Malware Analysis Report

2024-09-22 16:23

Sample ID 230407-vlvetahg93
Target Setup.7z
SHA256 f79f9bbe5ca2c6c8c8de470ba425172304e0a90bf96e815e4a6373dd67d0461f
Tags
fickerstealer infostealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f79f9bbe5ca2c6c8c8de470ba425172304e0a90bf96e815e4a6373dd67d0461f

Threat Level: Known bad

The file Setup.7z was found to be: Known bad.

Malicious Activity Summary

fickerstealer infostealer

Fickerstealer

Program crash

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-04-07 17:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-07 17:05

Reported

2023-04-07 17:36

Platform

win10-20230220-es

Max time kernel

378s

Max time network

1593s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

Signatures

Fickerstealer

infostealer fickerstealer

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3584 wrote to memory of 4156 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 688 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 1224

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 1228

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 1264

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 1284

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.0.1499969995\186151439" -parentBuildID 20221007134813 -prefsHandle 1656 -prefMapHandle 1644 -prefsLen 20810 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f16171f-4747-47a6-b808-1dec65daee32} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 1748 27b30b16258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.1.475340824\313060720" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20891 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b6ff4c2-440e-4326-a3c0-e454705e889f} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2104 27b2f70e258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.2.1210833994\1725462956" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2772 -prefsLen 21039 -prefMapSize 232645 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ab021e0-2c06-400a-a7bf-873024dd22c0} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 2748 27b33846458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.3.1998100162\1433338243" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3484 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86059d17-7151-4e88-8975-a75741213e16} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3508 27b24262b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.4.1641499928\522332184" -childID 3 -isForBrowser -prefsHandle 3740 -prefMapHandle 3736 -prefsLen 26484 -prefMapSize 232645 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {221f6b0f-0a18-40d3-b6e8-3225b26476ea} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 3752 27b34de8558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.5.2004052488\154962385" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01fcc3ac-f212-47b4-862a-9f7f05dac4c5} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4884 27b35ec1458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.7.1878961787\150646814" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84f7e9bd-80ae-4b9b-b677-c6f82b51d033} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5216 27b35ec3558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.6.1677866513\1368436970" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9dca36-6280-4441-88b1-3f4ce1aea4c1} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5008 27b35ec1d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.8.1326414893\718888381" -childID 7 -isForBrowser -prefsHandle 5060 -prefMapHandle 2844 -prefsLen 26622 -prefMapSize 232645 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27289fd8-ea5c-4d90-8854-693fc5a9554f} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 4876 27b355c7258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4156.9.1474801399\158791935" -childID 8 -isForBrowser -prefsHandle 5760 -prefMapHandle 5688 -prefsLen 27079 -prefMapSize 232645 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4059d6de-c466-44a6-b3b8-eb7c4f844bbd} 4156 "\\.\pipe\gecko-crash-server-pipe.4156" 5708 27b339d7058 tab

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

Network

Country Destination Domain Proto
RU 91.240.118.51:80 tcp
US 8.8.8.8:53 51.118.240.91.in-addr.arpa udp
US 8.8.8.8:53 52.4.107.13.in-addr.arpa udp
N/A 127.0.0.1:49708 tcp
N/A 127.0.0.1:49714 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 44.236.158.174:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.65.55:443 push.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 150.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 174.158.236.44.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
NL 20.50.201.201:443 tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
BE 8.238.110.126:80 tcp
N/A 127.0.0.1:49950 tcp
US 8.8.8.8:53 44.8.109.52.in-addr.arpa udp
NL 173.223.113.131:443 e13678.dscb.akamaiedge.net tcp
US 8.8.8.8:53 131.113.223.173.in-addr.arpa udp
NL 173.223.113.131:443 e13678.dscb.akamaiedge.net tcp
N/A 127.0.0.1:50372 tcp
N/A 127.0.0.1:50436 tcp
N/A 127.0.0.1:50480 tcp
N/A 127.0.0.1:50522 tcp
N/A 127.0.0.1:50570 tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp

Files

memory/4464-116-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/4464-117-0x0000000002830000-0x0000000002986000-memory.dmp

memory/4464-118-0x0000000000400000-0x00000000005E4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\prefs.js

MD5 cdb5a91b7898f75f98e448e80b41dba6
SHA1 c749651f98e32a2320d2e52fd467fd6217660535
SHA256 ed56bd19352777293cf7195af0fe1412d52e25af6a9a8e2bb04e3e32056556dc
SHA512 b99bca03a398f7e068691852106fe03a90489d1e8230720749c25703e59874765ef706e9e27c9215251372efee84d9c9d0eb636a54e45035d5d2095304fee97b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\oqpbz544.default-release\activity-stream.discovery_stream.json.tmp

MD5 54ddea3cae16280b7aeaa4562632e1fd
SHA1 2b0cb4e2b3d8ed73ae43ffb0c4c822bc5148fcd9
SHA256 58f29e6d54e2767d60181f03ea361ec4ce0ba2bdb32820ca8d52e731428f57db
SHA512 513996e48e5821723b3d1ebe083a674716af2f8badc3cfcd7a766f355a181ee18722ee68b7dad6e456e68dc0298f3a70b64e9ec4df5f54477eff99684d275936

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 16c8db3f0a558fffc770789a5cd70075
SHA1 5a6f439823dfeeea1c1554e1cce6098ddfd312af
SHA256 4a428bcdd752689338bdf7d13054a7645f614c76f79b032031d33c9a3028ddcb
SHA512 da23637189a6d1f01387bd9b7ee618f501a16b467ee8bc627d529b6de6782c2007b8fc83f7fae4f8a20430bfb9ead9c40c7adafb50d6c3febb39e455869c3017

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

MD5 27ca4da1b37525530407e739b44d65ef
SHA1 80631febc3cfcea1db482cb0312748dc7f9ea64f
SHA256 4fb77b04e9f01edb36a87d68f59ccf83ea0726f372c9b4a662d96078fd5b8788
SHA512 b21af98a603be39057a09357c88d1776d188e610d4e59325da973840e8a1518fa78fd6fc43957a30bbf4e59e22fba9d8bad1379aaf9869d876c0369e250c89b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d8d4ffa229d4250bce27b9a585935da4
SHA1 377b132c0d36dcdd82b76a1145fd3c222762a271
SHA256 5fa4720a104c7d8b184cba7e1415a138683f974e257e6a5ac694f7c40fc9f5f9
SHA512 68dfa1ba2cfa51e026438d25563ee5d9442a766b99762e90737bc2cf9d4166a87d81451d9205fd849f6045e1a81f6e8c4f8e53a942d49efcf59450cfe2e9c6bb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionCheckpoints.json.tmp

MD5 2ad4fe43dc84c6adbdfd90aaba12703f
SHA1 28a6c7eff625a2da72b932aa00a63c31234f0e7f
SHA256 ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933
SHA512 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oqpbz544.default-release\sessionstore.jsonlz4

MD5 3742aaf5831df98edf8f4fe1e50d5f62
SHA1 d778b5b5382c13c702f7904ceacaf393d417bf99
SHA256 fcbcf4c22911d41c155d69d20a2d4ef7430cd10f8654ac0581d8ab68be84cbe0
SHA512 77ff2392c18333696c50eefbf28c411f4c97bdc3f62a852e58517eea40b817e210af5d059ea477cccbe77ec30bd2847257f36a58ddf7cd2fa9f3d68e94e21858