5e1e93b264b0f9adc2bc2d078b60d3aae3b777688c540fb111ad72fc53e9f904365fba7c3306463f56660ee28f2581667d361d0136821

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads